Why does my postfix reject mail with a spf hardfail even though spf DNs record is set to softfail?

Big X

11/8/22, 1:57 PM

The log output I get is the following:

"Jul  7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected
due to: SPF fail - not authorized. Please see 
http://www.openspf.net/Why?s=mfrom;[email protected];ip=<IP>;r=<UNKNOWN>
Jul  7 11:23:46 mail postfix/smtpd[19773]: NOQUEUE: reject: RCPT from
remotemailserver.de[IP]: 550 5.7.23 <[email protected]>:
Recipient address rejected: Message rejected due to: SPF fail - not
authorized. Please see http://www.openspf.net/Why?s=mfrom;[email protected]
;ip=<IP>;r=<UNKNOWN>;; from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<remotemailserver.de>"

My policyd-spf.conf looks as follows:

#  For a fully commented sample config file see policyd-spf.conf.commented

debugLevel = 1 
TestOnly = 1

HELO_reject = Fail
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

The spf DNS record for remotemailserver.de looks as follows:

subdomain.remotemailserver.de.   508     IN      TXT     "v=spf1 include:_spf.remotemailserver.de ~all"

I am by far no postfix expert, but according to https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html setting HELO_reject and Mail_From_reject to Fail should not hardfail an incoming mail on ~all spf records.

Where am I wrong?

405

1 + 0

email-server

spf

Score:1

Server

Big X

11/8/22, 2:12 PM

This was actually a misconception on my side. I assumed that the sfp entry of remotemailserver.de is checked. But it is the mail server of the FROM field which is checked.

In this case the sfp records of gmx.net is a -all record which means I get a hardfail (correctly).

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why does my postfix reject mail with a spf hardfail even though spf DNs record is set to softfail?

TH: เหตุใด postfix ของฉันจึงปฏิเสธเมลด้วย spf hardfail แม้ว่าบันทึก spf DNs จะถูกตั้งค่าเป็น softfail

RO: De ce postfixul meu respinge e-mailurile cu un spf hardfail, chiar dacă înregistrarea DN-urilor spf este setată la softfail?

RU: Почему мой postfix отклоняет почту с ошибкой spf hardfail, хотя для записи DN spf установлено значение softfail?

VI: Tại sao hậu tố của tôi từ chối thư có spf hardfail mặc dù bản ghi spf DNs được đặt thành softfail?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.