Unauthenticated email... is not accepted due to domain's DMARC policy
I'm working with a hosting client. He has a form on his site (that I wrote in Perl) that:
1. sends a plain-text email through /usr/sbin/sendmail ;
2. the "to" is his email address on the server that forwards to a Gmail address;
3. the return address is entered by the user that submitted the form.
When someone submitted it yesterday using their Yahoo address in the "from" field, it sent an error message to nobody@server_name.com:
Of course, the support page given was useless: # changed the IP for this post, of course his_domain.com. 14400 IN TXT "v=spf1 +a +mx +ip4:123.45.67.89 ~all" default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=[key]\; _dmarc 14400 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:hostmaster@mydomain.com;ruf=mailto:hostmaster@mydomain.com"
MXToolbox shows no errors with the MX records. I have another client with a contact form that had a similar problem a few weeks ago, but their site is slow so I forgot about it until now. But that means that the issue isn't isolated to this domain, it's definitely a setting somewhere. Any thoughts?
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
clients_name@gmail.com
(generated from client_email@his_domain.com)
host gmail-smtp-in.l.google.com [142.250.115.26]
SMTP error from remote mail server after end of data:
550-5.7.26 Unauthenticated email from yahoo.com is not accepted due to domain's
550-5.7.26 DMARC policy. Please contact the administrator of yahoo.com domain
550-5.7.26 if this was a legitimate mail. Please visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
550 5.7.26 DMARC initiative. b24si10524548oob.80 - gsmtpOf course, the support page given was useless: # changed the IP for this post, of course his_domain.com. 14400 IN TXT "v=spf1 +a +mx +ip4:123.45.67.89 ~all" default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=[key]\; _dmarc 14400 IN TXT "v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:hostmaster@mydomain.com;ruf=mailto:hostmaster@mydomain.com"
MXToolbox shows no errors with the MX records. I have another client with a contact form that had a similar problem a few weeks ago, but their site is slow so I forgot about it until now. But that means that the issue isn't isolated to this domain, it's definitely a setting somewhere. Any thoughts?
-
I'm pretty sure that DMARC will not sign the email if it's routed through /usr/sbin/sendmail. You have to use actual SMTP commands and authenticate to have it DKIM signed. 0 -
What @ffeingol said sounds right to me. You could further confirm this by comparing the message from your form to a message sent through webmail and see if they show up differently in the exim_mainlog. 0 -
Well that's disappointing, I didn't have this problem until this year when I moved everything to a new server :-( What's weird is that my own site has a contact form that uses sendmail to send to my Gmail address, and I don't seem to have any problem getting those emails! Did I somehow change my own Gmail to allow unauthenticated email, and either didn't know it or forgot that I did it? @ffeingol, when you say "use actual SMTP commands and authenticate", can you be more specific? Are you thinking about something like this (an example I found, not my own): use MIME::Lite; use Net::SMTP; my $host = 'mail.domain.com'; my $user = 'user@domain.com'; my $pass = 'password1234'; MIME::Lite->send('smtp', $host, AuthUser => $user, AuthPass => $pass); my $msg = MIME::Lite->new( From => $from, To => $to, Subject => 'Foo', Type => 'text/plain; charset=UTF-8', Encoding => 'quoted-printable', Data => 'Hello world!' ); $msg->send;0 -
@GoWilkes that code looks correct. It's using a user-id/password, so it's authenticating. Do you have a DMARC policy for your domain? It's their DMARC policy that is more than likely causing the issue: What is a DMARC Policy? All about the 3 policies - DMARC Analyzer 0 -
[quote] Do you have a DMARC policy for your domain?
I do, and it's the same as for the client. The SPF is the same, too, so it makes no sense to me...0
Please sign in to leave a comment.
Comments
5 comments