[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: Re: Mail forwarding through a relay
From: Dominic Raferd <dominic () timedicer ! co ! uk>
Date: 2019-09-12 4:45:06
Message-ID: CAF9Mo3JBkPakj46CnBgruXQJz=_ZQ5h42=LgqCUmFZNfE=8NTA () mail ! gmail ! com
[Download RAW message or body]
On Thu, 12 Sep 2019 at 05:14, John Regan <jreganoct@gmail.com> wrote:
> Hi,
>
> I have a postfix-3.2.6 system that acts as a mail server and pop/imap
> using dovecot for a small domain. The problem is that people are
> increasingly using it as a relay to a personal account, such as Gmail and
> Yahoo.
>
> This is resulting in the receiving system rejecting the message due to SPF
> failing.
>
> Sep 11 22:03:06 email postfix/smtp[1187]: 33AA3962A9648: to=<
> user@example.com>, orig_to=<user@origdomain.com>, relay=
> mx0.digitalwest.net[72.29.183.105]:25, delay=2.7, delays=0.05/0/1.5/1.1,
> dsn=5.0.0, status=bounced (host mx0.digitalwest.net[72.29.183.105] said:
> 550-[SPF] 44.104.18.100 is not allowed to send mail from mchat.booking.com.
> 550-Message blocked - Please check settings. See 550
> http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx
> (in reply to RCPT TO command))
>
> Is my only option here to do something like SRS or can this be fixed
> another way?
>
I'm puzzled - you mention gmail and yahoo but the example you give is for
digitalwest. They appear to be blocking based purely on SPF (their
information link does not seem to work) - gmail does not do this and I
doubt yahoo do it either. The situation which will cause problems when
relaying to gmail or to yahoo is blocking based on DMARC where the sender
domain has set a p=reject policy but doesn't add a DKIM signature header.
Another problem you may face is that if you are relaying too much spam into
gmail your server might be blacklisted.
[Attachment #3 (text/html)]
<div dir="ltr"><div dir="ltr"><div class="gmail_default" \
style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Thu, 12 Sep 2019 at 05:14, John Regan <<a \
href="mailto:jreganoct@gmail.com">jreganoct@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Hi,<div><br></div><div>I have a postfix-3.2.6 system that acts as a mail \
server and pop/imap using dovecot for a small domain. The problem is that people are \
increasingly using it as a relay to a personal account, such as Gmail and \
Yahoo.</div><div><br></div><div>This is resulting in the receiving system rejecting \
the message due to SPF failing. </div><div><br></div><div>Sep 11 22:03:06 email \
postfix/smtp[1187]: 33AA3962A9648: to=<<a href="mailto:user@example.com" \
target="_blank">user@example.com</a>>, orig_to=<<a \
href="mailto:user@origdomain.com" target="_blank">user@origdomain.com</a>>, \
relay=<a href="http://mx0.digitalwest.net" \
target="_blank">mx0.digitalwest.net</a>[72.29.183.105]:25, delay=2.7, \
delays=0.05/0/1.5/1.1, dsn=5.0.0, status=bounced (host <a \
href="http://mx0.digitalwest.net" \
target="_blank">mx0.digitalwest.net</a>[72.29.183.105] said: 550-[SPF] 44.104.18.100 \
is not allowed to send mail from <a href="http://mchat.booking.com" \
target="_blank">mchat.booking.com</a>. 550-Message blocked - Please check settings. \
See 550<span class="gmail_default" style="font-size:small"></span> <a \
href="http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx" \
target="_blank">http://support.digitalwest.net/KB/a163/550-spf-not-allowed-to-send-mail.aspx</a> \
(in reply to RCPT TO command))<br></div><div><br></div><div>Is my only option here to \
do something like SRS or can this be fixed another \
way?</div></div></blockquote><div><br></div><div style="font-size:small" \
class="gmail_default">I'm puzzled - you mention gmail and yahoo but the example \
you give is for digitalwest. They appear to be blocking based purely on SPF (their \
information link does not seem to work) - gmail does not do this and I doubt yahoo do \
it either. The situation which will cause problems when relaying to gmail or to yahoo \
is blocking based on DMARC where the sender domain has set a p=reject policy but \
doesn't add a DKIM signature header. Another problem you may face is that if you \
are relaying too much spam into gmail your server might be \
blacklisted.<br></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic