I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems.
Below is the header for an email that was sent from my domain to Gmail and comes safely:
Message ID <[email protected]>
Created at: Fri, Jul 16, 2021 at 11:30 AM (Delivered after 4 seconds)
From: me
To: [email protected]
Subject: Check1
SPF: PASS with IP 000.000.000.000 (mail server IP) Learn more
DKIM: 'PASS' with domain domain.com Learn more
DMARC: 'PASS' Learn more
but when we use the below code to send from our ERP:
defined('BASEPATH') OR exit('No direct script access allowed');
class SendPO extends CI_Controller {
var $role,$user,$brand;
public function __construct()
{
parent::__construct();
$this->load->helper('url');
}
public function index(){
$mailTo = "[email protected]";
$subject = "Mail check ";
$config = Array(
'protocol' => 'smtp',
'smtp_host' => 'mail.example.com',
'smtp_port' => 465,
'smtp_user' => '[email protected]',
'smtp_pass' => 'some-password',
'charset'=>'utf-8',
'validate'=>TRUE,
'wordwrap'=> TRUE,
'dkim_domain' => 'example.com',
'dkim_private' => '/home/ubuntu/mail.private',
'dkim_selector' => 'mail',
'dkim_passphrase' => '',
);
$this->load->library('email', $config);
$this->email->set_newline("\r\n");
$this->email->from("[email protected]");
$this->email->cc("[email protected]");
// replace my mail by user it is just for testing
$this->email->to($mailTo);
$this->email->subject($subject);
$msg="Mail check";
//echo $msg;
$this->email->message($msg);
$this->email->set_header('Reply-To', $userMail);
$this->email->set_mailtype('html');
$this->email->send();
}
}
?>
I see this mail "Returned mail: see transcript for details"
The original message was received on Fri, 16 Jul 2021 11:22:05 +0200
from erp.domain.com [127.0.0.1]
----- The following addresses had permanent fatal errors -----
(reason: 550-5.7.26 Unauthenticated email from example.com is not accepted due)
----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 Unauthenticated email from example.com is not accepted due
<<< 550-5.7.26 to domain's DMARC policy. Please contact the administrator of
<<< 550-5.7.26 example.com domain if this was a legitimate mail.
Please
<<< 550-5.7.26 visit
<<< 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
<<< 550 5.7.26 DMARC initiative. g11si7705633pfc.152 - gsmtp
554 5.0.0 Service unavailable
Reporting-MTA: dns; erp.domain.com
Received-From-MTA: DNS; erp.domain.com
Arrival-Date: Fri, 16 Jul 2021 11:22:05 +0200
Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 Unauthenticated email from example.com is not accepted due
Last-Attempt-Date: Fri, 16 Jul 2021 11:22:05 +0200
Return-Path:
Received: from erp.example.com (erp.example.com [127.0.0.1])
by erp.example.com (8.15.2/8.15.2/Debian-3) with ESMTP id 16G9M5eY021733;
Fri, 16 Jul 2021 11:22:05 +0200
Received: (from www-data@localhost)
by erp.domain.com (8.15.2/8.15.2/Submit) id 16G9M5NP021732;
Fri, 16 Jul 2021 11:22:05 +0200
X-Authentication-Warning: erp.domain.com: www-data set sender to [email protected] using -f
To: [email protected]
Subject: =?UTF-8?Q?Vendor=20VPO=20Test=20?=
X-PHP-Originating-Script: 0:Email.php
User-Agent: CodeIgniter
Date: Fri, 16 Jul 2021 11:22:05 +0200
From:
Cc: [email protected]
Reply-To:
X-Sender: [email protected]
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="B_ALT_60f14fbd23d53"
I have made tests on https://www.mail-tester.com/ and it show 10/10
When I make a test on https://toolbox.googleapps.com/ it show:
error
DKIM authentication DNS setup.
DKIM technology is used to help detection of unauthorized mail that pretends to be sent out from your domain.
Invalid format of DKIM record.
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjYVyZyyl6T...
error
SPF must allow Google servers to send mail on behalf of your domain.
Decision SPF fail - not authorized
Record v=spf1 mx a ip4:000.000.000.000 -all
warning
No Google mail exchangers were found. Relay host configuration?
If you intentionally set up a mail server somewhere on your premises that automatically forwards all incoming mail to Google you may disregard this warning. Otherwise - this is a serious configuration error as it causes disruption of mail flow.
0 mail.example.com
info_outline
Effective SPF Address Ranges.
The following IP addresses are taken from the includes and IP4/IP6 directives within this domain's SPF record.
example.com.
000.000.000.000
I think the reason is the part of this page (Signing by Parent Domains):
https://datatracker.ietf.org/doc/html/rfc6376#section-3.10
If my thinking is correct! Would someone provide the correct format for the SPF record?
If I am wrong! I hope some help to figure out what's happening