I have a postfix mail server on Debian. A client of mine just informed me that they were unable to send an email to me and it appears that there is a problem with their mail server. I would like to get back to them with the actual problem, but I'm unable to figure this out. This was in the bounce email:

The address to which the message has not yet been delivered is:

Delay reason: SMTP error from remote mail server after RCPT
host dog.myhostname.com [{server_ip}]: 450 4.7.1
Recipient address rejected: SPF-Result=server.thehostingserver.co.uk:
'SERVFAIL' error on DNS 'TXT' lookup of 'server.thehostingserver.co.uk'

Checking through the /var/log/mail.log file I see the following lines which coincide with the bounce email:

Dec  6 10:32:16 dog postfix/smtpd[366]: connect from unknown[]
Dec  6 10:32:16 dog postfix/smtpd[366]: setting up TLS connection from unknown[]
Dec  6 10:32:16 dog postfix/smtpd[366]: Anonymous TLS connection established from unknown[]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Dec  6 10:32:18 dog postfix/policy-spf[421]: Policy action=DEFER_IF_PERMIT SPF-Result=server.thehostingserver.co.uk: 'SERVFAIL' error on DNS 'TXT' lookup of 'server.thehostingserver.co.uk'
Dec  6 10:32:18 dog postfix/smtpd[366]: NOQUEUE: reject: RCPT from unknown[]: 450 4.7.1 <eric@mydomain.com>: Recipient address rejected: SPF-Result=server.thehostingserver.co.uk: 'SERVFAIL' error on DNS 'TXT' lookup of 'server.thehostingserver.co.uk'; from=<info@example.com> to=<eric@mydomain.com> proto=ESMTP helo=<server.thehostingserver.co.uk>

I am having a bit of trouble understanding this.

1) Why does it say "connect from unknown"? This IP clearly resolves to server.oovavoohosting.co.uk. (Note, other incoming connections do show up correctly with their hostnames)

# nslookup

Non-authoritative answer:      name = server.oovavoohosting.co.uk.

Authoritative answers can be found from:
106.26.37.in-addr.arpa  nameserver = ns1.racksrv.com.
106.26.37.in-addr.arpa  nameserver = ns2.racksrv.com.
ns1.racksrv.com internet address =
ns2.racksrv.com internet address =

2) If the aforementioned IP resolves to server.oovavoohosting.co.uk, where does it get the hostname server.thehostingserver.co.uk from? I can see this hostname doesn't exist, which is why it's returning a SERVFAIL, I just don't know where it comes from.

  • 669
  • 2
  • 9
  • 25

1 Answers1


1) The unknown in the log means that the reverse name for the IP (server.oovavoohosting.co.uk) does not forward resolve to the original IP address.

2) It looks like the remote server introduced itself as server.thehostingserver.co.uk. Looking at the log, I see helo=server.thehostingserver.co.uk, which I interpret as what the server used in the SMTP greeting.

Why that is used in the SPF test I did not know until I looked it up on wikipedia and it seems that this is now a mandatory test:

For an empty Return-Path as used in error messages and other auto-replies, an SPF check of the HELO-identity is mandatory.

With a bogus HELO identity the result NONE would not help, but for valid host names SPF also protects the HELO identity. This SPF feature was always supported as an option for receivers, and later SPF drafts including the final specification recommend to check the HELO always.

In summary, a server connected to your mail server and said

HELO server.thehostingserver.co.uk

in its greeting. Your server then looked up the SPF record and not finding a DNS entry for this server refused the mail.

  • 7,569
  • 1
  • 28
  • 57