Qmail and SPF problem. Getting REJECT messages.

[GustavoO]

Hello!

I dont know exactly what happened but the point is:

I got a /usr/local/psa/handlers/spool/ dir at 100% of use, with mails older than 2 months.

So, i've managed to solve this problem, removing old mail files manually.

After that, i started getting SPF Reject messages every time, when trying to receive e-mails...

The strange is that it was working normally before it all happened, using the same rule for SPF.

The SPF rule set is: "Reject if not resolve to pass.".

Is it normal that lots of email get rejected because of this rule even if before it never happened?

How can i know if there's something wrong?

Maillog tells me that about spf:

Sep 4 11:14:37 qx01 spf filter[26048]: Error code: (2) Could not find a valid SPF record


Thanks in advance...

 

[abezborodova]

Could you please specify if messages are delivered correctly when SPF was disabled? If mail service works normally I recommend to change SPF checking mode to Only create Received-SPF headers, never block. You may change through Home -> Mail Server Settings: Switch on SPF spam protection: SPF checking mode

The notification "Error code: (2) Could not find a valid SPF record" means that sending domain does not have valid SPF record in DNS. In this case SPF local rules are not applied.

Refer to this article for details about notifications from "spf filter": http://kb.odin.com/en/6051

 

[GustavoO]

Hi! Thanks for the answer...

Yes, the server receives mail normally when SPF is disabled. But is there any reason why it stopped working?
Can i check if SPF is configured correctly and also if it can check the domains as it should?


Thanks!

 

[trialotto]

Qmail and SPF setup

Hi! Thanks for the answer...

Yes, the server receives mail normally when SPF is disabled. But is there any reason why it stopped working?
Can i check if SPF is configured correctly and also if it can check the domains as it should?


Thanks!

In response to the above.....

More detailed information about setting up SPF filtering (and the pitfalls that might exist) will be given shortly in my thread:

http://forum.parallels.com/showthread.php?t=94593

Look at that, for further information!

At this moment, i am rather curious about the exact nature of your problem. Two questions arise:

- is the "Error code: (2) Could not find a valid SPF record" notification related to mail coming from your server or mail coming from external mail servers? The solution of your problem then differs. I will explain more in my thread.

- even with the error code present and given your settings (reject if not pass), the mail should not be rejected if your spf guess rules are defined properly. So what are those spf guess settings?

As a final remark, I will also give some links to SPF tools, for setting up and checking SPF records properly.

FINAL HINT:
In order to prevent important emails from being rejected, you could assign them to a white list for the time being. The white list in question is the white list for grey listing, since this is shared by spamassassing and the grey listing filter.

Steps to take:
1 - Enable server-wide grey listing (via the server settings)
2 - Open a command line (SSH) and issue the command:

/usr/psa/local/bin/grey_listing -u -whitelist add: <allowedMailname1>@<allowedDomain>.tld, <allowedMailname2>@<allowedDomain>.tld, [add more mailnames if you want]

Note: if you want to allow all mailaddresses from one domain just replace <allowedMailname1>@<allowedDomain>.tld with *@<allowedDomain>.tld

3 - Check the greylisting setup with the command /usr/psa/local/bin/grey_listing -i
4 - restart qmail with the command: service qmail restart

Note: if spam filter is still giving some annoying notifications, be aware that they cannot do harm and that they only annoy you. This can be resolved (if desired) by just disabling server-wide spam filtering (not advised).