1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

HELP - SPF DNS record preventing mail being sent

Discussion in 'Plesk for Linux - 8.x and Older' started by kuhle, Jan 20, 2009.

  1. kuhle

    kuhle Guest

    Can anybody help? I have a domain with a TXT record of
    When trying to send an email to one particular customer, we get it undelivered with teh following message:

    Then I checked SPF and got:
    but the SPF checking tool gives:
    Can anybody tell me what is wrong?
  2. Cameleon

    Cameleon Guest

    I have same issue !
  3. shall

    shall Regular Pleskian

    Apr 2, 2007
    Likes Received:
    Most likely it's actually a problem on their end. If they have their mail echanger server pass the message to another server inside BEFORE testing SPF, it'll fail the SPF test because you're using "-all" - which says "and no other servers are allowed to relay". The relay INSIDE their network is still considered the most recent relay server before SPF testing, so the message is refused.

    Disable SPF (or switch it to "~all") temporarily. Send a new message to the person that you've been trying to reach. It will go through. Have them send you back the FULL HEADERS for the message they received. Check those headers for a relay action after your server hands off the message.

    If it has one, contact their network admin/webmaster directly and see if he can fix his setup - make sure to explain that he's failing to obey the rules of SPF by testing it after a relay.

    If he refuses to cooperate, and you absolutely must reach them by email, leave it as "~all". If he cooperates and fixes the mail server settings, turn it back to "-all".
  4. kuhle

    kuhle Guest

    I resolved this problem. It was not an SPF problem because SPF settings were the same for 2 domains, so we ruled that out.

    In Server > Mail, we had enabled DomainKeys "Verify Incoming Mail". When we disabled that (and I think restarted Qmail and POP/IMAP services), it worked fine. Then we had more Spam coming in. The answer to that was to install spamdyke and that has resolved the problem with us. We do have ASL (Atomic Secured Linux) as server protection, and that is worth every penny that it costs. It also makes the installation of all the programmes rather easier.

    I hope that helps you.