3 Replies Latest reply on Jan 13, 2011 1:24 PM by ijahnke

    error:450:SPF dns error ==>  Connection dropped

      I'm currently facing one issue receiving some messages from a specific domain. Sometimes, the delivery fails due to a 'SPF dns error' causing a dropping connection.

      See below one example. Does someone know what is causing such issue ? Is the problem on my DNS or on the sender Internet DNS ?


      My Ironmail is running 6.7.2 HF3


      Thanks for your help !




      Extract from my Event :

      20110106:10:03:09|22893657642666|10249|Performing TS Lookup -|protocol <RBLDNS> query=<d.aZikcA1A9veZVHcUqkp1CFD4Km6rwcCZ6F1cI8VP2WLD96alUzvdB7PH6f9n.7FSGTfbyU B_zt3r-pajympfvLe69v-NwNM_q8cRmMxemY83HXxgGtp3vBtJE.aKmgdapbAgL5kxeKz-2PU1CYh3sk aHV1ZfmKV2V2mabQ5eLnd4xExby2_eW5.JAdlesj8_EnQk0VeRGQlR3AkARKrH7dX9vWnXUCBzfGiCKT A>|

      20110106:10:03:09|22893657642666|10250|TrustedSource Result - <status:lookup_ip:ipscore:score:dq_status:time> -|<0:>|

      20110106:10:03:09|22893657642666|11014|User - GroupID info -|{'senderaddress@senderdomain': [1], 'recipientaddress@mydomain.com': [18L, 1], 'mydomain.com': [18L, 1], 'senderdomain': [1]}|

      20110106:10:03:09|22893657642666|11015|Group ID - Name -|{1: 'global', 18L: 'MyLdap'}|

      20110106:10:03:09|22893657642666|11023|Applied Policies, Applied Rules: <policies:rules> -|<[7197L]:[233508, 232417, 233545, 233878, 233677, 233514,


      233626, 232827, 233377, 232666, 233788, 233801, 233041, 233391, 234133, 232606, 233043, 232987, 233404, 232323, 232327, 233420, 232624, 233431, 232319]>|

      20110106:10:03:09|22893657642666|11022|Bypass rules triggered for the message - IDs: <msgid:ruleids> -|<133602168:[]>|

      20110106:10:03:09|22893657642666|2306|DKIM Signature not present or invalid.||

      20110106:10:13:40|22893657642666|9731|SenderID Result for PRA MTA Status Explanation: <pra:spfresult0:spfresult1:spfresult2> -|<senderaddress@senderdomain:error:450:SPF dns error>|

      20110106:10:13:40|22893657642666|6664|Message Details ID||FILENAME||FROMADDR||TOADDR|VIPID <msgid:filename:fromaddr:toaddr:vip> -|<133602168:/ct/data/mss/00/13/36/02/168:senderaddress@senderdomain:['recipientaddress@mydomain.com']:0>|

      20110106:10:13:40|22893657642666|6665|Created new Message ID and File <msgid:file> -|<133602168:/ct/data/mss/00/13/36/02/168>|

      20110106:10:13:40|22893657642666|9308|Message information <Source IP:Port:Message ID>||

      20110106:10:13:40|22893657642666|9313|Unable to communicate with client to confirm delivery, message rolled back||

      20110106:10:13:40|22893657642666|9312|Socket communication failed with client. Connection dropped||

      20110106:10:13:40|22893657642666|9234|Processing completed.||


        • 1. Re: error:450:SPF dns error ==>  Connection dropped

          It looks like there was a network timeout because the message failed after 10 minutes (the default timeout). First check and make sure that if the sender has multiple mx records that all of them resolve and none timeout. If the ironmail is set to do reverse mx lookups it will check all mx records listed for a domain to verify the authenticity of the domain.



          so if domain A is sending to you with three different mx records and one does not resolve it would look something like this:



          dig mx a.com


          20 1.a.com.

          30 2.a.com.

          10 a.com.


          dig a.com

          dig 2.a.com

          dig 1.a.com

          ;; connection timed out; no servers could be reached



          Normally you should get a response back that the domain doesnt exist, but in this case the domain doesnt resolve to any ip address. The ironmail will eventually timeout attemtping to resolve 1.a.com because it never recieves an answer back from its DNS servers. Under normal circumstances it should recieve a SRVFAIL response.

          • 2. Re: error:450:SPF dns error ==>  Connection dropped

            Where do you check on the Ironmails to see if it is configured for Reverse Lookups?

            • 3. Re: error:450:SPF dns error ==>  Connection dropped

              Anti-Spam -> Anti-Spam Advanced -> Reverse DNS



              Also check

              Anti-Spam -> SpamProfiler -> Configure (there is a setting for reverse dns here also)