29 Jul
2023
29 Jul
'23
9:16 p.m.
Hi,
I'm trying to set up SPF for my carfax.org.uk
domain (whence this
email comes). I'm getting a bounce from trying to send to gmail:
Diagnostic-Code: smtp; 550-5.7.26 This mail is unauthenticated,
which poses a
security risk to the
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
550-5.7.26 DKIM checks did not pass and SPF check for
[savella.carfax.org.uk]
550-5.7.26 did not pass with ip: [2001:ba8:1f1:f0e6::2].
However, I think I have the right TXT record in the DNS for
carfax.org.uk:
@ TXT "v=spf1 mx a ip4:85.119.84.138/21
ip6:2001:ba8:1f1:f0e6::/64 a:mail.carfax.org.uk
a:savella.carfax.org.uk -all"
and the diagnostic message from gmail isn't all that helpful about why
it's not matching.
Does anyone have any idea what I've missed here?
I don't have an eMail directly from you, only your original message in this
thread via the list.
However, in the first Received: header it says:
-----
(envelope-from <hrm(a)savella.carfax.org.uk>)
-----
The second received header also says:
-----
(envelope-from <hrm(a)savella.carfax.org.uk>)
-----
So it looks like you're submitting email from the savella subdomain and
then your Exim is forwarding that onto the world as-is.
...but the SPF record you show us is for carfax.org.uk and your eMail
address that appears in the Cc: header of the original message is
hugo(a)carfax.org.uk.
So I think there's some confusion in your setup about whether your sending
mail from savella.carfax.org.uk or carfax.org.uk.
Given the headers, the gmail error is correct and you'd need to set up SPF
for savella.carfax.org.uk.
...but perhaps never intended for the savella.carfax.org.uk domain to leak
out in the first place?
Best wishes,
@ndy
--
andyjpb(a)ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF