1 Topic by CP

  • CP
  • Member
  • Offline
  • Registered: 2025-07-16
  • Posts: 3

Topic: Cannot receive mails from SF if sender & recipient are in local domain

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): iRedMail EE 1.6.2
- Deployed with iRedMail Easy or the downloadable installer? downloaded installer
- Linux/BSD distribution name and version:  Ubuntu 22.04.5 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL (MariaDB)
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? No (using iRedMail EE)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Cannot receive mails from Salesforce if sender and recipient are in local domain.

Hello.
I have some iRedmail users that use Salesforce to send notifications.
I added Salesforce servers to spf record of iRedmail users domain ( include:_spf.salesforce.com ) and mail is correctly delivered to non-local domains.

Instead, when Salesforce servers try to send a notification to a local domain mailbox, iRedmail rejects it error: 554 ... Recipient address rejected: SMTP AUTH is required for users under this sender domain

According to github_com/iredmail/iRedAPD/blob/master/plugins/reject_sender_login_mismatch.py , in case of local sender iRedAPD checks whether client is allowed smtp server against DNS SPF record (please correct if I'm wrong).

Unfortunately I see in the log (after activating debug) that iRedapd is failing to get a valid ip address:
Mar  9 13:57:02 mx iredapd [SPF][include _spf.salesforce.com] v=spf1 exists:%{i}._spf.mta.salesforce.com -all
Mar  9 13:57:02 mx iredapd [SPF][_spf.salesforce.com] No valid IP addresses/networks.

Also, I see that github_com/iredmail/iRedAPD/blob/master/libs/dnsspf.py that spf macro are not managed:
elif tag.startswith('exists:'):
           # TODO www_open-spf_org/RFC_4408/#mech-exists
           # Support macro `%{i}` first.

My question(s):
is actually mail rejected because iRedApd fails to validate Salesforce smtp server?
are there any plans to support macro `%{i}` in iRedApd?
macro `%{i}` would just* require iRedapd to check %{i}._spf.mta.salesforce.com for returning a valid response (where %{i} is the ip of the contacting server)
(* not my intention to trivialize the task)

Thank You,
CP

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.