pypolicyd-spf

How to white list a broken SPF record

Asked by James B. Byrne

The Liquor Control Board of Ontario (LCBO), the Provincial Government ethanol distribution monopoly , has a corrupted SPF DNS TXT RR as shown below.

lcbo.com. 300 IN TXT "v=spf1 include:frontlinesvc.com~all"

Note the lack of a space between the ~all tag and the preceding include tag. In consequence we are getting PERMFAILS for all mail arriving from this source:

postfix-p25/smtpd[29658]: NOQUEUE: reject: RCPT from mx2.lcbo.com[24.114.251.130]: 550 5.7.1 <email address hidden>: Recipient address rejected: Message rejected due to: SPF Permanent Error: Invalid domain found (use FQDN): frontlinesvc.com~all. Please see http://www.openspf.net/Why?s=helo;id=lcbo.com;ip=24.114.251.130;<email address hidden>; from=<email address hidden> to=<email address hidden> proto=ESMTP helo=<lcbo.com>

We already have this domain whitelisted in policyd-spf.conf:

Domain_Whitelist = bellnexxia.net, lcbo.com

And still the error occurs. How to we let this mail source through policyd? We have been at them for a month or more to get their RR fixed or removed so that solution is not a useful suggestion.

Question information

Language:
English Edit question
Status:
Answered
For:
pypolicyd-spf Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Scott Kitterman (kitterman) said : 		#1

Try it without the space after the comma.

Revision history for this message
James B. Byrne (byrnejb) said : 		#2

I added the MX servers for this domain to the whitelisted IPv4 addresses already. I have also removed the extraneous space.

Revision history for this message
James B. Byrne (byrnejb) said : 		#3

BTW. Would enclosing the argument list inside "" make a difference?

Domain_Whitelist = "bellnexxia.net, lcbo.com"

And if the number of whitelisted addresses or domains becomes excessively long how is this handled?

Can you help with this problem?

Provide an answer of your own, or ask James B. Byrne for more information if necessary.

To post a message you must log in.