Mail Reception Issues

First some background, Sender Policy Framework or SPF is a framework that allows a domain to specify which mail servers mail for it may legitimately originate from. These are encoded in a DNS TXT record.

Systemd is a super daemon that replaces init xinetd, and also part of the dns service.  It does so in a manner that is, like most Poettering projects, it kind of works some of the time.  It fails with some TXT records breaking SPF.

Here is an example of retrieving a TXT record using nslookup with systemd-resolver:

set type=txt
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.
;; Connection to for failed: connection refused.

To fix this problem, I have disabled the systemd resolver and gone back to using bind, the standard DNS resolver as a caching server.  Now the results:

> set type=txt
;; Truncated, retrying in TCP mode.

Non-authoritative answer: text = "globalsign-domain-verification=MT3LmRzGYPgORWLlSBkPpAUpBDH9kl8xxYmB6FjtjY" text = "MS=ms90241053" text = "v=spf1 mx ip4: ip4: ip4: ip4: -all" text = "GxIV1cqmXdB1Jl1Qd1LgJyBAd8k4QEnQL4LZpSZS+yu/noX6ra5XpJepHvcohGGfvfnrn9N3bukOSw71brafNA==" text = "globalsign-domain-verification=pyR6ci6IB7uVAxLPZN5Z7_imdnvGJLhXCcmfs8v5RP" text = "adobe-idp-site-verification=ffdbe896-53c0-4f83-ad01-0ec20ef0833d"

     This should correct the problem of mail being rejected with an SPF failure even though it arrived from a legitimate SPF specified server.

Leave a Reply