Issue multiple emails generated when spf=temperror

[SolisInfotech]

I've got a number of domains that are having email issues with emails that have an spf=temperror status.

So, emails from several companies e.g. NatWest in the UK are being received ONCE (and only once according to logs) by the server, but are being duplicated in the users mail box.
All the emails that have this problem have the same spf result of spf=temperror so i'm guessing the mail system is re-trying to validate the spf every few minutes, and re-creating the email???.

today, ive had an email pop into my inbox over 50 times, once every couple of minutes. last week,a similar set of emails was being received once every 50 minutes, a few weeks ago, duplicates were once every 20 minutes or so.

same is happening on imap and pop clients. its happening for several of my users on totally different domains.

there are no client side rules running, no forwarding, no aliases.

any ideas?

here is an example header:

Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
xxxxxxxxxxxxxxxxxxxxxx
X-Spam-Level:
X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0
X-Original-To: xxxx@xxxxxxxxxxxxxxxxx
Delivered-To: xxxx@xxxxxxxxxxxxxxxxx
Received: from r207.p69.neolane.net (r207.notifications.natwest.com [130.248.154.207])
by xxxxxxxxxxxxxxxxx (Postfix) with ESMTP id 062E8100FA475
for < xxxx@xxxxxxxxxxxxxxxxx>; Tue, 17 Mar 2020 18:25:19 +0000 (GMT)
Authentication-Results: xxxxxxxxxxxxxxxxx;
dmarc=none (p=NONE sp=NONE) smtp.from=notifications.natwest.com header.from=communications.natwest.com;
dkim=pass header.d=communications.natwest.com;
spf=temperror (sender IP is 130.248.154.207) smtp.mailfrom=[email protected] smtp.helo=r207.p69.neolane.net
Received-SPF: none (xxxxxxxxxxxxxxxxxxx: no valid SPF record)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
s=neolane;
d=communications.natwest.com;
h=domainkey-signature:from:date:subject:to:reply-to:mime-version:x-mailer:message-id:content-type;
bh=cEd+mArAdKrx7mbNqRbBdHt1zdrgCQdwmbeekZzOoRo=;
b=YaHs44a9rYSu+mCab6Ccv5oIdvrLjlnUsy8dD+7YIlgJn1GpclYctUSfFBWpHcGZ7eTMmT0wP6rgVgxtyMAJqPZf6gysSxneG8PShCgZuJHzxSAv9GWloevTITNUEgjw4yzpTuiYu/OW0UxPY5OKrXcsgvFgHBqFlMeFYXttlkM=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns;
s=neolane;
d=communications.natwest.com;
h=Fromate:Subject:To:Reply-To:MIME-Version:X-mailer:Message-ID:Content-Type;

 

[SolisInfotech]

Still happening. no-one else?

 

[y_berlin]

We have the exact same problem since the beginning of july. In our case it seems to primarily affect eMail aliases. Mainly we had problems with eMails from Amazon or eBay that are being handled via an alias of our main eMail-address. These mails are being duplicated up to 10-15 times. We also can see the "spf=temperror"-flag in the message-source:

spf=temperror (sender IP is 54.240.1.50) smtp.mailfrom=rte+ne-null-b1cb1a02606133tr3xk3zldfrr@sellernotifications.amazon.com smtp.helo=a1-50.smtp-out.eu-west-1.amazonses.com
Received-SPF: none (server.*******.de: no valid SPF record)

We are currently running the following Plesk/OS combination:

CentOS Linux 7.8.2003 (Core)‬
Plesk Onyx 17.8.11 Update Nr. 88

SPF/DKIM etc otherwise work flawlessly.

Did you solve this problem in any kind of way? Anybody else having any ideas or similar problems?

 

[y_berlin]

Short update: we got deeper into the matter and found out that our problem was connected to nameservers that became suddenly unresponsive and needed to be replaced for our domain.