I have recently enabled SPF, DKIM and DMARC on my NAS running mailserver. All seemed to be working fine until I got messages from people trying to send me mail that it was bouncing.
On investigation, it only when the MailServer perfoms an spfquery on an incoming message and the response is too large for a UDP packet, and the NAS retries using TCP.
The maillog shows...
"Received-SPF: temperror (brokendomain.com: Unknown error on DNS 'TXT' lookup of 'brokendomain.com')......."
Works fine for any queries with UDP.
nslookup via cli returns....
# nslookup -q=TXT brokendomain.com
;; Truncated, retrying in TCP mode.
;; Connection to 192.168.15.1#53(192.168.15.1) for brokendomain.com failed: connection refused.
Does anybody else experience this, and is there a workaround for it?
On investigation, it only when the MailServer perfoms an spfquery on an incoming message and the response is too large for a UDP packet, and the NAS retries using TCP.
The maillog shows...
"Received-SPF: temperror (brokendomain.com: Unknown error on DNS 'TXT' lookup of 'brokendomain.com')......."
Works fine for any queries with UDP.
nslookup via cli returns....
# nslookup -q=TXT brokendomain.com
;; Truncated, retrying in TCP mode.
;; Connection to 192.168.15.1#53(192.168.15.1) for brokendomain.com failed: connection refused.
Does anybody else experience this, and is there a workaround for it?