Hi, I posted in the support chat, but I decided to copy/paste here because it might involve a lot of information.
original chat
Hello
I have a postfix/spf misconfiguration. I don’t think it’s YunoHost to handle this case, but I need your lights to deal with it.
I have a YunoHost handling mydomain.org
I have superdomain.com registered at gandi, and I let the MX records with the mail server from gandi
and on the superadmin.com admin console, I created a mailbox which basically forward every incoming email to myname.superadmin.com@mydomain.org
and then, I received a : http://www.openspf.org/Why?s=mfrom;id=bounce%2Ba6360a.8e06-myname%3Dsuperdomain.com%40slack.com;ip=12.13.14.15;r=10.0.3.1;
This was an invitation to slack for that mailbox (myname@superdomain.com) which was forwarded to myname.superdomain.com@mydomain.org
The log is :
/var/log/mail.log.1:Sep 17 15:58:26 yunaufs postfix/smtpd[24656]: NOQUEUE: reject: RCPT from relay5-d.mail.gandi.net[217.70.183.197]: 550 5.7.1 <mynam
/var/log/mail.log.1:Sep 17 15:58:26 yunaufs postfix/smtpd[24656]: NOQUEUE: reject: RCPT from relay5-d.mail.gandi.net[217.70.183.197]: 550 5.7.1 <myname.superdomain.com@mydomain.org> : Recipient address rejected: Please see http://www.openspf.org/Why?s=mfrom;id=bounce%2Ba6360a.8e06-myname%3Dsuperdomain.com%40slack.com;ip=12.13.14.15;r=10.0.3.1; from=<bounce%2Ba6360a.8e06-myname=superdomain.com@slack.com to=<myname.superdomain.com@mydomain.org> proto=ESMTP helo=<relay5-d.mail.gandi.net>
The 10.0.3.1 is the YunoHost server (running in a LXC, with all ports forwarded to that LXC)
I’ve been using this setup for years now, but once in a while I get some errors like that who seem to be edge cases, and I would like to fix it once and for all.
I thought maybe I should just accept all the mail from relay5-d.mail.gandi.net ? Or can I limit relaying from these servers only on specific domain/email?
So if you have any insight with this. I don’t really know postfix, and I don’t want to fuck it up and then become a spam relay because I loosened security.i