Add to Favourites Add to Favourites    Print this Article Print this Article

When enable SPF spam protection in server-wide mail preferences, Postfix stops working

Symptoms:
It is Parallels Plesk Panel version 9 installed and Postfix MTA used.

When switch on SPF spam protection in server-wide mail preferences {Home -> Mail Server Settings -> Switch on SPF spam protection} all incoming mail is rejected with the following error: {4.3.0 Error: queue file write error}.

Out: 220 ns.plesk.tld ESMTP Postfix
In: HELO me.domain.tld
Out: 250-ns.plesk.tld
In: MAIL FROM: mail@sender.tld
Out: 250 2.1.0 Ok
In: RCPT TO: mail@recipient.tld
Out: 250 2.1.5 Ok
In: DATA
Out: 354 End data with .
Out: 451 4.3.0 Error: queue file write error

According to maillog on Plesk server {$PRODUCT_ROOT_D/var/log/maillog} the process hands on "spf filter" and the message does not even come to mail queue.

Feb 17 05:40:22 plesk before-queue[9125]: found handlers entry = '/usr/local/psa/handlers/before-queue/global/10-spf-kQaKxm'
Feb 17 05:40:22 plesk before-queue[9125]: call_handlers: call executable = '/usr/local/psa/handlers/info/10-spf-kQaKxm/executable'
Feb 17 05:40:22 plesk spf filter[9133]: Starting spf filter...
...

Cause:
The problem is caused by not working name servers set in file /etc/resolv.conf.

~# cat /etc/resolv.conf
nameserver 123.123.123.14
nameserver 123.123.123.15
~#

You may test them with domain name parallels.com and command time.
The following output is shown if name server 123.123.123.14 does not function:

~# time host -tTXT parallels.com 123.123.123.14
;; connection timed out; no servers could be reached

real 0m10.006s
user 0m0.000s
sys 0m0.010s
~#

The following output is normal:

~# time host -tTXT parallels.com 123.123.123.12
Using domain server:
Name: 123.123.123.12
Address: 123.123.123.12#53
Aliases:

parallels.com has no TXT record

real 0m0.005s
user 0m0.001s
sys 0m0.003s
~#

SPF handler tries to resolve TXT, A and MX records of sender's domain and hits long pause caused by remote servers, while postfix-queue binary has internal timeout value of 30 seconds. Once this timeout value is reached the message is discarded.

Resolution:
To resolve the problem you need to put working name servers to file /etc/resolve.conf on Plesk server.

Was this answer helpful?

Also Read