Maintained by: NLnet Labs

FW: Validation failure signature crypto failed

Jac Backus
Tue Jan 24 16:44:29 CET 2017


Hello,

I have a FreeBSD server with Unbound .1.5.7 as a resolver.

I use Postfix for mail and postfix-policyd-spf-perl to check spf.
My problem is, that mail from a certain domain is refused.

When I test, I see this:

# perl /usr/local/libexec/postfix-policyd-spf-perl
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=mail.acme.com
queue_id=8045F2AB23
sender=j.doe at acme.com
recipient=me at company.com
client_address=1.1.1.1
client_name=mail.company.com

action=DEFER_IF_PERMIT SPF-Result=mail.acme.com: 'SERVFAIL' error on DNS 'TXT' lookup of 'mail.acme.com'

This is in unbound.log:


Reason for the SERVFAIL:

Jan 24 13:44:25 unbound[487:0] info: response for mail.acme.com. TXT IN

Jan 24 13:44:25 unbound[487:0] info: reply from <acme.com.> 2.2.2.2#53

Jan 24 13:44:25 unbound[487:0] info: query response was ANSWER

Jan 24 13:44:25 unbound[487:0] info: Validate: message contains bad rrsets

Jan 24 13:44:25 unbound[487:0] info: validation failure <mail.acme.com. TXT IN>: signature crypto failed from 2.2.2.2



Is this a valid SERVFAIL?

Could some help me? Thanks.


With kind regards,

Jac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170124/f97b182d/attachment.html>