Greg Sims via Postfix-users: > > On Mon, May 27, 2024 at 3:40?AM Viktor Dukhovni via Postfix-users < > postfix-users@postfix.org> wrote: > > > You really should have posted "collate" output, which would have shown > > the envelope sender address in the "qmgr active" log entry. Perhaps > > the actual domain used did not have the expected SPF records. > > Wietse: > > notify_classes is working well. Postmaster is hosted by Google and we are > seeing sequences like the following as a result. I had to move > notify_classes to main.cf to cover all of our email. For debug it would > likely be best to have Postmaster email remain on our server -- instead of > sending it to Google. Please see below as I believe we may have a > better understanding without the email headers.
It does not have to be postmaster: https://www.postfix.org/postconf.5.html#bounce_notice_recipient https://www.postfix.org/postconf.5.html#notify_classes Or: "Delivering some but not all accounts locally": https://www.postfix.org/STANDARD_CONFIGURATION_README.html#some_local > Viktor: > > The "collate" for this issue is enlightening. Here is an instance: > > May 28 02:11:41 mail01.raystedman.org postfix/bounce[19442]: > B78BC305D5A9: postmaster non-delivery notification: 4A841305D5BE > May 28 02:11:41 mail01.raystedman.org postfix/cleanup[19458]: > 4A841305D5BE: message-id=<20240528091141.4a841305d...@mail01.raystedman.org> > May 28 02:11:41 mail01.raystedman.org postfix/qmgr[16460]: 4A841305D5BE: > from=<double-bou...@mail01.raystedman.org>, size=3187, nrcpt=1 (queue > active) > May 28 02:11:41 mail01.raystedman.org postfix/t124/smtp[19403]: Trusted > TLS connection established to aspmx.l.google.com[142.250.141.27]:25: > TLSv1.3 with cipher T > LS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature > ECDSA (P-256) server-digest SHA256 > May 28 02:11:41 mail01.raystedman.org postfix/t124/smtp[19403]: > 4A841305D5BE: host aspmx.l.google.com[142.250.141.27] said: 421-4.7.26 Your > email has been rate limited because it is unauthenticated. Gmail 421-4.7.26 > requires all senders to authenticate with either SPF or DKIM. 421-4.7.26 > 421-4.7.26 Authentication results: 421-4.7.26 DKIM = did not pass > 421-4.7.26 SPF [mail01.raystedman.org] with ip: [209.73.152.124] = did not > pass 421-4.7.26 421-4.7.26 For instructions on setting up authentication, > go to 421 4.7.26 > https://support.google.com/mail/answer/81126#authentication > d2e1a72fcca58-701bc33108esi1286635b3a.272 - gsmtp (in reply to end of DATA > command) In recent experience with my personal porcupine.org email address, they not only want SPF or DKIM, they *also* want a DMARC policy with p=quarantine or p=reject. > May 28 02:11:42 mail01.raystedman.org postfix/t124/smtp[19403]: Trusted > TLS connection established to alt2.aspmx.l.google.com[74.125.126.27]:25: > TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange > X25519 server-signature ECDSA (P-256) server-digest SHA256 > May 28 02:11:42 mail01.raystedman.org postfix/t124/smtp[19403]: > 4A841305D5BE: to=<postmas...@raystedman.org>, orig_to=<postmaster>, relay= > alt2.aspmx.l.google.com[74.125.126.27]:25, delay=1.2, delays=0/0/0.81/0.39, > dsn=2.0.0, status=sent (250 2.0.0 OK 1716887502 > ca18e2360f4ac-7eae2d6333asi30711039f.32 - gsmtp) > May 28 02:11:42 mail01.raystedman.org postfix/qmgr[16460]: 4A841305D5BE: > removed > > It appears that this bounce email was sent using the subdomain > mail01.raystedman.org. There is no "from=<>" here but the error log seems > to imply the SPF failure was associated with this subdomain. If this is > the case, we need to add an SPF record for this subdomain. Please note we > are already configured for raystedman.org and devotion.raystedman.org. Are > there any other subdomains that Postfix would use? Please let me know and > I will make the appropriate modifications to DNS. > > Thank you, Greg > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
