So I noticed my postfix servers returning "451 4.3.5 Server configuration problem" to some mails and rejecting them (4xx so they retry).
Associated log output says "warning: problem talking to server private/spfpolicy: Connection timed out"
Investigating the domains in question shows:
Code:
dig txt far.gxjfsm.com
; <<>> DiG 9.7.3 <<>> txt far.gxjfsm.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43812
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;far.gxjfsm.com. IN TXT
;; ANSWER SECTION:
far.gxjfsm.com. 574 IN TXT "v=spf1 include:far.gxjfsm.com ~all"
... a recursive include! (so the spf check times out).
Given the domain names involved, this seems intentional, maybe designed simply to put load on servers.
I didn't find much on this while searching (maybe it's a new thing) so thought I'd post here.
It doesn't seem to be much of an issue for us currently, but may be for busier sites, or if the volume of such mails is ramped up.
Any thoughts?
Mitigations?
Maybe a fail2ban filter to simply block domains that do this?