SPF failing

Currently reading
SPF failing

I have recently enabled SPF, DKIM and DMARC on my NAS running mailserver. All seemed to be working fine until I got messages from people trying to send me mail that it was bouncing.
On investigation, it only when the MailServer perfoms an spfquery on an incoming message and the response is too large for a UDP packet, and the NAS retries using TCP.

The maillog shows...

"Received-SPF: temperror (brokendomain.com: Unknown error on DNS 'TXT' lookup of 'brokendomain.com')......."

Works fine for any queries with UDP.

nslookup via cli returns....

# nslookup -q=TXT brokendomain.com
;; Truncated, retrying in TCP mode.
;; Connection to for brokendomain.com failed: connection refused.

Does anybody else experience this, and is there a workaround for it?

It might be something similar to what I’ve experienced at the beginning when I started using Mail Server.
It was related to the DNS not being able to deal with some of the large SPF TXT fields that are returned.
Those rejected emails arrived when I turned off SPF.

The solution was to enable Synology’s DNS on the DS. Did you try something like that?
Yes, it is definitely the same issue...
I have not tried running DNS on DS - will give that a try

I have turned off SPF for the meantime...
It’s so easy. You can try it and see if it works. Just ask some of the people who got bounced mail to send to you again with SPF enabled and test it.

Install the DNS package.
Go to DNS server and setup the below:


Then go to Control Panel > Network > General tab
Set something like the below:


Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I thought I had DKIM and SPF sussed but Google disagrees. I'm sending mail from server.mydomain.tld but...

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!