automated forwarding to Gmail problem again

Jacky Li

Member
Jan 15, 2019
48
2
13
49
Hi,

Automated forwarding to Gmail is broke again. I am not sure if the sender's domain @fnal.gov restricted their email policy. I have tried to setup openarc to sign the outgoing emails but still failed. I have setup postsrsd to satisfy the SPF part and also sign all outgoing emails with PMG's dkim. It seems nothing works with automated forwarding to Gmail. May I know if there is anything I can try to have automated forwarding again? I am exhausted my options here. Thank you.

Here is a bounce of the email:

This is the mail system at host mx.aloha.hi.edu.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<sample@gmail.com>: host gmail-smtp-in.l.google.com[74.125.142.27] said:
550-5.7.26 Unauthenticated email from fnal.gov is not accepted due to
domain's 550-5.7.26 DMARC policy. Please contact the administrator of
fnal.gov domain if 550-5.7.26 this was a legitimate mail. Please visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about
the 550 5.7.26 DMARC initiative.
w14-20020a63b74e000000b003ab6543dd53si549319pgt.160 - gsmtp (in reply to
end of DATA command)
 
I am not sure if the sender's domain @fnal.gov restricted their email policy. I
are you relaying mails for fnal.gov? - If yes you should ask the domain-admin of fnal.gov if they made any changes.
if not you should not relay mails from them to gmail

the domain has a dmarc record of:
Code:
"v=DMARC1;p=reject;rua=mailto:bf36f510@mxtoolbox.dmarc-report.com,mailto:reports@dmarc.cyber.dhs.gov;ruf=mailto:bf36f510@mxtoolbox.dmarc-report.com"

which IIUC means that both spf and dkim are checked strictly - while it has no spf record - I cannot tell if dkim is configured (without knowing the selector)
 
are you relaying mails for fnal.gov? - If yes you should ask the domain-admin of fnal.gov if they made any changes.
if not you should not relay mails from them to gmail

the domain has a dmarc record of:
Code:
"v=DMARC1;p=reject;rua=mailto:bf36f510@mxtoolbox.dmarc-report.com,mailto:reports@dmarc.cyber.dhs.gov;ruf=mailto:bf36f510@mxtoolbox.dmarc-report.com"

which IIUC means that both spf and dkim are checked strictly - while it has no spf record - I cannot tell if dkim is configured (without knowing the selector)
Hi,

I am not relaying mails for them. Some of the users at @aloha.hi.edu automated forwarding received emails from @fnal.gov to their personal gmail account. This strict checks on the dkim and spf broke the automated forwarding with Gmail. I know they made some changes to their email policies but don't know the details. @fnal.gov -- sends email to --> @aloha.hi.edu ( stores a copy locally) and forwards a copy using .forward or .procmailrc -- forward to --> @gmail.com (forwarding failed).

Any ideas? Thank you.

Jacky
 
Any ideas? Thank you.
ahh ok - that explains the situation quite a bit better..

hmm - plain bouncing (as in forwarding without rewriting the envelop addresses ) does not work with DMARC (mostly the SPF part)

most mail-servers can be configured in to resent the mail with local envelop address - this could work - for postfix see e.g.:
https://serverfault.com/questions/896791/postfix-forwarding-spf-issues-sender-rewrite

however this is not the task of PMG - this should be configured wherever the users have configured their .forward/.procmailrc files
 
Hi,

I have setup postsrsd to rewrite the domain as from our own when emails send to external sites. It still fails with Gmail. I begin to doubt that @fnal.gov doesn't want their emails forwarded to other sites. I am out of ideas.

Jacky
 
I have setup postsrsd to rewrite the domain as from our own when emails send to external sites. It still fails with Gmail. I begin to doubt that @fnal.gov doesn't want their emails forwarded to other sites. I am out of ideas.
the bounce message you posted looks as if the envelope sender was @fnal.gov

please provide the logs from your PMG for that mail (only anonymize the local parts and do so consistently)
 
the bounce message you posted looks as if the envelope sender was @fnal.gov

please provide the logs from your PMG for that mail (only anonymize the local parts and do so consistently)
Sorry, I have @fnal.gov domain excluded from the rewrite because I thought Gmail doesn't like rewrite of the header and sender. I will see if I can get a test email from them tomorrow. Thank you for your help.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!