I trust Google to check SPF correctly, and can’t confirm that your system is correct because you’ve redacted any useful information. You’ve been told what to do (publish SPF for the domain in the EHLO value) and you’ve even been given the SPF string that will do it.
If you want assistance, don’t hide everything that will make it possible to give you that assistance. laura > On 27 Aug 2024, at 13:09, Eduardo Diaz Comellas <ed...@ultreia.es> wrote: > > Hi Laura, > > Thanks for your help. I've captured one of the SMTP transactions: > > > > SMTP<< 220 mx.google.com ESMTP ffacd0b85a97d-37308269cdfsi4917634f8f.703 - > gsmtp > SMTP>> EHLO mailhost.maildomain.net > SMTP<< 250-mx.google.com at your service, [555.555.555.555] > 250-SIZE 157286400 > 250-8BITMIME > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-CHUNKING > 250 SMTPUTF8 > SMTP>> STARTTLS > SMTP<< 220 2.0.0 Ready to start TLS > SMTP>> EHLO mailhost.maildomain.net > SMTP<< 250-mx.google.com at your service, [555.555.555.555] > 250-SIZE 157286400 > 250-8BITMIME > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-CHUNKING > 250 SMTPUTF8 > SMTP>> MAIL FROM:<> SIZE=1862 > SMTP>> RCPT TO:<gmailu...@gmail.com> <mailto:gmailu...@gmail.com> > will write message using CHUNKING > SMTP>> BDAT 646 LAST > SMTP<< 250 2.1.0 OK ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp > SMTP<< 250 2.1.5 OK ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp > SMTP<< 550-5.7.26 Your email has been blocked because the sender is > unauthenticated. > 550-5.7.26 Gmail requires all senders to authenticate with either SPF > or DKIM. > 550-5.7.26 > 550-5.7.26 Authentication results: > 550-5.7.26 DKIM = did not pass > 550-5.7.26 SPF [] with ip: [555.555.555.555] = did not pass > 550-5.7.26 > 550-5.7.26 For instructions on setting up authentication, go to > 550 5.7.26 > https://support.google.com/mail/answer/81126#authentication > ffacd0b85a97d-37308269cdfsi4917634f8f.703 - gsmtp > SMTP>> QUIT > SMTP(close)>> > > > > I''ve double checked that the EHLO works with the SPF (in the redacted log, > IP 555.555.555.555 matches maildomain.net's SPF): > > <81XFvZGqU4hDuONl.png> > > That is why I find this so weird. I know DKIM is not setup there, but the > SPF is and it is being ignored or not checked properly. > > Best regards > > > > > On 27/8/24 13:28, Laura Atkins wrote: >> You need to authenticate with either SPF or DKIM. As you’re using a null >> sender, you can set up SPF on the EHLO value. Or you can sign outgoing mail >> with DKIM, dealer’s choice. >> >> laura >> >>> On 27 Aug 2024, at 11:56, Eduardo Diaz Comellas via mailop >>> <mailop@mailop.org> <mailto:mailop@mailop.org> wrote: >>> >>> Hi all, >>> >>> I've got a couple of complains from customers saying that the vacation >>> message is not being received by Gmail users. Our email service is quite >>> standard, with dovecot+sieve processing the email storage and >>> autoresponders. >>> >>> I've confirmed that the problem is true: >>> >>> 2024-08-27 11:08:09 1sisBN-002eWx-KM <= <> H=(mydovecot.host) >>> [172.30.6.182] P=esmtp K S=1087 >>> id=dovecot-sieve-1724749689-16845...@mydovecot.host >>> <mailto:id=dovecot-sieve-1724749689-16845...@mydovecot.host> >>> 2024-08-27 11:08:10 1sisBN-002eWx-KM ** randomgmailu...@gmail.com >>> <mailto:randomgmailu...@gmail.com> R=hubbed_hosts T=remote_smtp >>> H=gmail-smtp-in.l.google.com [173.194.76.27] >>> X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes >>> DN="CN=mx.google.com": SMTP error from remote mail server after pipelined >>> end of data: 550-5.7.26 Your email has been blocked because the sender is >>> unauthenticated.\n550-5.7.26 Gmail requires all senders to authenticate >>> with either SPF or DKIM.\n550-5.7.26\n550-5.7.26 Authentication >>> results:\n550-5.7.26 DKIM = did not pass\n550-5.7.26 SPF [] with ip: >>> [555.555.555.555] = did not pass\n550-5.7.26\n550-5.7.26 For instructions >>> on setting up authentication, go to\n550 5.7.26 >>> https://support.google.com/mail/answer/81126#authentication >>> ffacd0b8rr97d-373081420c7si4806836f8f.262 - gsmtp >>> 2024-08-27 11:08:10 1sisBN-002eWx-KM Frozen (delivery error message) >>> >>> >>> I think that sending the vacation messages with null sender is an standard >>> practise and the best way to avoid loops. I've found no problems with any >>> other email providers: only gmail is blocking this messages. >>> >>> Does anyone have this issue? How do you deal with it? >>> >>> Best regards. >>> >>> -- >>> Eduardo Díaz Comellas >>> Ultreia Comunicaciones, S.L. >>> >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org <mailto:mailop@mailop.org> >>> https://list.mailop.org/listinfo/mailop >> >> -- >> The Delivery Expert >> >> Laura Atkins >> Word to the Wise >> la...@wordtothewise.com <mailto:la...@wordtothewise.com> >> >> Delivery hints and commentary: http://wordtothewise.com/blog >> >> >> >> >> >> > -- > Eduardo Díaz Comellas > Ultreia Comunicaciones, S.L. -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
