Ok. This is what I am getting in my mail.log:
May 17 06:20:40 lists postfix/smtp[28437]: C14F8101260: to=<billb6951@gmail.com>, relay=gmail-smtp-in.l.google.com[142.250.114.26]:25, delay=0.45, delays=0.01/0/0.14/0.29, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[142.250.114.26] said: 550-5.7.26 The MAIL FROM domain [lists.ccalternatives.org] has an SPF record 550-5.7.26 with a hard fail policy (-all) but it fails to pass SPF checks with 550-5.7.26 the ip: [192.46.218.224].
I have two SPF records in dns for the server as follows:
mail v=spf1 mx -all
lists v=spf1 ip4:45.79.28.18 -all
please advise. Thank you!
-----Original Message----- From: Jeremy Stanley <fungi@yuggoth.org> Sent: Wednesday, May 17, 2023 7:15 AM To: mailman-users@mailman3.org Subject: [MM3-users] Re: spf/dkim/dmarc
On 2023-05-17 07:07:53 -0700 (-0700), Christian via Mailman-users wrote:
Thank you for your reply. I'm being driven mad by Gmail rejecting my SPF record, this while I get SPF record approvals everywhere else.
I read that having two SPF records for the same server will generate errors. Is this true? [...]
I'm not an SPF expert (I don't even use it for my domains), but I do know how to query standards documents. IETF RFC 7208 "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1" states in ยง3.2: "A domain name MUST NOT have multiple records that would cause an authorization check to select more than one record."
https://www.rfc-editor.org/rfc/rfc7208#section-3.2
Hope that helps!
Jeremy Stanley