Hi, I'm using ISPC 3.2.9 I wondered in newer versions of ISPC if the Sieve scripts have been rewritten to fix the SPF problems created by Google / Yahoo enforcing SPF? The autoresponse fires but as you can see it's from "from=<>" in the logs as the full headers don't include reply-to / return-path headers and so Google rejects its. Jun 15 11:07:32 faraday postfix/qmgr[2747]: E5FC626E240D: from=<>, size=1203, nrcpt=1 (queue active) Jun 15 11:07:32 faraday postfix/lmtp[18167]: A482B26E38D0: to=<tdrnetworks@googlemail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.01/0/0/2.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5FC626E240D) Jun 15 11:07:33 faraday postfix/smtp[18832]: E5FC626E240D: to=<tdrnetworks@googlemail.com>, relay=gmail-smtp-in.l.google.com[142.250.110.27]:25, delay=0.79, delays=0.01/0/0.35/0.44, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[142.250.110.27] said: 550-5.7.26 Your email has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [] with ip: [80.95.186.196] = did not pass 550-5.7.26 550-5.7.26 For instructions on setting up authentication, go to 550 5.7.26 https://support.google.com/mail/answer/81126#authentication 5b1f17b1804b1-422f631fd0fsi33815305e9.213 - gsmtp (in reply to end of DATA command)) Keith
Autoreply emails with Gmail work fine. I just verified that by creating a mailbox with autoresponder in ISPConfig and sending an email to it from Gmail and I received the response in Gmail just fine. I even tested with an older release, ISPConfig 3.2.2, and it works there as well, so nothing was wrong or needed to be changed in ISPConfig. Also, the from header is set by Dovecot Sieve and not ISPConfig. You should check your SPF setup. E.g., if you also have an SPF record for the hostname of your email server and not just the sender domain. And you should check if the SPF record of the sender domain exists and is correct too. And you should turn on DKIM signing for the domain and add a DKIM record in DNS.
Hi, Thanks for the reply - but this is happening across multiple ISPC and the logs all show the same blank from address in Postfix. Jun 15 11:07:32 faraday postfix/qmgr[2747]: E5FC626E240D: from=<>, size=1203, nrcpt=1 (queue active) I'm 100% positive the SPF records are fine - sending from these mailboxes in ISPC to Gmail work without issue meaning it must be this issue with the blank from address. In your test, would you be so kind to check your logs and show what the from address looks like? Keith
Did you create SPF records for the hostnames too, and not just for the sender domain? And do you have DKIm configured and does it work?
And here is the log you requested: Code: Jun 15 12:20:47 mail postfix/qmgr[9690]: DAD6040F05: from=<>, size=805, nrcpt=1 (queue active) Jun 15 12:20:48 mail postfix/smtpd[15571]: disconnect from mail-pj1-f47.google.com[209.85.216.47] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7 Jun 15 12:20:48 mail postfix/smtp[16130]: DAD6040F05: to=<.......@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.184.27]:25, delay=0.94, delays=0.02/0.01/0.19/0.72, dsn=2.0.0, status=sent (250 2.0.0 OK 1718446848 ffacd0b85a97d-36075126b0dsi3263737f8f.509 - gsmtp) Jun 15 12:20:48 mail postfix/qmgr[9690]: DAD6040F05: removed As I mentioned, the from address of autoresponders is empty; that's always the case and not ISPConfig specific. This done to avoid loops. Gmail does not reject any email due to that, your mail is rejected because it lacks proper SPF and DKIM setup.
Hi, Thank you. I added in the TXT record for the hostname and it fixed the issue, but I would argue that is a bit "hacky" and really the envelope sender should be set when sending the outgoing out of office message. As it was sent as "postmaster@faraday.tdrnetworks.com" or "postmaster@FQDN-Hostname" which then ended up in the Google spam folder which defeats the purpose of the out of office if no-one sees it. Like in PHP you can choose whether to include it: mail($emailTo, $Subject, $message, $headers) or with envelope sender: mail($emailTo, $Subject, $message, $headers, "-f " . $template['email_from']) Roundcube for example use the secondary code to send as you couldn't have everyone on the server sending as www-data@hostname Just my observations. Keith
Hi, I saw that discussion and actually I also have that problem. I have configured SPF and DKIM for a domain and it works fine. But as soon as ISPConfig sends an autoresponder back to a GMail address, I see the following error in the logs: Code: CB11C98B33C: to=<xxx@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0b::1b]:25, delay=575, delays=575/0.04/0.11/0.23, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0b::1b] said: 550-5.7.26 Your email has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results: 550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [] with ip: [2a02:x:x:x::1] = did not pass 550-5.7.26 550-5.7.26 For instructions on setting up authentication, go to 550 5.7.26 https://support.google.com/mail/answer/81126#authentication ffacd0b85a97d-38f258e0ebbsi682131f8f.63 - gsmtp (in reply to end of DATA command)) The SPF record is "v=spf1 a mx ~all" and the IP mentioned above is included in the "a" part of the SPF record (which is also not a problem when sending regular mails, then the mail header says this is a valid SPF IP for the sending domain). Maybe the SPF[] in the logs really mean that the problem is it cannot check the sender domain because it is not set by the autoresponder as mentioned earlier and this is why the SPF doesn't match. I have no clue how to get this fixed as all the settings seem fine to me.
You can try to set an SPF record for the server hostname as well. I mean the real server hostname like server.hostdomain.tld and not the email sending domain or the domain of the server hostname.
Ok, sounds strange but really seems to work. At least the error is gone now. Do you know if there's a way to use that auto responder also for mails that come in through contact form? In that case - as the contact form is not a legit sender for the source domain, it uses the destination e-mail address (which is the own mailbox) as sender and just sets the Reply-To-Header to the actual sender's mail address. But this is not working with the autoresponder because it ignores that and just uses the from header.
