- Plesk Onyx for Linux
Incoming mail from some domains rejected or quarantined by DMARC
/var/log/mailllogfile contains the error:
CONFIG_TEXT: spf: Error code: (18) Mechanisms used too many DNS lookups
SPF ships with a built-in limit to the number of “DNS-querying mechanisms” that a set of SPF records can contain. That limit is 10. Those mechanisms are:
Most commonly, people run into the “too many DNS lookups” error due to using a lot of
includemechanisms. For example, if a domain is using Google Apps, then Google’s own SPF record automatically takes up 4 of the 10 allowed DNS-querying mechanisms.
Misconfigured "SPF local rules" in Tools & Settings > Mail Server Settings
Make sure that "SPF local rules" are configured properly
- Log into Plesk
- Go to Tools & Settings > Mail Server Settings and check that "SPF local rules" record does not start with
v=spf1and does not end with something like
If "SPF local rules" are valid, but the issue persists. Then verify all SPF rules by following all "include:" directives, if any, for sender domain to make sure that total count of SPF records below does not exceed 10.
**Local rules **- the rules that are used by the spam filter before the SPF check is actually done by the mail server.
Note: These rules are concatenated with the rules specified in the SPF-related DNS record or the sender. For example, if the sender has the following SPF policy:
example.com TXT v=spf1 +a +mx –all and the local rule is
a:test.plesk.com, then the resulting policy will be
example.com. TXT v=spf1 +a +mx +a:test.plesk.com –all
This tool might be helpful to validate SPF record: http://www.kitterman.com/spf/validate.html