Project

General

Profile

Actions

tickets #109025

open

gmail rejects mails from cboltz@o.o - SPF/DKIM/DMARC issue

Added by cboltz over 2 years ago. Updated over 1 year ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Email
Target version:
-
Start date:
2022-03-27
Due date:
% Done:

50%

Estimated time:

Description

I tried to send a mail with cboltz@o.o as sender (using my own mail server), but gmail rejected it:

<REDACTED@gmail.com>: host gmail-smtp-in.l.google.com[142.250.153.26] said:
    550-5.7.26 This message does not have authentication information or fails
    to 550-5.7.26 pass authentication checks. To best protect our users from
    spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26
    https://support.google.com/mail/answer/81126#authentication for more 550
    5.7.26 information.

Sending a mail with nearly the same content and using the same server, but using a mail address @cboltz.de as sender worked without problems.

This looks like a problem with the SPF and/or DKIM and/or DMARC settings for opensuse.org. A test mail to https://www.kbxscore.com with cboltz@o.o as sender gets reported as

DKIM:  FAIL     No DKIM authentication signature found in this email message.
SPF:   SOFTFAIL (domain owner discourages use of this host) identity=mailfrom; client-ip=88.99.101.17; helo=mail.cboltz.de; envelope-from=REDACTED@opensuse.org; receiver=REDACTED@kbxscore.com
DMARC: FAIL      Uh-oh! Message did not pass DMARC checks. No DKIM signature found for opensuse.org. DMARC policy for opensuse.org: p=none;​ pct=100;​ rua=mailto:admin-auto@opensuse.org!5m;​ ruf=mailto:admin-auto@opensuse.org!5m 

The missing DKIM signature and the SPF softfail are not surprising - since we don't offer a SMTP server for our members to send out mails as $member@o.o, I have to use my own server (which of course can't create a DKIM signature for o.o, and also is outside of the IP range in the SPF entry).

Looking at the reports on admin-auto, it seems I'm not the only one who suffers from this problem.

I'm afraid there are only two ways how we can fix that:

  • stop using SPF, DKIM and DMARC for opensuse.org - or -
  • provide a SMTP server the members can use

Related issues 2 (0 open2 closed)

Related to openSUSE admin - tickets #111536: Informing users who have been bounced by Google due to our misconfigured spf record for lists.o.oResolvedpjessen2022-05-24

Actions
Related to openSUSE admin - tickets #116938: sending o.o mails to gmail account not possibleClosed2022-09-21

Actions
Actions

Also available in: Atom PDF