Hi Laura (and all),
You are absolutely right. The trick is to set the SPF not for the domain
but for the full EHLO string. Following the redacted information, I had
the SPF for "maildomain.net", but not for "mailhost.maildomain.net".
Emails coming from "dumbu...@maildomain.net" worked, but the
notifications (with null sender) not.
I've created specific SPF entries for each of the outgoing EHLO string
used (we have several outgoing hosts) and the vacation messages are
going through.
Thanks a lot for your help.
Best regards.
El 27/8/24 a las 14:13, Laura Atkins via mailop escribió:
I trust Google to check SPF correctly, and can’t confirm that your
system is correct because you’ve redacted any useful information.
You’ve been told what to do (publish SPF for the domain in the EHLO
value) and you’ve even been given the SPF string that will do it.
If you want assistance, don’t hide everything that will make it
possible to give you that assistance.
laura
On 27 Aug 2024, at 13:09, Eduardo Diaz Comellas <ed...@ultreia.es> wrote:
Hi Laura,
Thanks for your help. I've captured one of the SMTP transactions:
SMTP<< 220 mx.google.com ESMTP
ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp
SMTP>> EHLO mailhost.maildomain.net
SMTP<< 250-mx.google.com at your service, [555.555.555.555]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
SMTP>> STARTTLS
SMTP<< 220 2.0.0 Ready to start TLS
SMTP>> EHLO mailhost.maildomain.net
SMTP<< 250-mx.google.com at your service, [555.555.555.555]
250-SIZE 157286400
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
SMTP>> MAIL FROM:<> SIZE=1862
SMTP>> RCPT TO:<gmailu...@gmail.com>
will write message using CHUNKING
SMTP>> BDAT 646 LAST
SMTP<< 250 2.1.0 OK ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp
SMTP<< 250 2.1.5 OK ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp
SMTP<< 550-5.7.26 Your email has been blocked because the sender is
unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with
either SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [] with ip: [555.555.555.555] = did not pass
550-5.7.26
550-5.7.26 For instructions on setting up authentication, go to
550 5.7.26
https://support.google.com/mail/answer/81126#authentication
ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp
SMTP>> QUIT
SMTP(close)>>
I''ve double checked that the EHLO works with the SPF (in the
redacted log, IP 555.555.555.555 matches maildomain.net's SPF):
<81XFvZGqU4hDuONl.png>
That is why I find this so weird. I know DKIM is not setup there,
but the SPF is and it is being ignored or not checked properly.
Best regards
On 27/8/24 13:28, Laura Atkins wrote:
You need to authenticate with either SPF or DKIM. As you’re using a
null sender, you can set up SPF on the EHLO value. Or you can sign
outgoing mail with DKIM, dealer’s choice.
laura
On 27 Aug 2024, at 11:56, Eduardo Diaz Comellas via mailop
<mailop@mailop.org> wrote:
Hi all,
I've got a couple of complains from customers saying that the
vacation message is not being received by Gmail users. Our email
service is quite standard, with dovecot+sieve processing the email
storage and autoresponders.
I've confirmed that the problem is true:
2024-08-27 11:08:09 1sisBN-002eWx-KM <= <> H=(mydovecot.host)
[172.30.6.182] P=esmtp K S=1087
id=dovecot-sieve-1724749689-16845...@mydovecot.host
2024-08-27 11:08:10 1sisBN-002eWx-KM ** randomgmailu...@gmail.com
R=hubbed_hosts T=remote_smtp H=gmail-smtp-in.l.google.com
[173.194.76.27]
X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256
CV=yes DN="CN=mx.google.com": SMTP error from remote mail server
after pipelined end of data: 550-5.7.26 Your email has been blocked
because the sender is unauthenticated.\n550-5.7.26 Gmail requires
all senders to authenticate with either SPF or
DKIM.\n550-5.7.26\n550-5.7.26 Authentication results:\n550-5.7.26
DKIM = did not pass\n550-5.7.26 SPF [] with ip: [555.555.555.555]
= did not pass\n550-5.7.26\n550-5.7.26 For instructions on setting
up authentication, go to\n550 5.7.26
https://support.google.com/mail/answer/81126#authentication
ffacd0b8rr97d-373081420c7si4806836f8f.262 - gsmtp
2024-08-27 11:08:10 1sisBN-002eWx-KM Frozen (delivery error message)
I think that sending the vacation messages with null sender is an
standard practise and the best way to avoid loops. I've found no
problems with any other email providers: only gmail is blocking
this messages.
Does anyone have this issue? How do you deal with it?
Best regards.
--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.
--
The Delivery Expert
Laura Atkins
Word to the Wise
la...@wordtothewise.com
Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
