[pfx] Re: [ext] gmail failing SPF/DKIM
On 2023-11-28 at 06:21:14 UTC-0500 (Tue, 28 Nov 2023 11:21:14 +) Linkcheck via Postfix-users is rumored to have said: If it's only "largely redundant" I would expect G to possibly ignore it but not fail on it. The expectations of others are known to be poor predictors of GMail behavior. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
> ipv6 I have... inet_protocols = ipv4 ... with no AAA record But thanks anyway, Peter. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
If it's only "largely redundant" I would expect G to possibly ignore it but not fail on it. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
This doesn't help much, except to show that things look good for protonmail. Protonmail doesn't appear to have IPv6 support while google does. It is entirely possible that you're trying to send to google via IPv6 and you don't have an record for mail.bristolweb.net. This would result in SPF failing when an IPv6 connection is established. This, of course, is just a WAG. If you want someone to review the issues with google then you'll need to show headers and/or logs from the connection to google. Protonmail headers doesn't really help for this. Peter On 28/11/23 05:50, Linkcheck via Postfix-users wrote: I know that comment was not aimed at me but: I meant to include the protonmail header at the outset but forgot. Sorry. Below is all the header except protonmail's anti-spam section; I hope it helps. == Return-Path: X-Original-To: linkch...@protonmail.com Delivered-To: linkch...@protonmail.com Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=linkcheck.co.uk header.a=rsa-sha256 Authentication-Results: mail.protonmail.ch; dmarc=pass (p=reject dis=none) header.from=linkcheck.co.uk Authentication-Results: mail.protonmail.ch; spf=pass smtp.mailfrom=linkcheck.co.uk Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=185.35.151.121 Authentication-Results: mail.protonmail.ch; dkim=pass (2048-bit key) header.d=linkcheck.co.uk header.i=@linkcheck.co.uk header.b="aME9BZCV" Received: from mail.bristolweb.net (mail.bristolweb.net [185.35.151.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailin029.protonmail.ch (Postfix) with ESMTPS id 4Sf5mk3JF0z9vNQc for ; Mon, 27 Nov 2023 13:20:22 + (UTC) Received: from bristolweb.net (unknown [185.35.148.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.bristolweb.net (Postfix) with ESMTPSA id 3C22E320306 for ; Mon, 27 Nov 2023 13:20:13 + (GMT) Dkim-Filter: OpenDKIM Filter v2.10.3 mail.bristolweb.net 3C22E320306 Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkcheck.co.uk; s=mail; t=1701091213; bh=S5/3sqlIYmgIYOvNb2ssVfXYaWT2GE56yHcXn92FzLc=; h=Date:To:From:Reply-To:Subject:From; b=aME9BZCVwQl1Dqp2qfjODGJpk6O40QkJVPwTd8lYpx2RJIbCgQxga0bDZQPeP/HQv t7TcyAC3spO0qI0STwEqgDTdv26WsLMNtKNP2Bwjy/WtKqA0PAKIQ3ccQo8pWE1OvL 0DgCcd+vvGea8x+xej8E4lxVNOcLRapqgIW9Rosocjo5MlQ0pRiREbL4Bbth9gIXTr dL1VCSHA9ihF/aiRI+zIhehL+sA0tqoZOH1j+LNOjSVnMuaO6Mnph/gyR9de8aGZtc h/YgRaT2MVLNf6ntsk6qRKzuTJ2/9XKr71uotxbKAHLn6HzzB9nXoPPRvxGMn2obRR Fif83WWl/CJ7w== Date: Mon, 27 Nov 2023 13:20:13 + To: Dave Stiles From: EnquiryForm Reply-To: EnquiryForm Subject: Linkcheck Enquiry: Ref LK_XK27131943E Message-Id: X-Mailer: BW-4 X-Originating-Ip: 46.33.129.43 X-Form-Host: www.linkcheck.co.uk X-Complaints-To: abuse (at) bristolweb.net Mime-Version: 1.0 Content-Type: text/plain == ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
On Mon, Nov 27, 2023 at 04:50:55PM +, Linkcheck via Postfix-users wrote: > Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkcheck.co.uk; > s=mail; > t=1701091213; bh=...; > h=Date:To:From:Reply-To:Subject:From; > b=... Have you tried leaving out the largely redundant "s=" from your DKIM key record? Compare: mail._domainkey.linkcheck.co.uk. TXT"v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz7F7+W2AovZpw0lRMW/6HjaFsD8iyUsH0x/whIFNGobLP0cRiVaUmKQr62C69HMl+DpilTgtrwa3S/8i63Ym7yNeMSxsV+vbCnH9eq2l2bs6Z1MzZOLb50OmTgr6El6El1Wt/VEJc7m6rcatFpGxZWtLljaVlGwtFlpZwMYm" "RI20FieK6oYl+adOyZHWdGTc7DKtHjwz0/LCwuG4bfJhXxqd56dbY33cPl/xoc3I/Sts9b8pqWtb0R9h96S4wsCYW5Egai2a2Y0Xxa/ND5Ftv6WmXPWqiWAfkRBwVxAA20WCrVTH9+3sZhtpAXmZjC3S7axsBqSl3jmtLf4zu19uQIDAQAB" 20230601._domainkey.google.com. TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zd3nfUoLHWFbfoPZzAb8bvjsFIIFsNypweLuPe4M+vAP1YxObFxRnpvLYz7Z+bORKLber5aGmgFF9iaufsH1z0+aw8Qex7uDaafzWoJOM/6lAS5iI0JggZiUkqNpRQLL7H6E7HcvOMC61nJcO4r0PwLDZKwEaCs8gUHiqRn/SS3wqEZX29v/VOUVcI4BjaOz" "OCLaz7V8Bkwmj4Rqq4kaLQQrbfpjas1naScHTAmzULj0Rdp+L1vVyGitm+dd460PcTIG3Pn+FYrgQQo2fvnTcGiFFuMa8cpxgfH3rJztf1YFehLWwJWgeXTriuIyuxUabGdRQu7vh7GrObTsHmIHwIDAQAB" Perhaps Google's DKIM implementation does not like "s="? I expect it does support "sha256"... -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
I know that comment was not aimed at me but: I meant to include the protonmail header at the outset but forgot. Sorry. Below is all the header except protonmail's anti-spam section; I hope it helps. == Return-Path: X-Original-To: linkch...@protonmail.com Delivered-To: linkch...@protonmail.com Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=linkcheck.co.uk header.a=rsa-sha256 Authentication-Results: mail.protonmail.ch; dmarc=pass (p=reject dis=none) header.from=linkcheck.co.uk Authentication-Results: mail.protonmail.ch; spf=pass smtp.mailfrom=linkcheck.co.uk Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=185.35.151.121 Authentication-Results: mail.protonmail.ch; dkim=pass (2048-bit key) header.d=linkcheck.co.uk header.i=@linkcheck.co.uk header.b="aME9BZCV" Received: from mail.bristolweb.net (mail.bristolweb.net [185.35.151.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailin029.protonmail.ch (Postfix) with ESMTPS id 4Sf5mk3JF0z9vNQc for ; Mon, 27 Nov 2023 13:20:22 + (UTC) Received: from bristolweb.net (unknown [185.35.148.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.bristolweb.net (Postfix) with ESMTPSA id 3C22E320306 for ; Mon, 27 Nov 2023 13:20:13 + (GMT) Dkim-Filter: OpenDKIM Filter v2.10.3 mail.bristolweb.net 3C22E320306 Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkcheck.co.uk; s=mail; t=1701091213; bh=S5/3sqlIYmgIYOvNb2ssVfXYaWT2GE56yHcXn92FzLc=; h=Date:To:From:Reply-To:Subject:From; b=aME9BZCVwQl1Dqp2qfjODGJpk6O40QkJVPwTd8lYpx2RJIbCgQxga0bDZQPeP/HQv t7TcyAC3spO0qI0STwEqgDTdv26WsLMNtKNP2Bwjy/WtKqA0PAKIQ3ccQo8pWE1OvL 0DgCcd+vvGea8x+xej8E4lxVNOcLRapqgIW9Rosocjo5MlQ0pRiREbL4Bbth9gIXTr dL1VCSHA9ihF/aiRI+zIhehL+sA0tqoZOH1j+LNOjSVnMuaO6Mnph/gyR9de8aGZtc h/YgRaT2MVLNf6ntsk6qRKzuTJ2/9XKr71uotxbKAHLn6HzzB9nXoPPRvxGMn2obRR Fif83WWl/CJ7w== Date: Mon, 27 Nov 2023 13:20:13 + To: Dave Stiles From: EnquiryForm Reply-To: EnquiryForm Subject: Linkcheck Enquiry: Ref LK_XK27131943E Message-Id: X-Mailer: BW-4 X-Originating-Ip: 46.33.129.43 X-Form-Host: www.linkcheck.co.uk X-Complaints-To: abuse (at) bristolweb.net Mime-Version: 1.0 Content-Type: text/plain == ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
On Mon, Nov 27, 2023 at 04:04:12PM +0100, Ralf Hildebrandt via Postfix-users wrote: > * Linkcheck via Postfix-users : > > > If someone wishes to check this, a typical form (which is sent to me with > > copy to "you") is at > > https://www.linkcheck.co.uk/ > > under menu option Contact & Enquiries. > > I tried your form: > > Authentication-Results: mail-cbf-ext.charite.de; > dkim=pass header.d=linkcheck.co.uk header.s=mail header.b=LiOUpR1t; > spf=pass (mail-cbf-ext.charite.de: domain > ofenquiryf...@linkcheck.co.uk designates 185.35.151.121 as permitted sender) > smtp.mailfrom=enquiryf...@linkcheck.co.uk; > dmarc=pass (policy=reject) header.from=linkcheck.co.uk > > Looking good if you ask me :) Why just the "AR" header and not also the "DKIM-Signature" header, and perhaps also the "Return-Path" and related "Received"? -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
Thank you, Ralf; I got the form ok. > Looking good if you ask me Thanks. I couldn't fault it, either. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] gmail failing SPF/DKIM
* Linkcheck via Postfix-users : > If someone wishes to check this, a typical form (which is sent to me with > copy to "you") is at > https://www.linkcheck.co.uk/ > under menu option Contact & Enquiries. I tried your form: Authentication-Results: mail-cbf-ext.charite.de; dkim=pass header.d=linkcheck.co.uk header.s=mail header.b=LiOUpR1t; spf=pass (mail-cbf-ext.charite.de: domain ofenquiryf...@linkcheck.co.uk designates 185.35.151.121 as permitted sender) smtp.mailfrom=enquiryf...@linkcheck.co.uk; dmarc=pass (policy=reject) header.from=linkcheck.co.uk Looking good if you ask me :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org