After searching for a while and reading a lot of examples, cases and/or answer on Google and Stackoverflow, I didn't find a solution for my problem. I'm more and more confused with the notion of SPF and relay, so I'm asking my question here hoping to receive a proper answer and understand once for ever !
In summary :
My goal is that all the emails of the new website (XXXX[AT]exampleB.com) have to be sent & received using the main server.
Knowing that the mainserver has to send the emails of exampleB.com, I modified the SPF entry of exampleB.com to allow the main server to send emails of exampleB.com.
The mails are sent OK and I receive the emails OK, but when I look the original sources of email in Gmail :
Return-Path: <root@FQDN_NEW_SERVER>
Received: from mail.exampleA.com (FQDN_MAIN_SERVER [IP_MAIN_SERVER])
by mx.google.com with ESMTPS id f64si6392532wma.52.2016.05.20.04.59.06
for <xxxxxxx@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 20 May 2016 04:59:06 -0700 (PDT)
Received-SPF: neutral (google.com: IP_MAIN_SERVER is neither permitted nor denied by best guess record for domain of root@FQDN NEW SERVER) client-ip=IP MAIN SERVER;
Authentication-Results: mx.google.com;
spf=neutral (google.com: IP MAIN SERVER is neither permitted nor denied by best guess record for domain of root@FQDN NEW SERVER) smtp.mailfrom=root@IP MAIN SERVER
Received: from FQDN NEW SERVER (REVERSEDNS_NEW_SERVER [IP_NEW_SERVER])
by mail.exampleA.com (Postfix) with ESMTPA id 67C8C60421;
Fri, 20 May 2016 13:59:06 +0200 (CEST)
Received: by FQDN_NEW_SERVER (Postfix, from userid 0)
id A1949A07AB; Fri, 20 May 2016 13:58:57 +0200 (CEST)
I'm getting more and more confused which SPF I have to modify, and which MX is pointing to who..
Edit : It seems that I have a connection timed out when my main server tries to connect to my new server on port 25, but with telnet it seems ok..
Edit2 : I know that my DNS and my Reverse DNS are not the same.. My server is an instance in a public cloud, and I can't change my reverse since it's configured in the virtual router.
Edit3 : I have this error in the main server postfix logs :
May 20 16:25:40 ns33rgdrg4 postfix/smtpd[2956]: NOQUEUE: reject_warning: RCPT from csikxdqzdqzdqzdqzdqzress.com[IP_NEW_SERV]: 450 4.1.7 <root@FQDN_NEW_SERVER>: Sender address rejected: unverified address: connect to FQDN_NEW_SERV[IP_NEW_SERV]:25: Connection timed out; from=<root@FQDN_NEW_SERV> to=<myownmail@owndomain.com> proto=ESMTP helo=<FQDN_NEW_SERV>
Here is the current configuration of servers :
Dovecot + Postfix configured
Domain : exampleA.com
DNS :
- exampleA.com. MX mail.exampleA.com
- mail.exampleA.com A IP_MAIN_SERVER
- exampleA.com. SPF "v=spf1 a mx ptr include:spf4.newsletterpartner.net ~all"
Postfix installed, normally why relayhost = mail.exampleA.com
Domain : exampleB.com
DNS :
- exampleB.com. MX mail.exampleA.com
- exampleB.com. SPF "v=spf1 mx:mail.exampleA.com mx:exampleA.com include:mail.exampleA.com include:exampleA.com ~all"
The MX of my new domain is pointing to the MX of my main server (I don't know if it is the good thing to do)
Here is the a part of the new server /etc/postfix/main.cf :
myhostname = FQDN_NEW_SERVER
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
relayhost = mail.exampleA.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
We can see that the new server has his postfix relayhost pointing to the MX of my mainserver.
I don't know if the MX of my new server has to point to himself (knowing that its own postfix has a relayhost configured), or if it has to be configured directly to the main server which will send the emails.
NB : I have this error : No SPF records found for mail.exampleA.com when I check with a website looking for MX and SPF, but exampleA.com has a MX, not mail.exampleA.com
It's driving me crazy for days now... Thanks in advance for your little helps guys :)
Regards,
Julien Q.
Ok I think it is finally solved thanks to you @henry !
In the file /etc/postfix/main.cf, myorigin was /etc/mailname, which was my FQDN.
Since Google was checking, as he says, a "record for domain of root@FQDN_NEW_SERVER", I though he had to check root@DOMAIN, and not FQDN. Google was also saying "IP_MAIN_SERVER is neither permitted nor denied by guest" so instead of putting the MX main server in my new server SPF, I put the main server IP in IPV4.
I changed myorigin from FQDN_NEW_SERVER to DOMAIN_NEW_SERVER instead, and specified my relayhost IPV4 in my new server SPF. After checking with your method AND gmail, everything seems OK now !
So here is the final configuration of my infrastructure.
Dovecot + Postfix configured
Domain : exampleA.com
DNS :
- exampleA.com. MX mail.exampleA.com
- mail.exampleA.com A IP_MAIN_SERVER
- exampleA.com. SPF "v=spf1 a mx ptr include:spf4.newsletterpartner.net ~all"
Domain : exampleB.com
DNS :
- exampleB.com. MX mail.exampleA.com
- exampleB.com. SPF "v=spf1 ip4:IP_MAIN_SERVER -all"
myhostname = FQDN_NEW_SERVER
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname <-- OLD CONF with FQDN_NEW_SERVER in
myorigin = exampleB.com
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
relayhost = mail.exampleA.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
Received: from MX_MAIN_SERVER (FQDN_MAIN_SERVER [IP_MAIN_SERVER])
by mx.google.com with ESMTPS id s5si18916426wme.105.2016.05.16.02.06.09
for <FROM_EMAIL_ADDRESS>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 16 May 2016 02:06:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of RECEIVER_EMAIL_ADDRESS designates IP_MAIN_SERVER as permitted sender) client-ip=IP_MAIN_SERVER;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of RECEIVER_EMAIL_ADDRESS designates IP_MAIN_SERVER as permitted sender) smtp.mailfrom=FROM_EMAIL_ADDRESS
Hoping it can help someone else than me.
Thanks again guys !
Julien Q.