Skip to main content

DMARC policy rejecting standard (and legitimate) Paypal emails?

Comments

10 comments

  • ffeingol

    Your looking at it backwards.  It's paypal's DMARC policy that's telling your server to reject it, because it does not meet the policy.  Since PayPal would more than likely have their DMARC policy 100% dialed in, those are more than likely spam/forged emails.  You'd have to look at the source IP etc.

    1
  • Serb

    But they are not spam or forged emails, because I know for a fact they are notifications from Paypal directly as I've gotten Push notifications in my mobile of certain transactions but haven't received those via email at all... until I found this in cPanel and realized those emails were blocked at the source somehow.

    As in, I haven't received a single email from Paypal in months now, whereas I receive tons of Push notifications in the mobile app about transactions and such. So yes, these emails are legitimate and are somehow being blocked, either by my server or by Paypal, which I doubt as they're the ones sending them to begin with. So it's gotta be my server somehow, I just don't know where/what setting this is to turn it off or adjust if possible to let these emails through. 

    0
  • cPRex Jurassic Moderator

    I would start by checking the full log in /var/log/exim_mainlog to confirm these messages really are from PayPal.

    0
  • Serb

    I am telling you they are, 200%. Because I expected those emails to arrive at that exact time, but they never did, and I did get the push notifications in the app about those at the same time. So likelihood of someone spoofing Paypal at the EXACT same time I'm expecting the legitimate emails to arrive is pretty much zero.

    0
  • cPRex Jurassic Moderator

    Sure, but we'd still need to see the log data in order to find out what is happening on the server.

    0
  • Serb

    Sure, looking it up in that log here's what I get (my emails are obfuscated for obvious reasons and replace with MY@EMAIL.com):


    2024-01-26 06:36:13 1rTKVK-00BSC1-2E <= service@intl.paypal.com H=mx3.slc.paypal.com [173.0.84.228]:24803 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=37178 DKIM=intl.paypal.com id=27.44.09559.40993B56@ccg13mail05 T="You received a payment" for MY@EMAIL.com

    2024-01-26 06:36:16 1rTKVK-00BSC1-2E ** MY@EMAIL.com (MY@EMAIL.com) <MY@EMAIL.com> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [64.233.177.27] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.26 Unauthenticated email from paypal.com is not accepted due to domain's\n550-5.7.26 DMARC policy. Please contact the administrator of paypal.com domain\n550-5.7.26 if this was a legitimate mail. To learn about the DMARC initiative,\n550-5.7.26 go to\n550 5.7.26  https://support.google.com/mail/?p=DmarcRejection p137-20020a0de68f000000b005ff397954f7si399140ywe.267 - gsmtp

    2024-01-26 07:06:04 1rTKyD-00BXRW-33 <= service@intl.paypal.com H=mx1.slc.paypal.com [173.0.84.226]:2844 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=34725 DKIM=intl.paypal.com id=97.56.16243.300A3B56@ccg13mail03 T="We're transferring money to your bank" for MY@EMAIL.com

    2024-01-26 07:06:15 1rTKyD-00BXRW-33 ** MY@EMAIL.com (MY@EMAIL.com) <MY@EMAIL.com> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [64.233.177.27] X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.26 Unauthenticated email from paypal.com is not accepted due to domain's\n550-5.7.26 DMARC policy. Please contact the administrator of paypal.com domain\n550-5.7.26 if this was a legitimate mail. To learn about the DMARC initiative,\n550-5.7.26 go to\n550 5.7.26  https://support.google.com/mail/?p=DmarcRejection r190-20020a252bc7000000b00dbee493c481si447358ybr.91 - gsmtp

     

    Does that help?

    0
  • cPRex Jurassic Moderator

    Since Google is the one rejecting the message, it seems you would need to speak with them as that wouldn't be a cPanel issue. 

    0
  • mtindor

    So you actually have your Paypal emails coming into some account hosted on your server, and then being forwarded off to Gmail?   That would sort of explain it since Gmail might see those emails as coming from your server with a Paypal from address.   The exception should be IF you have SRS enabled.  IF you have SRS enabled, it should appropriately rewrite the address as it gets forwarded out of cPanel to Gmail.

    And if youraccount@onyourserver.com is not collecting those Paypal emails, it sounds like you only have a forwarder set up to forward youraccount@onyourserver.com to Gmail and may want to rethink that policy and have both a local youraccount@onyourserver.com mailbox and a forwarder to Gmail (so that copies are collected in your youraccount@onyourserver.com account) just in case they don't make it to Gmail.

    0
  • rbairwell

    So you actually have your Paypal emails coming into some account hosted on your server, and then being forwarded off to Gmail? 

    This was also my conclusion looking at the messages in the screenshot. If you want all your emails in your Gmail account, it's better to have Gmail fetch them from your server instead of forwarding them: to set this up in your Gmail account, click the cog, click "See all settings"->"Accounts and import" and then "Check email from other accounts->Add an email account" and provide the cPanel MAP login details The only disadvantage is that Gmail only really checks for new email once an hourish.

    0
  • mtindor

    I agree with the idea that its typically better to have Gmail fetch them.  But be aware, Gmail is LOUSY at properly filtering incoming emails that it fetchs.   In my experience, in the Gmail fetch scenario, Gmail often falsely tags legit emails as spam and falsely tags spam emails as legit.   Gmail's spam filtering works better [in my experience] if the email is being forwarded into Gmail.  Unfortunately, doing that can cause the issue we are discussing :(

     

    0

Please sign in to leave a comment.