Comments (7)
Thank you for going into the details. I set this up now, so let’s see if it works next time.
$ host -t txt mail.gw90.de
mail.gw90.de descriptive text "v=spf1 a -all"
Thank you, thank you, again.
from sympa.
The rejection message by recipient (gmail.com) is:
550-5.7.26 Your email has been blocked because the sender is unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [] with ip: [2a01:4f8:200:641c::d0d0:c0de] = did not pass
550-5.7.26
550-5.7.26 For instructions on setting up authentication, go to
550 5.7.26 https://support.google.com/mail/answer/81126#authentication a640c23a62f3a-a5a17b20fdcsi1619192466b.431 - gsmtp DT=0.458s
Follow the link above and read the description by Google. They require authentication at least by either SPF or DKIM, or both. However your site provides neither.
Your options are either:
-
Setting Sympa to add DKIM signature to the messages it originates.
See the documentation. -
Setting DNS resource record for SPF.
A common mistake is not setting a SPF record on the smtp.helo host for the DSNs that has empty envelope sender. Check the description. In fact, there is no SPF record for your SMTP HELO host mail.gw90.de.
from sympa.
@ikedas, thank you for looking into this. That was my first thought too, but then I wondered, why do all the other messages pass. If envelope-from is empty, then whose SPF record should be checked, and that is the problem in my opinion. This is substantiated by looking at other rejection messages:
SPF [jjworldtrade.com] with ip: …
So Google Mail tells the domain, for which the SPF record is missing. In my case it’s the empty string.
from sympa.
And for the record, SPF records are set up:
$ dig txt vocantare.de +short | grep spf
"v=spf1 mx ~all"
$ dig mx vocantare.de +short
10 mail.gw90.de.
from sympa.
No, please read my explanation and description on open-spf.org carefully.
SPF record should be set up on SMTP HELO/EHLO host. Expected result is:
$ dig txt mail.gw90.de +short
"v=spf1 (...appropriate SPF specifications...) ~all"
from sympa.
Please explain the Google Mail error message (empty []) and the Exim logs, why envelope sender is not set.
from sympa.
Why the envelope sender of DSN is empty is that it must be empty. RFC 3464 says: Whenever an SMTP transaction is used to send a DSN, the MAIL FROM command MUST use a NULL return address, i.e., "MAIL FROM:<>". Sympa merely conforms to this. Moreover, your Exim also sets envelope sender to be null when it originates DSN: Please check the logs.
RFC 7208 says: In this [Delivery Status Notification] case, the only entity available for performing an SPF check is the "HELO" identity.
That't why you should set up SPF record for SMTP HELO/EHLO host name also, not only for the email domain name.
from sympa.
Related Issues (20)
- How can I rebuild archives and get attachments with exact extensions? HOT 1
- log_socket_type parameter should allow host, port, timeout options HOT 1
- Prevent custom_header with accents HOT 1
- Incorrect "No bouncing members" on a large list with small number of bouncers
- Setting invite sender as From: violates modern sender authentication HOT 1
- Add age based deletion of archives HOT 2
- Part in multipart contains a dot alone in a line, transmitted as is, considered as end of transmission by clients HOT 7
- DKIM signing and ARC sealing order is reversed HOT 14
- Do not remove (possibly invalid) DKIM-Signature headers from outgoing messages
- LDAP auth not working correctly when LDAP alias is found first
- Add optional release date & time for moderated messages, defaulting to right now.
- Warn list owner/listmaster when a high number of list member are deleted in dynamic lists HOT 6
- SOAP server sometimes dies quietly after ADD or DEL is performed HOT 2
- alias addresses not being created for new lists since the Operating System was updated HOT 3
- New scenario send.privateorpublickeyandeditorkey HOT 1
- Allow full sympa list email addresses to be used instead of only the listserv name
- sympasoap oddity with utf-8 input HOT 8
- Sympa 6.2.66 web interface returns "400 bad request" after upgrading to apache 2.4.52-1ubuntu4.10 HOT 6
- Sympa arc sign is not enabled HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sympa.