Qmail SMTP Error 554 mail server permanently rejected message (#5.3.0)

[hgmichna]

This is Plesk 9.0 on SuSE Linux 10.1.

It took me and my co-admin a number of hours to nail down a nearly intractable error we had after upgrading from Plesk 8.6 to 9.0. Users of certain domains could no longer send any email.

It turned out that apparently all users whose domains have no SPF records could no longer send any mail at all.

Our current workaround is to change the SPF checking to the SPF checking mode: Only create Received-SPF headers, never block.

Does Parallels/Plesk have a defect-tracking system that I can use to enter this defect? No black holes, please; I report defects only when I can expect quick feedback indicating that the defect description has been received and understood.

Hans-Georg

 

[AitorCalvo]

I detected the same problem in my server

I resolve it creating the TXT DNS record for SPF in every domains of my server (a really hard work). I detect other problem in plesk 9, if you have mail accounts protected with Dr.Web and you deactivate the use of the DrWeb and stop the daemon or uinstall it this accounts cant attach files to email messages because qmail try scan the attachment with Dr.web (the configuration of the accounts is not updated when you disable the use of DrWeb).

 

[BoiseComputer]

A quick way to do what you did....

mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "select dns_zone_id,displayHost from dns_recs GROUP BY dns_zone_id ORDER BY dns_zone_id ASC;" | awk '{print "INSERT INTO dns_recs (type,host,val,time_stamp,dns_zone_id,displayHost,displayVal) VALUES ('\''TXT'\'','\''"$2"'\'','\''v=spf1 a mx ~all'\'',NOW(),"$1",'\''"$2"'\'','\''v=spf1 a mx ~all'\'');"}' | mysql -u admin -p`cat /etc/psa/.psa.shadow` psa

Then you’ll need to make Plesk write these changes to the zone files:

mysql -Ns -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e 'select name from domains' | awk '{print "/usr/local/psa/admin/sbin/dnsmng update " $1 }' | sh

You can check your work by viewing the new entries you made:

mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "SELECT * FROM dns_recs WHERE type='TXT';"

I originally got this code from www.RackerHacker.com <--- A great site.

 

[BoiseComputer]

Ok.. Came up with this one on my own. I'm not great with MySQL commands but try this.

mysql -u admin -p`cat /etc/psa/.psa.shadow` psa -e "UPDATE mail SET virusfilter = 'none' WHERE postbox = 'true';"

This should go and set the virusfilter section in the database to none. If I am incorrect let me know.

 

[AitorCalvo]

Really good job but it only works if you don't have active domainkeys. If you have domainkeys active the TXT record created is _domainkey.domainname.com. and it must be only domainname.com.

 

[247trader]

Really good job but it only works if you don't have active domainkeys. If you have domainkeys active the TXT record created is _domainkey.domainname.com. and it must be only domainname.com.

One thing you guys should know that I have discovered is that if you tell plesk to verify incoming mail via spf you will not receive some mail at all. Turn that function off and spf will function correctly.

 

[BoiseComputer]

I've always had mine set at "Only create Received-SPF headers, never block" and have "include:spf.trusted-forwarder.org" in the SPF local rules. This seems to work for me. I also have set "sbl-xbl.spamhaus.org;combined.njabl.org" in the DNS zones for DNSBL service with decent success. Under DomainKeys spam protection I have always had it set to Allow signing outgoing mail but never verify incoming mail. It seems to block a lot of e-mails when that is checked.

 

[Brujo]

I belive the spf filter dos not work as he should even if you have "Only create Received-SPF headers, never block" it will produce errors in the logs anyway. I already used the fixed Version and checked my guess rules...

Dec 10 22:20:11 eagolit spf filter[28600]: Starting spf filter...
Dec 10 22:20:11 eagolit spf filter[28600]: Error code: (2) Could not find a valid SPF record
Dec 10 22:20:11 eagolit spf filter[28600]: Failed to query guess rules: Could not find a valid SPF record near 'a/24 mx/24 p'
Dec 10 22:20:11 eagolit spf filter[28600]: Error code: (2) Could not find a valid SPF record
Dec 10 22:20:11 eagolit spf filter[28600]: Failed to query MAIL-FROM: No DNS data for 'xyz.de'.
Dec 10 22:20:11 eagolit spf filter[28600]: SPF result: none
Dec 10 22:20:11 eagolit spf filter[28600]: SPF status: PASS