[Rspamd-Users] SPF DNS Error / R_SPF_DNSFAIL
Max Grobecker
max.grobecker at ml.grobecker.info
Sun Jan 1 16:44:49 UTC 2023
Hi,
> I see the DNS request on my DNS server and a "working" reply going out. What can cause this error
> and/or how can I debug it?
I had this problem and tracked it down to a problem consisting of:
- Domain has very many and/or large TXT records in APEX (where the SPF record is)
- DNS resolver replies with a truncated response to not have to fragment UDP packets and expects you to request again via TCP for full answer
- Rspamd uses a resolving library which does not do that
In that case, Rspamd never gets the SPF record because there are too many other TXT records in the zone and the SPF is outside the truncation threshold.
I solved this by using systemd-resolved (which handles this) and pointing Rspamd to 127.0.0.53 to resolve through the systemd-resolved service.
Greetings,
Max
More information about the Users
mailing list