Linux and Nagios‎ > ‎

Postfix SPF Error postfix-policyd-spf-perl SERVFAIL Workaround

posted 27 Sep 2011, 03:34 by Tristan Self
We had an interesting one with Postfix, we were recieving mail fine from all other domains. Then one domain (in this case domain.co.uk) started not to get through, no changes had been made at our end.

What was happening was that their domain.co.uk nameservers were not reporting TXT records properly, rather than reporting nothing or an SPF record we were getting a "SERVFAIL", the postfix spf script we used then started to block all mail with a temporary error 450.
 
Obviously they needed to fix their domain, but to workaround I did the below:
Error
 
Sep 27 09:02:20 oakmail postfix/policy-spf[6114]: : Policy action=DEFER_IF_PERMIT SPF-Result=domain.co.uk: 'SERVFAIL' error on DNS 'SPF' lookup of 'domain.co.uk'
Sep 27 09:02:20 oakmail postfix/smtpd[6102]: NOQUEUE: reject: RCPT from mail.domain.co.uk[212.212.212.212]: 450 4.7.1 email@theaddress.co.uk: Recipient address rejected: SPF-Result=domain.co.uk: 'SERVFAIL' error on DNS 'SPF' lookup of 'domain.co.uk'; from=sender@domain.co.uk to=email@theaddress.co.uk proto=ESMTP helo=<mail.domain.co.uk>
 
Workaround
 
Edited the /usr/share/perl5/Mail/SPF/Server.pm file on the server, and then found this line:
 

$packet->header->rcode =~ /^(NOERROR|NXDOMAIN)$/

And changed it to:

$packet->header->rcode =~ /^(NOERROR|NXDOMAIN|SERVFAIL)$/

Once done restart the postfix service, then when the sender tried again the messages came through fine. Basically it changed the SERVFAIL from a temporary error to a just ignore and pass the mail anyway type issue.

 
Comments