On Sun, May 26, 2024 at 08:22:53PM -0500, Greg Sims via Postfix-users wrote:
> May 26 00:35:57 mail01.raystedman.org postfix/t124/smtp[39065]: > 0A7D630F1C7C: > to=<es-devo-bounce+<deleted>=cecytebc.edu...@devotion.raystedman.org>, > relay=aspmx.l.google.com[142.251.2.26]:25, > delay=0.52, delays=0/0/0.21/0.31, dsn=5.7.26, status=bounced (host > aspmx.l.google.com[142.251.2.26] said: 550-5.7.26 Unauthenticated email > from raystedman.org is not accepted due to 550-5.7.26 domain's DMARC > policy. Please contact the administrator of 550-5.7.26 raystedman.org > domain if this was a legitimate mail. To learn about 550-5.7.26 the DMARC > initiative, go to 550 5.7.26 > https://support.google.com/mail/?p=DmarcRejection > 98e67ed59e1d1-2bf5fe61ba7si4174351a91.147 - gsmtp (in reply to end of DATA > command)) > > We delivered 1000s of email to Google in this time frame -- we received > only five failures like the one above. I worked with the Google Team today > and determined the following: > > (1) Our SPF DNS contains the IP Address this email was sent from. This > implies DMARC should have passed -- as I believe DMARC requires failures > for Both SPF and DKIM for a hard failure. You really should have posted "collate" output, which would have shown the envelope sender address in the "qmgr active" log entry. Perhaps the actual domain used did not have the expected SPF records. Note also that SPF lookups can tempfail, in which case it would be down to DKIM to ensure the message passes your DMARC policy. Ideally Gmail would use a 4XX reject when SPF lookups tempfail, but perpaps there are reasons why they don't do that. > (3) I checked bou...@raystedman.org which in general ends up with all email > that bounce and contains VERP -- this was not the case with this email. Postfix sends bounces to the envelope sender unless the message was submitted with an explicit "NOTIFY=..." DSN policy that did not include failure. > The Google Team would like to have the message headers of this email to > further debug the issue. How can I use Postfix to capture the email > headers/content in this case. Bounces are sent to the envelope sender address. They include either the full message, or (for larger messages) just the headers. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
