Score:0

550-5.7.26 Unauthenticated email from domain is not accepted due on ERP only

id flag

I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems.

Below is the header for an email that was sent from my domain to Gmail and comes safely:

Message ID <[email protected]>

Created at: Fri, Jul 16, 2021 at 11:30 AM (Delivered after 4 seconds)

From: me

To: [email protected]

Subject: Check1

SPF: PASS with IP 000.000.000.000 (mail server IP) Learn more

DKIM: 'PASS' with domain domain.com Learn more

DMARC: 'PASS' Learn more

but when we use the below code to send from our ERP:

defined('BASEPATH') OR exit('No direct script access allowed');

class SendPO extends CI_Controller {
    var $role,$user,$brand;

    public function __construct()
    {
        parent::__construct();
        $this->load->helper('url');
    }

    public function index(){

        $mailTo = "[email protected]";
        $subject = "Mail check ";
   
        $config = Array(
            'protocol' => 'smtp',
            'smtp_host' => 'mail.example.com',
            'smtp_port' => 465,
            'smtp_user' => '[email protected]',
            'smtp_pass' => 'some-password',
            'charset'=>'utf-8',
            'validate'=>TRUE,
            'wordwrap'=> TRUE,
            'dkim_domain' => 'example.com',
            'dkim_private' => '/home/ubuntu/mail.private',
            'dkim_selector' => 'mail',
            'dkim_passphrase' => '',
        );

        $this->load->library('email', $config);
        $this->email->set_newline("\r\n");
 
        $this->email->from("[email protected]");
        $this->email->cc("[email protected]");
 
        // replace my mail by user it is just for testing
        $this->email->to($mailTo);
        $this->email->subject($subject);

        $msg="Mail check";
        //echo $msg;
        $this->email->message($msg);
        $this->email->set_header('Reply-To', $userMail);
        $this->email->set_mailtype('html');
        $this->email->send();
    }
}
?>

I see this mail "Returned mail: see transcript for details"

The original message was received on Fri, 16 Jul 2021 11:22:05 +0200

from erp.domain.com [127.0.0.1]

----- The following addresses had permanent fatal errors -----

(reason: 550-5.7.26 Unauthenticated email from example.com is not accepted due)

----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 Unauthenticated email from example.com is not accepted due
<<< 550-5.7.26 to domain's DMARC policy. Please contact the administrator of
<<< 550-5.7.26 example.com domain if this was a legitimate mail. 
Please
<<< 550-5.7.26 visit
<<< 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
<<< 550 5.7.26 DMARC initiative. g11si7705633pfc.152 - gsmtp

554 5.0.0 Service unavailable

Reporting-MTA: dns; erp.domain.com
Received-From-MTA: DNS; erp.domain.com
Arrival-Date: Fri, 16 Jul 2021 11:22:05 +0200

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 Unauthenticated email from example.com is not accepted due
Last-Attempt-Date: Fri, 16 Jul 2021 11:22:05 +0200


Return-Path:
Received: from erp.example.com (erp.example.com [127.0.0.1])
  by erp.example.com (8.15.2/8.15.2/Debian-3) with ESMTP id 16G9M5eY021733;
  Fri, 16 Jul 2021 11:22:05 +0200
Received: (from www-data@localhost)
  by erp.domain.com (8.15.2/8.15.2/Submit) id 16G9M5NP021732;
  Fri, 16 Jul 2021 11:22:05 +0200
X-Authentication-Warning: erp.domain.com: www-data set sender to [email protected] using -f
To: [email protected]
Subject: =?UTF-8?Q?Vendor=20VPO=20Test=20?=
X-PHP-Originating-Script: 0:Email.php
User-Agent: CodeIgniter
Date: Fri, 16 Jul 2021 11:22:05 +0200
From:
Cc: [email protected]
Reply-To:
X-Sender: [email protected]
X-Mailer: CodeIgniter
X-Priority: 3 (Normal)
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="B_ALT_60f14fbd23d53"

I have made tests on https://www.mail-tester.com/ and it show 10/10

When I make a test on https://toolbox.googleapps.com/ it show:

error

DKIM authentication DNS setup.

DKIM technology is used to help detection of unauthorized mail that pretends to be sent out from your domain.
Invalid format of DKIM record.

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjYVyZyyl6T...

error

SPF must allow Google servers to send mail on behalf of your domain.

Decision SPF fail - not authorized

Record v=spf1 mx a ip4:000.000.000.000 -all

warning

No Google mail exchangers were found. Relay host configuration?

If you intentionally set up a mail server somewhere on your premises that automatically forwards all incoming mail to Google you may disregard this warning. Otherwise - this is a serious configuration error as it causes disruption of mail flow.

0 mail.example.com

info_outline

Effective SPF Address Ranges.
The following IP addresses are taken from the includes and IP4/IP6 directives within this domain's SPF record.

example.com.

000.000.000.000

I think the reason is the part of this page (Signing by Parent Domains):

https://datatracker.ietf.org/doc/html/rfc6376#section-3.10

If my thinking is correct! Would someone provide the correct format for the SPF record?

If I am wrong! I hope some help to figure out what's happening

Score:0
id flag

I succeeded to fix this with other's help ... Thank you all dears. Note: Mail server IP is 000.000.000.000 ERP Server IP is 111.111.111.111 Shown reason for the issue: 550-5.7.26 Unauthenticated email from example.com is not accepted due to the domain's DMARC policy But the DKIM and DMARC are not the targets for fixing.

The root cause for the issue: ERP fail as the domain of [email protected] designates 111.111.111.111 (ERP's IP address) is not permitted, sender) [email protected]

How it solved: 1- Updated the code in ERP "send-email.php" file

$config = Array(
    'protocol' => 'smtp',
    'smtp_host' => 'mail.example.com',
    'smtp_port' => 465,
    'smtp_user' => '[email protected]',
    'smtp_pass' => 'password',
    'charset'=>'utf-8',
    'validate'=>TRUE,
    'wordwrap'=> TRUE,
    'dkim_domain' => 'example.com',
    'dkim_selector' => 'mail',

2- Equipped the Mail service daemon on the ERP server with relay sending capabilities as shown in the below tutorial. https://www.bonusbits.com/wiki/HowTo:Configure_SendMail_to_Use_SMTP_Relay

4- Updated the DNS records in the hosting company Cpanel to fit the modifications that were made.

  • In the TXT section updated:

Host Record: @ TXT Value: v=spf1 mx a ip4:000.000.000.000 ip4:111.111.111.111 ~all

And updated: Host Record: mail TXT Value: v=spf1 mx a ip4:000.000.000.000 ip4:111.111.111.111 -all

Again I would like to thank you all for any information and effort you have made through the last days :)

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.