gmailsendmailspfdkimdmarc

This message does not have authentication information or fails to 550-5.7.26 pass authentication checks


I have problem with google and I can't send email to any gmail or Gsuite emails got report from mail server log

Feb 17 12:16:30 server postfix/smtp[19451]: 853E35E55A: to=<xxx@gmail.com>, 
relay=aspmx.l.google.com[209.85.144.27]:25, delay=0.38, delays=0.05/0/0.15/0.17, 
dsn=5.7.26, status=bounced (host aspmx.l.google.com[209.85.144.27] said: 550-5.7.26 This 
message does not have authentication information or fails to 550-5.7.26 pass 
authentication checks. To best protect our users from spam, the 550-5.7.26 message has 
been blocked. Please visit 550-5.7.26  
https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 
information. w19si7586061qkp.34 - gsmtp (in reply to end of DATA command))

and I'm not blacklisted in any spam website ( I do check in most of website which provide blocklist checker)

also I didn't have any problem in SPF or DKIM or DMARC

here is SPF checker https://prnt.sc/26xomwz

here is DKIM checker https://prnt.sc/26xoodg

here is DMARC checker https://prnt.sc/26xopgo

here is DMARC report from google

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>10254909114662490508</report_id>
    <date_range>
      <begin>1644969600</begin>
      <end>1645055999</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>cbs-canon.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>5.161.45.186</source_ip>
      <count>187</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>server.cbs-canon.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>server.cbs-canon.com</domain>
        <result>fail</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>server.cbs-canon.com</domain>
        <result>none</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
      <source_ip>5.161.45.186</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>cbs-canon.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>cbs-canon.com</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>cbs-canon.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

how can I know where is the problem


Solution

  • That is odd. The sending source IP is definitely in your SPF, and the DMARC record includes aspf=r, so the header from address in a child domain is valid and matches. I'd also note that your DMARC has p=quarantine, but gmail is acting like it's reject. This is gmail though, so you can't expect it to behave well.

    I expect that the problem is that you don't have an SPF record set for server.cbs-canon.com, so make sure that exists and allows the same sources as cbs-canon.com. It looks like you're not doing DKIM signatures either, meaning that both SPF and DKIM are failing, resulting in a DMARC failure. Try adding that DNS record, or redirecting/including server. to your root domain.