Re: started getting 550 #5.7.1 SPF unauthorized mail
Dominic Raferd: > On 25/08/2022 04:41, li...@sbt.net.au wrote: > > I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email > > to several recipients, that's been in use since long time. > > > > today noticed one of these addresses started bouncing with '5.7.1 SPF > > unauthorized mail' since just today: One or more of the following has changed: - The owner of the envelope sender domain changed their SPF policy in DNS, - The receiving SMTP server uses different SPF enforcement settings. - The sending SMTP client uses a different SMTP client IP address, - The sending SMTP client sends a different ehlo command (default: smtp_helo_name = $myhostname), - The sending SMTP client sends a different envelope sender address (logged by qmgr, but may be changed with smtp_generic_maps). Wietse
Re: started getting 550 #5.7.1 SPF unauthorized mail
On 25/08/2022 04:41, li...@sbt.net.au wrote: I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email to several recipients, that's been in use since long time. today noticed one of these addresses started bouncing with '5.7.1 SPF unauthorized mail' since just today: what am I doing wrong ? worked: Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok: Message 199653922 accepted) no longer: Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) looking at the log is see: # grep 4678220053B /var/log/maillog Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B: client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49] Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B: message-id= Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse authentication-results: header field Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification successful Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring Authentication-Results at 1 from geko.sbt.net.au Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom): tld.com.au pass Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B: from=, size=629054, nrcpt=8 (queue active) Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN {RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] -> , Queue-ID: 4678220053B, Message-ID: , mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 4939 ms Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed # # grep 5C7FE2004D9 /var/log/maillog Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9: client=localhost[127.0.0.1] Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9: message-id= Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9: from=, size=629970, nrcpt=1 (queue active) Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN {RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] -> , Queue-ID: 4678220053B, Message-ID: , mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 4939 ms Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender non-delivery notification: 0C96B21C52C Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed mail_version = 3.7.2 SPF works by checking the SPF record for the domain specified in the mail *envelope*. If the IP from which the email has been received does not meet the SPF record criteria, it is an SPF fail. My impression is that a number of email providers (including Gmail) have become much stickier about refusing emails that fail SPF testing of late, and it seems that tpg.com.au is one of them. When you relay an incoming mail out to your mailing list subscribers you are retaining the original mail return address in the header, but the mail is coming from your IP, not the original sender's. For this sender it will result in an SPF failure because their SPF record (tld.com.au) at the time of writing is 'v=spf1 include:spf.protection.outlook.com -all'. A
Re: started getting 550 #5.7.1 SPF unauthorized mail
On 25.08.22 13:41, li...@sbt.net.au wrote: I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email to several recipients, that's been in use since long time. Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B: client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49] Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B: message-id= Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B: from=, size=629054, nrcpt=8 (queue active) Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9: client=localhost[127.0.0.1] Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9: message-id= Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9: from=, size=629970, nrcpt=1 (queue active) Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender non-delivery notification: 0C96B21C52C Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed - you accept mail from b...@tld.com.au to ct...@sbt.net.au - you forward the mail to g...@tpg.com.au, from address is b...@tld.com.au - destination mail server asav.tpg.com.au refuses mail from @tld.com.au because your server is not allowed to send mail from @tld.com.au I see a few possible solutions: - use real mailing list software like mailman, it will rewrite the sender address - set expand_owner_alias=yes and create owner-g...@tpg.com.au in aliases: http://www.postfix.org/postconf.5.html#expand_owner_alias I guess the g...@tpg.com.au is defined in alias_maps, not virtual_alias_maps - use SRS scheme to rewrite sender addresses for forwarded mail. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
Re: started getting 550 #5.7.1 SPF unauthorized mail
On 2022-08-24 at 23:41:06 UTC-0400 (Thu, 25 Aug 2022 13:41:06 +1000) is rumored to have said: I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email to several recipients, that's been in use since long time. today noticed one of these addresses started bouncing with '5.7.1 SPF unauthorized mail' since just today: SPF is a tool for sanity-checking the SMTP envelope sender address against the sending IP. It is rare for sites to absolutely reject mail for SPF failures, but some do. This looks like it COULD be a changed config on one machine (asav.tpg.com.au) to enforce SPF. Simple alias expansion (and ~/.forward forwarding) is intrinsically incompatible with SPF enforcement. This is why people use full mailing list management software like Mailman. what am I doing wrong ? You're sending out mail using an IP that's not in the SPF record for the envelope sender. If this is simple alias expansion, your system retains the original envelope sender on forwarded messages and SPF will fail (if there's a SPF record for the original sender) at every step in the delivery after that. It seems that all of your failures are when sending via asav.tpg.com.au. You may be able to get help from whoever decided to strictly enforce SPF on that machine. worked: Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok: Message 199653922 accepted) no longer: Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) looking at the log is see: # grep 4678220053B /var/log/maillog Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B: client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49] Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B: message-id= Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse authentication-results: header field Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification successful Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring Authentication-Results at 1 from geko.sbt.net.au Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom): tld.com.au pass Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B: from=, size=629054, nrcpt=8 (queue active) Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN {RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] -> , Queue-ID: 4678220053B, Message-ID: , mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 4939 ms Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed # # grep 5C7FE2004D9 /var/log/maillog Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9: client=localhost[127.0.0.1] Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9: message-id= Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9: from=, size=629970, nrcpt=1 (queue active) Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN {RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] -> , Queue-ID: 4678220053B, Message-ID: , mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 4939 ms Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF
started getting 550 #5.7.1 SPF unauthorized mail
I have a simple 'mail list' where an alias 'ct...@sbt.net.au' sends email to several recipients, that's been in use since long time. today noticed one of these addresses started bouncing with '5.7.1 SPF unauthorized mail' since just today: what am I doing wrong ? worked: Aug 23 09:27:25 geko postfix/smtp[12957]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 23 09:27:27 geko postfix/smtp[12957]: 3119E21C52F: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.03/0/0.73/1.2, dsn=2.0.0, status=sent (250 ok: Message 199653922 accepted) no longer: Aug 25 09:22:29 geko postfix/smtp[19538]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 25 09:22:30 geko postfix/smtp[19538]: 61DA820053B: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=1.9, delays=0.08/0.02/0.74/1, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) Aug 25 09:39:17 geko postfix/smtp[26188]: Untrusted TLS connection established to asav.tpg.com.au[27.32.32.10]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) looking at the log is see: # grep 4678220053B /var/log/maillog Aug 25 09:38:55 geko postfix/smtpd[21733]: 4678220053B: client=mail-me3aus01on2049.outbound.protection.outlook.com[40.107.108.49] Aug 25 09:38:55 geko postfix/cleanup[26173]: 4678220053B: message-id= Aug 25 09:38:56 geko opendkim[930]: 4678220053B: failed to parse authentication-results: header field Aug 25 09:38:56 geko opendkim[930]: 4678220053B: DKIM verification successful Aug 25 09:38:56 geko opendmarc[908]: 4678220053B ignoring Authentication-Results at 1 from geko.sbt.net.au Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: SPF(mailfrom): tld.com.au pass Aug 25 09:38:56 geko opendmarc[908]: 4678220053B: tld.com.au none Aug 25 09:38:56 geko postfix/qmgr[23312]: 4678220053B: from=, size=629054, nrcpt=8 (queue active) Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN {RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] -> , Queue-ID: 4678220053B, Message-ID: , mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 4939 ms Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:44:04 geko postfix/qmgr[23312]: 4678220053B: removed # # grep 5C7FE2004D9 /var/log/maillog Aug 25 09:39:17 geko postfix/smtpd[26177]: 5C7FE2004D9: client=localhost[127.0.0.1] Aug 25 09:39:17 geko postfix/cleanup[26173]: 5C7FE2004D9: message-id= Aug 25 09:39:17 geko postfix/qmgr[23312]: 5C7FE2004D9: from=, size=629970, nrcpt=1 (queue active) Aug 25 09:39:17 geko amavis[23896]: (23896-16) Passed CLEAN {RelayedOpenRelay}, [40.107.108.49]:3695 [40.107.108.49] -> , Queue-ID: 4678220053B, Message-ID: , mail_id: ecrv8dP6h0oa, Hits: -1.712, size: 629477, queued_as: 5C7FE2004D9, 4939 ms Aug 25 09:39:17 geko postfix/smtp[26175]: 4678220053B: to=, orig_to=, relay=127.0.0.1[127.0.0.1]:10024, delay=22, delays=1.2/16/0.01/4.9, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5C7FE2004D9) Aug 25 09:39:18 geko postfix/smtp[26188]: 5C7FE2004D9: to=, relay=asav.tpg.com.au[27.32.32.10]:25, delay=0.64, delays=0.05/0.01/0.26/0.33, dsn=5.0.0, status=bounced (host asav.tpg.com.au[27.32.32.10] said: 550 #5.7.1 SPF unauthorized mail is prohibited. (in reply to DATA command)) Aug 25 09:39:18 geko postfix/bounce[26219]: 5C7FE2004D9: sender non-delivery notification: 0C96B21C52C Aug 25 09:39:18 geko postfix/qmgr[23312]: 5C7FE2004D9: removed mail_version = 3.7.2