1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Qmail and SPF problem. Getting REJECT messages.

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by GustavoO, Sep 4, 2009.

  1. GustavoO

    GustavoO Guest

    0
     
    Hello!

    I dont know exactly what happened but the point is:

    I got a /usr/local/psa/handlers/spool/ dir at 100% of use, with mails older than 2 months.

    So, i've managed to solve this problem, removing old mail files manually.

    After that, i started getting SPF Reject messages every time, when trying to receive e-mails...

    The strange is that it was working normally before it all happened, using the same rule for SPF.

    The SPF rule set is: "Reject if not resolve to pass.".

    Is it normal that lots of email get rejected because of this rule even if before it never happened?

    How can i know if there's something wrong?

    Maillog tells me that about spf:

    Sep 4 11:14:37 qx01 spf filter[26048]: Error code: (2) Could not find a valid SPF record


    Thanks in advance...
     
  2. abezborodova

    abezborodova Guest

    0
     
    Could you please specify if messages are delivered correctly when SPF was disabled? If mail service works normally I recommend to change SPF checking mode to Only create Received-SPF headers, never block. You may change through Home -> Mail Server Settings: Switch on SPF spam protection: SPF checking mode

    The notification "Error code: (2) Could not find a valid SPF record" means that sending domain does not have valid SPF record in DNS. In this case SPF local rules are not applied.

    Refer to this article for details about notifications from "spf filter": http://kb.odin.com/en/6051
     
  3. GustavoO

    GustavoO Guest

    0
     
    Hi! Thanks for the answer...

    Yes, the server receives mail normally when SPF is disabled. But is there any reason why it stopped working?
    Can i check if SPF is configured correctly and also if it can check the domains as it should?


    Thanks!
     
  4. trialotto

    trialotto Golden Pleskian Plesk Guru

    37
     
    Joined:
    Sep 28, 2009
    Messages:
    1,436
    Likes Received:
    206
    Qmail and SPF setup

    In response to the above.....

    More detailed information about setting up SPF filtering (and the pitfalls that might exist) will be given shortly in my thread:

    http://forum.parallels.com/showthread.php?t=94593

    Look at that, for further information!

    At this moment, i am rather curious about the exact nature of your problem. Two questions arise:

    - is the "Error code: (2) Could not find a valid SPF record" notification related to mail coming from your server or mail coming from external mail servers? The solution of your problem then differs. I will explain more in my thread.

    - even with the error code present and given your settings (reject if not pass), the mail should not be rejected if your spf guess rules are defined properly. So what are those spf guess settings?

    As a final remark, I will also give some links to SPF tools, for setting up and checking SPF records properly.

    FINAL HINT:
    In order to prevent important emails from being rejected, you could assign them to a white list for the time being. The white list in question is the white list for grey listing, since this is shared by spamassassing and the grey listing filter.

    Steps to take:
    1 - Enable server-wide grey listing (via the server settings)
    2 - Open a command line (SSH) and issue the command:

    /usr/psa/local/bin/grey_listing -u -whitelist add: <allowedMailname1>@<allowedDomain>.tld, <allowedMailname2>@<allowedDomain>.tld, [add more mailnames if you want]

    Note: if you want to allow all mailaddresses from one domain just replace <allowedMailname1>@<allowedDomain>.tld with *@<allowedDomain>.tld

    3 - Check the greylisting setup with the command /usr/psa/local/bin/grey_listing -i
    4 - restart qmail with the command: service qmail restart

    Note: if spam filter is still giving some annoying notifications, be aware that they cannot do harm and that they only annoy you. This can be resolved (if desired) by just disabling server-wide spam filtering (not advised).
     
Loading...