Join Log in
Score:-1
Jacksonkr avatar Ubuntu

Postfix outbound mail not passing SPF checks for gmail

st flag
Jacksonkr

Scenario

I've had my mail with mediatemple for years but now that godaddy acquired them they have cut off my outbound mail and when I call in they are pushing microsoft 360 SO I've decided to roll my own mail.

I have postfix setup with spf and all seems well except that gmail shuts down my test emails every time:

<[email protected]>: host gmail-smtp-in.l.google.com[74.125.137.27]
    said: 550-5.7.26 This mail is unauthenticated, which poses a security risk
    to the 550-5.7.26 sender and Gmail users, and has been blocked. The sender
    must 550-5.7.26 authenticate with at least one of SPF or DKIM. For this
    message, 550-5.7.26 DKIM checks did not pass and SPF check for
    [ve.x.vesrv.com] 550-5.7.26 did not pass with ip: [x.x.x.x]. The
    sender should visit 550-5.7.26
    https://support.google.com/mail/answer/81126#authentication for 550 5.7.26
    instructions on setting up authentication.
    y14-20020a056a001c8e00b0067f03c85d73si2102348pfw.115 - gsmtp (in reply to
    end of DATA command)

Question

Mail gets delivered to my own domain, but how can I get it delivered to my gmail address ?

more details

  • 72.x.x.x is my ubuntu server, which is under the umbrella of vserv.com
  • x.com is my domain

my dns TXT record is v=spf1 ip4:72.x.x.x include:ve.x.vesrv.com include:_spf.google.com -all

and my main.cf is

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ve.6ryrfw2g.vesrv.com
#myhostname = mail.x.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ve.x.vesrv.com, localhost.x.vesrv.com, , localhost
#mydestination = $myhostname, x.com, localhost.localdomain, localhost
#mydestination = localhost.$mydomain, localhost, $myhostname
#masquerade_domains = x.com
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all

### custom ###

#spf

policy-spf_time_limit = 3600s

smtpd_recipient_restrictions =
     ...
     permit_sasl_authenticated
     permit_mynetworks
     reject_unauth_destination
     check_policy_service unix:private/policy-spf
     ...
127
1 + 0
Score:0
Jacksonkr avatar Ubuntu
st flag
Jacksonkr

After getting SPF working, I started getting a new response from gmail

<[email protected]>: host gmail-smtp-in.l.google.com[142.251.2.26]
    said: 550-5.7.25 [72.x.x.x] The IP address sending this message does not
    have a PTR 550-5.7.25 record setup, or the corresponding forward DNS entry
    does not point 550-5.7.25 to the sending IP. As a policy, Gmail does not
    accept messages from 550-5.7.25 IPs with missing PTR records. Please visit
    550-5.7.25  https://support.google.com/mail/answer/81126#ip-practices for
    more 550 5.7.25 information.
    q25-20020a635059000000b0055384329027si1633035pgl.566 - gsmtp (in reply to
    end of DATA command)

As this is an error about reverse DNS not matching I ultimately had to contact GoDaddy, the owner of my ip block, and request that they set up a reverse dns PTR record for my specific IP.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.