On 22.04.24 09:28, Paul Menzel via mailop wrote:
A users sends a message to x...@uni-potsdam.de, and the user X there has
a forward set up to their y...@gmail.com address. Now
smtpin.uni-potsdam.de returns a delivery failure from Google Mail:
The following message to<y...@gmail.com> was undeliverable.
The reason for the problem:
The SPF of molgen.mpg.de has `~all` (soft fail):
$ dig txt molgen.mpg.de +short
"v=spf1 ip4:141.14.0.0/16 ~all"
and I would expect `~all` to result in Google Mail not rejecting the
message, when another server is sending emails from @molgen.mpg.de. We
do not want to set up DKIM due to the increased message size, and
complexity of key handling. Is there an alternative?
On 22.04.24 10:00, Marco Moock via mailop wrote:
Google required at least one of SPF or DKIM that will pass. Softfail
(~) or neutral (?) aren't sufficient.
You can't sign DKIM for external domains, so if external mail goes in
and is being forwarded, the DKIM signature is still valid, but there
are situations when there is no DKIM signature. You can't sign such a
message because you don't have control over the DNS of the foreign
domain.
Google makes forwarding really hard. They want you to set up ARC.
https://support.google.com/a/answer/13198639?sjid=6036584522181943107-EU
I know this is nasty, but this are Google's rules.
Forwarded mails will always have an SPF failure, DKIM will be valid.
The (ugly but working) possibility is to rewrite From: address to one
@uni-potsdam.de and dkim-sign that one.
It's the same mechanism this mailing list uses to deliver mail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
