Postfix outbound mail not passing SPF checks for gmail


I’ve had my mail with mediatemple for years but now that godaddy acquired them they have cut off my outbound mail and when I call in they are pushing microsoft 360 SO I’ve decided to roll my own mail.

I have postfix setup with spf and all seems well except that gmail shuts down my test emails every time:

<>: host[]
    said: 550-5.7.26 This mail is unauthenticated, which poses a security risk
    to the 550-5.7.26 sender and Gmail users, and has been blocked. The sender
    must 550-5.7.26 authenticate with at least one of SPF or DKIM. For this
    message, 550-5.7.26 DKIM checks did not pass and SPF check for
    [] 550-5.7.26 did not pass with ip: [x.x.x.x]. The
    sender should visit 550-5.7.26 for 550 5.7.26
    instructions on setting up authentication.
    y14-20020a056a001c8e00b0067f03c85d73si2102348pfw.115 - gsmtp (in reply to
    end of DATA command)


Mail gets delivered to my own domain, but how can I get it delivered to my gmail address ?

more details

  • 72.x.x.x is my ubuntu server, which is under the umbrella of
  • is my domain

my dns TXT record is
v=spf1 ip4:72.x.x.x -all

and my is

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
readme_directory = no

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname =
#myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,, , localhost
#mydestination = $myhostname,, localhost.localdomain, localhost
#mydestination = localhost.$mydomain, localhost, $myhostname
#masquerade_domains =
relayhost =
mynetworks = [::ffff:]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all

### custom ###


policy-spf_time_limit = 3600s

smtpd_recipient_restrictions =
     check_policy_service unix:private/policy-spf
Asked By: Jacksonkr


After getting SPF working, I started getting a new response from gmail

<>: host[]
    said: 550-5.7.25 [72.x.x.x] The IP address sending this message does not
    have a PTR 550-5.7.25 record setup, or the corresponding forward DNS entry
    does not point 550-5.7.25 to the sending IP. As a policy, Gmail does not
    accept messages from 550-5.7.25 IPs with missing PTR records. Please visit
    550-5.7.25 for
    more 550 5.7.25 information.
    q25-20020a635059000000b0055384329027si1633035pgl.566 - gsmtp (in reply to
    end of DATA command)

As this is an error about reverse DNS not matching I ultimately had to contact GoDaddy, the owner of my ip block, and request that they set up a reverse dns PTR record for my specific IP.

Answered By: Jacksonkr
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.