Bug #16121: Migrate our Schleuder lists outside of boum.org
SPF issue while sending mail to lists hosted by puscii
I just noticed that a mail I sent a few days ago was refused with a SPF error :
<xxxxxxxxxxx>: host needa.puscii.nl[22.214.171.124] said: 550
5.7.23 <firstname.lastname@example.org>: Recipient address rejected: Message
rejected due to: SPF fail - not authorized. Please see
(in reply to RCPT TO command)
Apparently, the IP which was checked for SPF was not the original sending IP but one of the boum.org MX: mx10.investici.org.
Can send the full Bounce on request.
[I dare assigning you this bug groente as you seems to have been involved with the recent list hosting change, and putting in a high priority, hope you won't mind ..]
#9 Updated by geb about 1 year ago
A quick and dirty fix could be to:
- Disable SPF checks from mails emitted by boum.org's MX. For example by adding boum.org's MX to my_networks and ensuring permit_mynetworks is in smtp_recipient_restriction before check_policy_service (maybe no ideal as my_networks could be used for other things, dont remind)
- Whitelisting those IPs in SPF.
Both would require boum.org's MX to do SPF checking and so on.