I have Parallels Plesk Panel (PP) version 9 installed and use Postfix MTA.

When I switch on SPF spam protection in the server-wide mail preferences {Home -> Mail Server Settings -> Switch on SPF spam protection}, all incoming mail is rejected with the following error: {4.3.0 Error: queue file write error}.

Out: 220 ns.plesk.tld ESMTP Postfix
In:  HELO me.domain.tld
Out: 250-ns.plesk.tld
In:  MAIL FROM: mail@sender.tld
Out: 250 2.1.0 Ok
In:  RCPT TO: mail@recipient.tld
Out: 250 2.1.5 Ok
Out: 354 End data with <CR><LF>.<CR><LF>
Out: 451 4.3.0 Error: queue file write error

According to the maillog on the PP server {$PRODUCT_ROOT_D/var/log/maillog}, the process stalled on "SPF filter" and the message did not ever arrive to the mail queue.

Feb 17 05:40:22 plesk before-queue[9125]: found handlers entry = '/usr/local/psa/handlers/before-queue/global/10-spf-kQaKxm'
Feb 17 05:40:22 plesk before-queue[9125]: call_handlers: call executable = '/usr/local/psa/handlers/info/10-spf-kQaKxm/executable'
Feb 17 05:40:22 plesk spf filter[9133]: Starting spf filter...


The problem is caused by not-working name servers in the file /etc/resolv.conf.

~# cat /etc/resolv.conf

You may test them with the domain name and the command time.
The following output is shown if the name server is not functional:

~# time host -tTXT
;; connection timed out; no servers could be reached

real    0m10.006s
user    0m0.000s
sys 0m0.010s

The following output is normal:

~# time host -tTXT
Using domain server:
Aliases: has no TXT record

real    0m0.005s
user    0m0.001s
sys     0m0.003s

SPF handler tries to resolve TXT, A, and MX records of the sender's domain and hits long a pause, caused by remote servers, while the postfix-queue binary has an internal timeout value of 30 seconds. Once this timeout value is reached, the message is discarded.


To resolve the problem, you need to put working name servers in the file /etc/resolve.conf on the PP server.

