Do you have a specific case that this is failing?

If your backup mx is listed in your DNS mx record, it would pass the SPF check if your SPF record includes "mx."

Also, I just migrated to a new server and temporarily set up my old server as a backup mx (without the old server setup as an mx in DNS record) relaying to the new server and this worked without any whitelisting in out-of-the-box iRedMail on the same version/OS you're using.

If you're concerned about the SPF check failing from your backup mx, simply include the backup mx record in your DNS zone.

For example, if your SPF record contains the "mx" mechanism like this:

"v=spf1 a mx -all"

And your DNS zone includes your primary and backup mx:
MX 10 primary.example.com
MX 20 backup.example.com

Then the SPF check will pass.

See http://www.openspf.org/SPF_Record_Syntax

There's probably a dozen or so ways to whitelist a server. The way that works best for you probably depends on your configuration.

In a vanilla iRedMail installation, I've been dealing with an SPF fail that is coming from iredapd in smtpd_recipient_restrictions.

I tried every which way to whitelist the "offending" server in iredapd by using wblist_admin, MYNETWORKS, etc. but the SPF fail continues.

I finally worked around the issue by moving permit_mynetworks above the iredapd service in smtpd_recipient_restrictions in postfix main.cf and adding the relay server to mynetworks in main.cf.

This might work for you in your case, or you may need to reorder other restrictions you're using if the SPF fail happens during another part of the process.

Hi,
thank you both ZhangHuangbin and Ralph for support.
Regarding SPF problem, solution by ZhangHuangbin worked.

The exact same solution should work also in order to send without authentication, according to this link:
https://forum.iredmail.org/topic12573-a … twork.html
but below there is what happens:
sendemail -f myname@iredmaindomain -t someotheraddress@domain -u "test" -m "test" -s myiredmailserver:587
sendemail[13866]: WARNING => The recipient <someotheraddress@domain> was rejected by the mail server, error follows:
sendemail[13866]: WARNING => Received:    554 5.7.1 <unknown[x.y.w.z]>: Client host rejected: Access denied
srv23 sendemail[13866]: ERROR => Exiting. No recipients were accepted for delivery by the mail server.

From a linux server I try to send a message through Iredmail server configured as from the link and ZhangHuangbin suggestion (for spf problem) having added linux ip server x.y.w.z to iredapd and main.cf but iredmail refuses to send.
Any ideas?

Thank you

Hi,

Here is the log:
Sep 16 18:50:26 mail postfix/submission/smtpd[8892]: connect from unknown[x.y.w.z]
Sep 16 18:50:26 mail postfix/submission/smtpd[8892]: Anonymous TLS connection established from unknown[x.y.w.z]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 16 18:50:27 mail postfix/submission/smtpd[8892]: NOQUEUE: reject: RCPT from unknown[x.y.w.z]: 554 5.7.1 <unknown[x.y.w.z]>: Client host rejected: Access denied; from=<SOMENAME@myiredmaildomain> to=<SOMENAME@gmail.com> proto=ESMTP helo=<srv23>
Sep 16 18:50:27 mail postfix/submission/smtpd[8892]: lost connection after RCPT from unknown[x.y.w.z]
Sep 16 18:50:27 mail postfix/submission/smtpd[8892]: disconnect from unknown[x.y.w.z] ehlo=2 starttls=1 mail=1 rcpt=0/1 commands=4/5

In /etc/postfix/main.cf the sending ip x.y.w.z is listed in mynetwork.
The same ip is listed also in /opt/iredapd/libs/default_settings.py -> MYNETWORKS = ['x.y.w.z']

I've used the linux cli sendemail for testing:
sendemail -f SOMENAME@myiredmaildomain -t SOMENAMEo@gmail.com -u "test" -m "test" -s mail.myiredmaildomai:587

Thank you