Login/Register
This message does not have authentication information or fails to 550-5.7.26 pass authentication checks
Asked Answered
Solved gmailsendmailspfdkimdmarc
H

2

9

I have problem with google and I can't send email to any gmail or Gsuite emails got report from mail server log

Feb 17 12:16:30 server postfix/smtp[19451]: 853E35E55A: to=<[email protected]>, 
relay=aspmx.l.google.com[209.85.144.27]:25, delay=0.38, delays=0.05/0/0.15/0.17, 
dsn=5.7.26, status=bounced (host aspmx.l.google.com[209.85.144.27] said: 550-5.7.26 This 
message does not have authentication information or fails to 550-5.7.26 pass 
authentication checks. To best protect our users from spam, the 550-5.7.26 message has 
been blocked. Please visit 550-5.7.26  
https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 
information. w19si7586061qkp.34 - gsmtp (in reply to end of DATA command))

and I'm not blacklisted in any spam website ( I do check in most of website which provide blocklist checker)

also I didn't have any problem in SPF or DKIM or DMARC

here is SPF checker https://prnt.sc/26xomwz

here is DKIM checker https://prnt.sc/26xoodg

here is DMARC checker https://prnt.sc/26xopgo

here is DMARC report from google

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>[email protected]</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>10254909114662490508</report_id>
    <date_range>
      <begin>1644969600</begin>
      <end>1645055999</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>cbs-canon.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>5.161.45.186</source_ip>
      <count>187</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>server.cbs-canon.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>server.cbs-canon.com</domain>
        <result>fail</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>server.cbs-canon.com</domain>
        <result>none</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
      <source_ip>5.161.45.186</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>cbs-canon.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>cbs-canon.com</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>cbs-canon.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

how can I know where is the problem

Hawks answered 17/2, 2022 at 11:34 Comment(0)
B
4

That is odd. The sending source IP is definitely in your SPF, and the DMARC record includes aspf=r, so the header from address in a child domain is valid and matches. I'd also note that your DMARC has p=quarantine, but gmail is acting like it's reject. This is gmail though, so you can't expect it to behave well.

I expect that the problem is that you don't have an SPF record set for server.cbs-canon.com, so make sure that exists and allows the same sources as cbs-canon.com. It looks like you're not doing DKIM signatures either, meaning that both SPF and DKIM are failing, resulting in a DMARC failure. Try adding that DNS record, or redirecting/including server. to your root domain.

Bainmarie answered 17/2, 2022 at 12:0 Comment(4)
perfect, there was miss configuratation in DKIM signatures.. I have fixed them and also I have disable bounce notification for root@hostname, because it was caching the bounce messageHawks
but I have another problem, emails got to the SPAM folder. I found that CSF sending emails from root@hostname (which hostname in my current hostname), and it's marked as spam.. as CSF is sending many messages, all of them are sent to SPAM .. even if I marked them as non-spam.. still, any email from CSF and other normal email send to spam.. Gmail said Why is this message in spam? It is similar to messages that were identified as spam in the past.Hawks
Is CSF your firewall software? If it is sending as a non-routable, possibly single-label domain, then it will be downgraded in reputation by many Mailbox Service Providers. Because multitude of checks cant be performed or fail. Try and configure a proper FROM address/domain instead.Insubordinate
Unfortunately with gmail it’s probably more accurately “messages that we misidentified as spam before”. Good point by @Insubordinate though – make sure you’re using a full domain, not just a bare hostname in your from address.Bainmarie
I
1

Adding more info for @Synchro 's answer.

It is the fact that the Return-Path address is using the server.cbs-canon.com domain and there is no SPF record in that zone. You only need an SPF record for the domain used in your Return-Path address. For your server's emails that would be server.cbs-canon.com. For Google that would probably be just cbs-canon.com.

The same goes for DKIM. The receiving server is checking for the selector named default in the domain server.cbs-canon.com (so doing a query for TXT record default._domainkey.server.cbs-canon.com), which does not exist.

DMARC will then check if either the SPF (Return-Path) or DKIM (d=) domain aligns with the Header.From domain (or sharing the oranizational domain in case of relaxed mode).

Probably the easiest fix for you right now is to copy the SPF TXT record and DKIM selector record to the server.cbs-canon.com domain.

Insubordinate answered 18/2, 2022 at 9:28 Comment(1)
thanks for your notes, its also applied and the email now is sent.. but as my last reply for @Synhro its send to SPAM folderHawks

© 2022 - 2024 — McMap. All rights reserved.