Reputation: 133
This message does not have authentication information or fails to 550-5.7.26 pass authentication checks
I have problem with google and I can't send email to any gmail or Gsuite emails got report from mail server log
Feb 17 12:16:30 server postfix/smtp[19451]: 853E35E55A: to=<[email protected]>,
relay=aspmx.l.google.com[209.85.144.27]:25, delay=0.38, delays=0.05/0/0.15/0.17,
dsn=5.7.26, status=bounced (host aspmx.l.google.com[209.85.144.27] said: 550-5.7.26 This
message does not have authentication information or fails to 550-5.7.26 pass
authentication checks. To best protect our users from spam, the 550-5.7.26 message has
been blocked. Please visit 550-5.7.26
https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26
information. w19si7586061qkp.34 - gsmtp (in reply to end of DATA command))
and I'm not blacklisted in any spam website ( I do check in most of website which provide blocklist checker)
also I didn't have any problem in SPF or DKIM or DMARC
here is SPF checker https://prnt.sc/26xomwz
here is DKIM checker https://prnt.sc/26xoodg
here is DMARC checker https://prnt.sc/26xopgo
here is DMARC report from google
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>[email protected]</email>
<extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
<report_id>10254909114662490508</report_id>
<date_range>
<begin>1644969600</begin>
<end>1645055999</end>
</date_range>
</report_metadata>
<policy_published>
<domain>cbs-canon.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>quarantine</p>
<sp>quarantine</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>5.161.45.186</source_ip>
<count>187</count>
<policy_evaluated>
<disposition>quarantine</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>server.cbs-canon.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>server.cbs-canon.com</domain>
<result>fail</result>
<selector>default</selector>
</dkim>
<spf>
<domain>server.cbs-canon.com</domain>
<result>none</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>5.161.45.186</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>cbs-canon.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>cbs-canon.com</domain>
<result>pass</result>
<selector>default</selector>
</dkim>
<spf>
<domain>cbs-canon.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
how can I know where is the problem
Upvotes: 9
Views: 34241
Answers (2)
Reputation: 1069
Adding more info for @Synchro 's answer.
It is the fact that the Return-Path address is using the server.cbs-canon.com domain and there is no SPF record in that zone. You only need an SPF record for the domain used in your Return-Path address. For your server's emails that would be server.cbs-canon.com. For Google that would probably be just cbs-canon.com.
The same goes for DKIM. The receiving server is checking for the selector named default in the domain server.cbs-canon.com (so doing a query for TXT record default._domainkey.server.cbs-canon.com), which does not exist.
DMARC will then check if either the SPF (Return-Path) or DKIM (d=) domain aligns with the Header.From domain (or sharing the oranizational domain in case of relaxed mode).
Probably the easiest fix for you right now is to copy the SPF TXT record and DKIM selector record to the server.cbs-canon.com domain.
Upvotes: 1
Reputation: 37770
That is odd. The sending source IP is definitely in your SPF, and the DMARC record includes aspf=r, so the header from address in a child domain is valid and matches. I'd also note that your DMARC has p=quarantine, but gmail is acting like it's reject. This is gmail though, so you can't expect it to behave well.
I expect that the problem is that you don't have an SPF record set for server.cbs-canon.com, so make sure that exists and allows the same sources as cbs-canon.com. It looks like you're not doing DKIM signatures either, meaning that both SPF and DKIM are failing, resulting in a DMARC failure. Try adding that DNS record, or redirecting/including server. to your root domain.
Upvotes: 4
Related Questions
- Gmail SMTP send - 535-5.7.8 Username and Password not accepted
- smtp error: 535 5.7.8 Username and Password not accepted for gmail in go
- ERROR => ERROR => SMTP-AUTH: Authentication to smtp.gmail.com:587 failed
- Gmail Error :The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required
- SMTPAuthenticationError 5.7.14 Please log\n5.7.14 in via your web browser
- Gmail: 530 5.5.1 Authentication Required. Learn more at
- the SMTP server requires a secure connection or the client was not authenticated. The server response was 5.5.1, Authentication required
- Failed send mail code 550
- com.sun.mail.smtp.SMTPSendFailedException: 530-5.5.1 Authentication Required (Java Mail)
- 550-5.7.1 message is likely unsolicited mail: rejected by gmail