Send to gmail, got error message

Discussion in 'Installation/Configuration' started by JULINT, Jun 14, 2024.

  1. JULINT

    JULINT Member

    Hi,
    Please help me :
    i cannot send email to gmail , and i got this error :
    host gmail-smtp-in.l.google.com[74.125.200.26] said:
    550-5.7.26 Your email has been blocked because the sender is
    unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with
    either SPF or DKIM. 550-5.7.26 550-5.7.26 Authentication results:
    550-5.7.26 DKIM = did not pass 550-5.7.26 SPF [listrikkita.com] with ip:
    [192.46.231.20] = did not pass 550-5.7.26 550-5.7.26 For instructions on
    setting up authentication, go to 550 5.7.26

    Here is my server config:

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 20.04.5 LTS
     
    [INFO] uptime:  09:29:05 up 15 days, 17:14,  1 user,  load average: 1.99, 0.90, 0.44
     
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:          1.9Gi       882Mi        99Mi        44Mi       989Mi       875Mi
    Swap:         511Mi       297Mi       214Mi
     
    [INFO] systemd failed services status:
      UNIT                  LOAD   ACTIVE SUB    DESCRIPTION                           
    ● clamav-daemon.service loaded failed failed Clam AntiVirus userspace daemon       
    ● fwupd-refresh.service loaded failed failed Refresh fwupd metadata and update motd
    
    LOAD   = Reflects whether the unit definition was properly loaded.
    ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
    SUB    = The low-level unit activation state, values depend on unit type.
    
    2 loaded units listed.
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.8p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.4.3-4ubuntu2.22
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.3
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
        Apache 2 (PID 691)
    [INFO] I found the following mail server(s):
        Postfix (PID 3836449)
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 755)
    [INFO] I found the following imap server(s):
        Dovecot (PID 755)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 917)
    
    ##### LISTENING PORTS #####
    (only        ()
    Local        (Address)
    [anywhere]:110        (755/dovecot)
    [anywhere]:143        (755/dovecot)
    [anywhere]:465        (3836449/master)
    [anywhere]:21        (917/pure-ftpd)
    ***.***.***.***:53        (583/named)
    [localhost]:53        (583/named)
    ***.***.***.***:53        (489/systemd-resolve)
    [anywhere]:22        (774/sshd:)
    [anywhere]:25        (3836449/master)
    [localhost]:953        (583/named)
    [anywhere]:993        (755/dovecot)
    [anywhere]:995        (755/dovecot)
    [localhost]:10023        (742/postgrey)
    [localhost]:10024        (1292/amavisd-new)
    [localhost]:10026        (1292/amavisd-new)
    [localhost]:3306        (727/mysqld)
    [anywhere]:587        (3836449/master)
    [localhost]:11211        (582/memcached)
    [localhost]10        (755/dovecot)
    [localhost]43        (755/dovecot)
    *:*:*:*::*:8080        (691/apache2)
    *:*:*:*::*:80        (691/apache2)
    *:*:*:*::*:8081        (691/apache2)
    *:*:*:*::*:21        (917/pure-ftpd)
    *:*:*:*::*:53        (583/named)
    *:*:*:*::*f03c:93ff:fe5e:53        (583/named)
    *:*:*:*::*f03c:93ff:53        (583/named)
    *:*:*:*::*:22        (774/sshd:)
    *:*:*:*::*:953        (583/named)
    *:*:*:*::*:443        (691/apache2)
    *:*:*:*::*:993        (755/dovecot)
    *:*:*:*::*:995        (755/dovecot)
    *:*:*:*::*:10023        (742/postgrey)
    *:*:*:*::*:10024        (1292/amavisd-new)
    *:*:*:*::*:10026        (1292/amavisd-new)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    f2b-pure-ftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-pure-ftpd (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***          [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination         
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination         
    
    
    
    
    ##### LET'S ENCRYPT #####
    Certbot is installed in /usr/bin/letsencrypt
    
    
    
     
  2. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    https://support.google.com/a/answer/81126#authentication
    actually is a very helpful resource for setting your spf/dkim/dmarc/arc

    ISPConfig already helps you setup SPF and DKIM using DNS-Module. If you do not use that,
    you need to set it at your nameserver yourself.
    It is crucial not only for google but for all mail.
    It has been covered in this forum multiple times already.

    ISPConfig does generate DKIM entry if you go to E-Mail-Domain and hit the DKIM knobs there ;)
     
  3. remkoh

    remkoh Active Member

    Are you sending mail directly or are you forwarding mail to Gmail?
    When forwarding it's logical to get spf errors.
    You will need something like PostSRS to rewrite the sender before forwarding in order to prevent spf errors.
    See these two posts:
    https://forum.howtoforge.com/thread...heme-in-an-ispconfig-mailserver-part-1.89827/
    https://forum.howtoforge.com/thread...heme-in-an-ispconfig-mailserver-part-2.89828/

    Besides that, you have errors in your spf settings.
    Checking your domain listrikkita.com on mxtoolbox.com returns two spf records.
    A domain only can have one spf record, so you need to merge the current two into one.

    Also Gmail (and many others) requires a dmarc record.
    You have none for your domain.
     
    ztk.me likes this.
  4. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    if you've auto-installed a recent version of ispconfig 3.2 and are using rspamd, you shouldn't need to use postSRSd for forwarding any more.
    the mailforwards should get ARC signed/sealed.. which should bypass the problem with mailforwards and SPF.

    *should*. i did have one customer mailforward to a gmail address rejected the other day due to spf.. even though it was ARC signed.. the same mailforward from the same source worked perfectly fine the following day.. so no idea what went wrong there..
    that's the only time it's had a problem, and that's covering hundreds of configured mailforwards and hundreds ot thousands of actual emails.

    i don't know about if you manually installed following a tutorial, or used amavisd, i've not done either for ages.
     
    remkoh likes this.
  5. remkoh

    remkoh Active Member

    That only applies to mail forwarded to mailservers that check ARC signs/seals.
    Of course Gmail does, as do several other major players.
    Besides those you can still run into SPF troubles.
     

Share This Page