0

I'm trying to get my email server up and running. www.mail-tester.com gives me a score of 10 out of 10, but the problem is a SPF record SOFTFAIL. My SPF record is:

v=spf1 mx ~all

In my /etc/postfix/main.cf I have:

myhostname = mail.my-hostname.com
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    reject_unauth_destination,
    check_policy_service unix:private/policyd-spf

In my /etc/postfix/master.cf:

policyd-spf  unix  -       n       n       -       0       spawn
    user=policyd-spf argv=/usr/bin/policyd-spf

What can I do?

tuxerri
  • 11
  • 2
  • 1
    Your policyd-spf has nothing to do with _sending_ mail, it only validates received mail. What IP addresses do you have for your MX entries, and what IP address is your server actually sending mail from? – u1686_grawity May 16 '23 at 10:55
  • The name in my MX record is: my-hostname.com The content is: smtp.my-hostname.com without IP address. – tuxerri May 16 '23 at 11:02
  • If the IP that smtp.my-hostname.com resolves to is used for sending and receiving of email, you should be good. The SPF record is used to tell the receiving server which IP addresses should be trusted for email from you domain. The `~all` indicates a soft fail for all IP addresses that are not listed in the prior part of your SPF record. – Reinto May 16 '23 at 11:07
  • What addresses does "smtp.my-hostname.com" resolve to? What IP address is being used by the SMTP server to send mail? – u1686_grawity May 16 '23 at 11:10
  • smtp.my-hostname.com resolve correctly to my ip address, which is used by my server. I do not know why spamscore.net sees a SPF record FAIL – tuxerri May 16 '23 at 11:15
  • Usually because the address is not in fact being used by your server. Is it only spamscore.net that gives you the failure? (As far as I can tell, spamscore.net is completely broken and thinks that all messages are delivered by 127.0.0.1 regardless of the real sender.) What "Received:" header does the system report upon receiving your message? – u1686_grawity May 16 '23 at 11:20
  • Received-SPF: softfail (google.com: domain of transitioning user@my-domain.com does not designate xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx as permitted sender) client-ip=xxxx:xx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx; – tuxerri May 16 '23 at 11:30
  • @user1686: I don't have modified the PTR record / contacted my ISP for the edit. Is that a problem? – tuxerri May 16 '23 at 12:36

0 Answers0