stackoom
  简体   繁体   中英

This message does not have authentication information or fails to 550-5.7.26 pass authentication checks

 原文  2022-02-17 11:34:48       gmail/ sendmail/ spf/ dkim/ dmarc

Question

I have problem with google and I can't send email to any gmail or Gsuite emails got report from mail server log

Feb 17 12:16:30 server postfix/smtp[19451]: 853E35E55A: to=<xxx@gmail.com>, 
relay=aspmx.l.google.com[209.85.144.27]:25, delay=0.38, delays=0.05/0/0.15/0.17, 
dsn=5.7.26, status=bounced (host aspmx.l.google.com[209.85.144.27] said: 550-5.7.26 This 
message does not have authentication information or fails to 550-5.7.26 pass 
authentication checks. To best protect our users from spam, the 550-5.7.26 message has 
been blocked. Please visit 550-5.7.26  
https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 
information. w19si7586061qkp.34 - gsmtp (in reply to end of DATA command))

and I'm not blacklisted in any spam website ( I do check in most of website which provide blocklist checker)

also I didn't have any problem in SPF or DKIM or DMARC

here is SPF checker https://prnt.sc/26xomwz

here is DKIM checker https://prnt.sc/26xoodg

here is DMARC checker https://prnt.sc/26xopgo

here is DMARC report from google

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>10254909114662490508</report_id>
    <date_range>
      <begin>1644969600</begin>
      <end>1645055999</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>cbs-canon.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>5.161.45.186</source_ip>
      <count>187</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>server.cbs-canon.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>server.cbs-canon.com</domain>
        <result>fail</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>server.cbs-canon.com</domain>
        <result>none</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
      <source_ip>5.161.45.186</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>cbs-canon.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>cbs-canon.com</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>cbs-canon.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

how can I know where is the problem

2 answers

solution1
 4 ACCPTED  2022-02-17 12:00:57

That is odd. The sending source IP is definitely in your SPF, and the DMARC record includes aspf=r , so the header from address in a child domain is valid and matches. I'd also note that your DMARC has p=quarantine , but gmail is acting like it's reject . This is gmail though, so you can't expect it to behave well.

I expect that the problem is that you don't have an SPF record set for server.cbs-canon.com , so make sure that exists and allows the same sources as cbs-canon.com . It looks like you're not doing DKIM signatures either, meaning that both SPF and DKIM are failing, resulting in a DMARC failure. Try adding that DNS record, or redirecting/including server. to your root domain.

solution2
 1  2022-02-18 09:28:55

Adding more info for @Synchro 's answer.

It is the fact that the Return-Path address is using the server.cbs-canon.com domain and there is no SPF record in that zone. You only need an SPF record for the domain used in your Return-Path address. For your server's emails that would be server.cbs-canon.com . For Google that would probably be just cbs-canon.com .

The same goes for DKIM. The receiving server is checking for the selector named default in the domain server.cbs-canon.com (so doing a query for TXT record default._domainkey.server.cbs-canon.com ), which does not exist.

DMARC will then check if either the SPF ( Return-Path ) or DKIM ( d= ) domain aligns with the Header.From domain (or sharing the oranizational domain in case of relaxed mode).

Probably the easiest fix for you right now is to copy the SPF TXT record and DKIM selector record to the server.cbs-canon.com domain.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GMAIL IMAP read fails due to authentication when used in bitbucket pipeline Can I safely make some XOAuth authentication information public? What mechanism does Gmail use for user authentication? Sending email fails when two factor authentication is on for Gmail Why does javamail fail with an authentication Exception? Sending HTML message through PEAR while using SMTP authentication returns an error Expected response code 250 but got code “530”, with message "530-5.5.1 Authentication Required - Laravel Gmail smtp incorrect authentication Gmail smtp authentication error Gmail Authentication redirection
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM