Skip to content

[BUG] SPF fail - openspf.net is no more #2459

Closed
#2503
Closed
[BUG] SPF fail - openspf.net is no more#2459
#2503
Labels
meta/needs triageThis issue / PR needs checks and verification from maintainerspriority/medium
@GoliathLabs

Description

@GoliathLabs
GoliathLabs
opened on Mar 4, 2022

Miscellaneous first checks

  • I checked that all ports are open and not blocked by my ISP / hosting provider.
  • I know that SSL errors are likely the result of a wrong setup on the user side and not caused by DMS itself. I'm confident my setup is correct.

Affected Component(s)

See below

What happened and when does this occur?

Mar  4 21:56:01 mail policyd-spf[463355]: 550 5.7.23 Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom
Mar  4 21:56:01 mail postfix/smtpd[463350]: NOQUEUE: reject: RCPT from unknown[redacted]: 550 5.7.23 <[email protected]>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;r=<UNKNOWN>; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<spammerdomain.org>

What did you expect to happen?

openspf.net is no more (https://graz4u.at/openspf-net-ist-offline/) (German)

We might want to use another service instead? (http://www.open-spf.org/Tools/)

How do we replicate the issue?

Add header_checks.pcre

/^Received-SPF: Fail.*/ REJECT SPF failures are rejected
/^Authentication-Results:.*spf=fail .*/ REJECT SPF failures are rejected

and wait for some server pretending to be somebody else

DMS version

v10.5.0

What operating system is DMS running on?

Linux

What instruction set architecture is DMS running on?

x86_64 / AMD64

What container orchestration tool are you using?

Docker Compose

docker-compose.yml

No response

Relevant log output

Mar  4 21:56:01 mail policyd-spf[463355]: 550 5.7.23 Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom
Mar  4 21:56:01 mail postfix/smtpd[463350]: NOQUEUE: reject: RCPT from unknown[redacted]: 550 5.7.23 <[email protected]>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;r=<UNKNOWN>; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<spammerdomain.org>

Other relevant information

No response

What level of experience do you have with Docker and mail servers?

  • I am inexperienced with docker
  • I am inexperienced with mail servers
  • I am uncomfortable with the CLI

Code of conduct

Improvements to this form?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    meta/needs triageThis issue / PR needs checks and verification from maintainerspriority/medium

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions