My struggles continue with email. Here's a new one. I host an email server at novatec-inc.com. It is a business/static-IP. According to
https://www.dmarcanalyzer.com/dkim/dkim-checker, and especially
https://www.appmaildev.com/en/dkim, the DKIM, SPF and DMARC records for novatec-inc.com are all good.
This host is located at a business address. Much of the time I use an email client, Thunderbird, from my home Windows or Linux computers. I sent a message from my home Windows computer yesterday and got the following:
Code:
From MAILER-DAEMON@novatec-inc.com Sun Dec 18 21:50:38 2022
Return-Path: <MAILER-DAEMON@novatec-inc.com>
Received: from localhost (localhost)
by novatec-inc.com (8.15.2/8.15.2) id 2BJ2ocvo006564;
Sun, 18 Dec 2022 21:50:38 -0500
Date: Sun, 18 Dec 2022 21:50:38 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@novatec-inc.com>
Message-Id: <202212190250.2BJ2ocvo006564@novatec-inc.com>
To: <mfoley@novatec-inc.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="2BJ2ocvo006564.1671418238/novatec-inc.com"
Content-Transfer-Encoding: 8bit
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: R
This is a MIME-encapsulated message
--2BJ2ocvo006564.1671418238/novatec-inc.com
The original message was received at Sun, 18 Dec 2022 21:50:36 -0500
from quadmon [184.57.48.3]
----- The following addresses had permanent fatal errors -----
<mybuddy@gmail.com>
(reason: 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both)
----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
<<< 550-5.7.26 do not pass). SPF check for [novatec-inc.com] does not pass with ip:
<<< 550-5.7.26 [2603:6011:2d02:ee82:f66d:4ff:fe5f:ffd1].To best protect our users
<<< 550-5.7.26 from spam, the message has been blocked. Please visit
<<< 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more
<<< 550 5.7.26 information. q20-20020a37f714000000b006ff1c55d6desi3491476qkj.12 - gsmtp
554 5.0.0 Service unavailable
--2BJ2ocvo006564.1671418238/novatec-inc.com
Content-Type: message/delivery-status
Reporting-MTA: dns; novatec-inc.com
Received-From-MTA: DNS; quadmon
Arrival-Date: Sun, 18 Dec 2022 21:50:36 -0500
Final-Recipient: RFC822; mybuddy@gmail.com
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
Last-Attempt-Date: Sun, 18 Dec 2022 21:50:38 -0500
The same thing happened today to a different gmail recipient when sending from my home Linux computer using Thunderbird. Note that I've successfully sent from both of these email clients before this, including several emails to gmail recipients today, including the recipient shown above and to today's rejected recipient before my message to him was rejected for the same reasons.
Note that when I immediately resent these same messages from the mailx client when logged onto novatec-inc.com directly, they sent OK.
Some puzzlements ...
Why is it showing "SPF and DKIM both do not pass for novatec-inc.com with ip: 2603:6011:2d02:ee82:f66d:4ff:fe5f:ffd1"? novatec-inc.com's IP address is IPv4 address 24.142.169.12, not the listed IPv6 address.
It also says "The original message was received ... from quadmon [184.57.48.3]". That is the dynamic IP address of my home system. My home Thunderbird clients log onto novatec-inc.com (SMTP) to relay the message. Is gmail rejecting this because it is not originating at the novatec-inc.com host? This would render it impossible to use an email client unless logged into the actual email server as a user, like from my phone, for example. Why does it seem to care about the originating IP and is there some config in my email client I can make to deal with this?
Am I doing something wrong here?