Gmail reports SPF issues with emails sent from Thunderbird via postfix

This question is similar to the following question in the Mozilla forum. However, the answer given there to this question doesn't address the issue that I am seeing.

Question in Mozilla forum: https://support.mozilla.org/lt/questions/1369698

In other words, I'm having trouble getting Google to accept messages going to gmail.com addresses only when such messages are sent via Thunderbird. Messages sent with non-Thunderbird clients to the same gmail.com addresses with the same sender address from the same machine that Thunderbird runs on going out via the same SMTP server always arrive with no problem.

My situation is a bit complicated. To describe what is going on, I'll be using the following domain names:

localmachine-example.com -- my ubuntu-20.0.4 desktop machine upon which Thunderbird is running

postfix-example.com -- my debian-11 email server machine upon which postfix-3.5.18 is running

When I am using Thunderbird, I have it configured to send outgoing emails via SMTP using this host and port:

postfix-example.com/port=587

All domains handled by the postfix-example.com SMTP server have proper SPF, DKIM, and DMARC records that always are shown as being correct whenever I query their validity via various online domain-verification services.

For all email destinations except gmail.com addresses, when I send emails from Thunderbird running on localmachine-example.com, no matter what the sending address is, these messages go to my postfix server which then successfully routes them to the destination.

However, if the destination address is specifically a gmail.com address, the mail gets returned by Google with the following message. Suppose I'm sending the email to [email protected]. This is the message that comes back:

Jun 11 20:29:12 postfix-example postfix/smtp[1088941]: 81AC812C554:to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2607:f8b0:4002:c1b::1b]:25, delay=0.46, delays=0.16/0.01/0.02/0.25, dsn=5.7.25, status=bounced (host gmail-smtp-in.l.google.com[2607:f8b0:4002:c1b::1b] said: 550-5.7.25 [2600:3c02::f03c:93ff:febc:dd9e] The IP address sending this message 550-5.7.25 does not have a PTR record setup, or the corresponding forward DNS 550-5.7.25 entry does not point to the sending IP. As a policy, Gmail does not 550-5.7.25 accept messages from IPs with missing PTR records. Please visit 550-5.7.25  https://support.google.com/mail/answer/81126#ip-practices for more 550 5.7.25 information. g200-20020a0dddd1000000b0056d0485d928si2677570ywe.362 - gsmtp (in reply to end of DATA command)

No email destinations other than gmail.com addresses fail to accept similar messages that are sent via Thunderbird.

And please note the following carefully:

If instead of Thunderbird, I use the emacs "Wanderlust" email client to send the exact, same message from the exact, same localmachine-example.com machine to the exact, same [email protected] address, and routed through the exact same postfix-example.com/port=587 SMTP server, it arrives at the gmail.com destination with no problem.

In other words ...

(1) Both the Thunderbird client and the emacs "Wanderlust" email client are running on the same localmachine-example.com host.

(2) Both the Thunderbird client and the emacs "Wanderlust" email client are sending a message with the same sender address.

(3) Both the Thunderbird client and the emacs "Wanderlust" email client are sending a message with the same [email protected] recipient address.

(4) Both the Thunderbird client and the emacs "Wanderlust" email client are configured to send outgoing emails through the same SMTP server: postfix-example.com/port=587

(5) All emails sent via the emacs "Wanderlust" email client always arrive at the [email protected] address with no problems.

(6) However, all emails sent to gmail.com addresses via the Thunderbird client always bounce back with the error message that I posted above.

Does anyone know what I can do to configure Thunderbird to not cause this kind of error when I am sending to gmail.com addresses from my localmachine-example.com host?

Also, I get the exact, same behavior when sending via Seamonkey instead of Thunderbird.

Thank you very much in advance.

The error isn't complaining about SPF, it's telling you there's a lack of PTR record for 2600:3c02::f03c:93ff:febc:dd9e, and from here it appears there it doesn't have one. So Google is trying to do a reverse DNS lookup on the IP and expecting a result that points back to the mail server's A / AAAA record.

Presumably that's your Postfix server? Does it normally send using IPv6 or do other emails get sent via IPv4 and the PTR hasn't been setup for IPv6? Some setting in Postfix that's causing your Thunderbird to be sent via IPv6 instead? Or does that IP belong to your machine running Thunderbird, and for some reason when sending from that Postfix is retaining that IP as the source rather than changing it to its own?