On 30.07.18 15:22, Sonic wrote:
I have a simple relay for sending emails from internal scanners and a voicemail system. All works fine except for posts that get bounced as the bounce notifications somehow fail both SPF and DKIM tests.
please provide more info about the mail flow. does your simple relay reject the mail, does your server reject the mail when receiving from the relay, or do remote servers reject the mail from your simple relay? Note that "bounce" happens when mail server receives a mail, but is unable to deliver it, so it constructs a bounce and sends is "back". the bounce itself should not trigger SPF (since the envelope from is empty) nor DKIM (unless server creating the bounce uses a domain that it can't sign)
The only (seemingly significant) differences I can find in the headers of normal vs bounced posts from the system are: Normal: Authentication-Results: test17.example.com; spf=pass smtp.mailfrom=u...@example.com Authentication-Results: test17.example.com; dkim=pass (2048-bit key) Bounced: Authentication-Results: test17.example.com; spf=none smtp.helo=smtp.example.com Authentication-Results: test17.example.com; dkim=none
"none" means no result. It does not mean spf or dkim failed. they did not fail, neither one.
The normal mail has: smtp.mailfrom=u...@example.com and the bounced mail has: smtp.helo=smtp.example.com
mailfrom is different than helo. you are comparing apples and oranges.
And so it looks like this difference is keeping the bounced notifications from passing SPF and getting processed by OpenDKIM.
-- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue.
