Skip to content

bug report: Postfix reject email with valid SPF but unresolvable hostname #3716

Closed as not planned
Closed as not planned
bug report: Postfix reject email with valid SPF but unresolvable hostname#3716
Labels
kind/bug/reportA report about a bugmeta/needs triageThis issue / PR needs checks and verification from maintainers
@BozhanL

Description

@BozhanL
BozhanL
opened on Dec 22, 2023

📝 Preliminary Checks

  • I tried searching for an existing issue and followed the debugging docs advice, but still need assistance.

👀 What Happened?

Postfix reject email with valid SPF but unresolvable hostname.

DNS records

SPF

root@server0:/# dig txt ire.barfoot.co.nz

; <<>> DiG 9.16.44-Debian <<>> txt ire.barfoot.co.nz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29346
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ire.barfoot.co.nz.             IN      TXT

;; ANSWER SECTION:
ire.barfoot.co.nz.      300     IN      TXT     "v=spf1 include:mailgun.org ~all"

;; Query time: 28 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Fri Dec 22 00:42:01 UTC 2023
;; MSG SIZE  rcvd: 90

root@server0:/# dig txt mailgun.org

; <<>> DiG 9.16.44-Debian <<>> txt mailgun.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18055
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mailgun.org.                   IN      TXT

;; ANSWER SECTION:
mailgun.org.            268     IN      TXT     "google-site-verification=FIGVOKZm6lQFDBJaiC2DdwvBy8TInunoGCt-1gnL4PA"
mailgun.org.            268     IN      TXT     "v=spf1 include:_spf.mailgun.org include:_spf.eu.mailgun.org -all"
mailgun.org.            268     IN      TXT     "8f7088gv5932jxw9lwwd1b6ttx2pw2ds"

;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Fri Dec 22 00:42:45 UTC 2023
;; MSG SIZE  rcvd: 243

root@server0:/# dig txt _spf.mailgun.org

; <<>> DiG 9.16.44-Debian <<>> txt _spf.mailgun.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33877
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_spf.mailgun.org.              IN      TXT

;; ANSWER SECTION:
_spf.mailgun.org.       60      IN      TXT     "v=spf1 ip4:209.61.151.0/24 ip4:166.78.68.0/22 ip4:198.61.254.0/23 ip4:192.237.158.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:146.20.113.0/24 ip4:146.20.191.0/24 ip4:159.135.224.0/20 ip4:69.72.32.0/20" " ip4:104.130.122.0/23 ip4:146.20.112.0/26 ip4:161.38.192.0/20 ip4:143.55.224.0/21 ip4:143.55.232.0/22 ip4:159.112.240.0/20 ip4:198.244.48.0/20 ip4:204.220.160.0/20 ~all"

;; Query time: 160 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Fri Dec 22 00:45:31 UTC 2023
;; MSG SIZE  rcvd: 432

A & AAAA

root@server0:/# dig a ire.barfoot.co.nz

; <<>> DiG 9.16.44-Debian <<>> a ire.barfoot.co.nz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61422
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ire.barfoot.co.nz.             IN      A

;; AUTHORITY SECTION:
barfoot.co.nz.          1074    IN      SOA     george.ns.cloudflare.com. dns.cloudflare.com. 2328629896 10000 2400 604800 1800

;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Fri Dec 22 00:54:07 UTC 2023
;; MSG SIZE  rcvd: 110

root@server0:/# dig aaaa ire.barfoot.co.nz

; <<>> DiG 9.16.44-Debian <<>> aaaa ire.barfoot.co.nz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8178
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ire.barfoot.co.nz.             IN      AAAA

;; AUTHORITY SECTION:
barfoot.co.nz.          1800    IN      SOA     george.ns.cloudflare.com. dns.cloudflare.com. 2328629896 10000 2400 604800 1800

;; Query time: 56 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Fri Dec 22 00:54:35 UTC 2023
;; MSG SIZE  rcvd: 110

MX

root@server0:/# dig mx ire.barfoot.co.nz

; <<>> DiG 9.16.44-Debian <<>> mx ire.barfoot.co.nz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47845
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ire.barfoot.co.nz.             IN      MX

;; AUTHORITY SECTION:
barfoot.co.nz.          1800    IN      SOA     george.ns.cloudflare.com. dns.cloudflare.com. 2328629896 10000 2400 604800 1800

;; Query time: 20 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Fri Dec 22 01:09:10 UTC 2023
;; MSG SIZE  rcvd: 110

👟 Reproduction Steps

No response

🐋 DMS Version

v13.0.1

💻 Operating System and Architecture

Linux 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 unknown unknown GNU/Linux

⚙️ Container configuration files

No response

📜 Relevant log output

Dec 10 21:36:47 server0 postfix/smtpd[1122872]: connect from rs238.mailgun.us[209.61.151.238]
Dec 10 21:36:49 server0 postfix/smtpd[1122872]: Anonymous TLS connection established from rs238.mailgun.us[209.61.151.238]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
Dec 10 21:36:49 server0 postfix/smtpd[1122872]: NOQUEUE: reject: RCPT from rs238.mailgun.us[209.61.151.238]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<rs238.mailgun.us>
Dec 10 21:36:49 server0 postfix/smtpd[1122872]: disconnect from rs238.mailgun.us[209.61.151.238] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

Improvements to this form?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bug/reportA report about a bugmeta/needs triageThis issue / PR needs checks and verification from maintainers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions