[Rspamd-Users] SPF DNS Error / R_SPF_DNSFAIL

Max Grobecker max.grobecker at ml.grobecker.info
Sun Jan 1 16:44:49 UTC 2023


> I see the DNS request on my DNS server and a "working" reply going out. What can cause this error
> and/or how can I debug it?

I had this problem and tracked it down to a problem consisting of:
  - Domain has very many and/or large TXT records in APEX (where the SPF record is)
  - DNS resolver replies with a truncated response to not have to fragment UDP packets and expects you to request again via TCP for full answer
  - Rspamd uses a resolving library which does not do that

In that case, Rspamd never gets the SPF record because there are too many other TXT records in the zone and the SPF is outside the truncation threshold.

I solved this by using systemd-resolved (which handles this) and pointing Rspamd to to resolve through the systemd-resolved service.


More information about the Users mailing list