This message does not have authentication information or fails to 550-5.7.26 pass authentication checks
Solution 1
That is odd. The sending source IP is definitely in your SPF, and the DMARC record includes aspf=r, so the header from address in a child domain is valid and matches. I'd also note that your DMARC has p=quarantine, but gmail is acting like it's reject. This is gmail though, so you can't expect it to behave well.
I expect that the problem is that you don't have an SPF record set for server.cbs-canon.com, so make sure that exists and allows the same sources as cbs-canon.com. It looks like you're not doing DKIM signatures either, meaning that both SPF and DKIM are failing, resulting in a DMARC failure. Try adding that DNS record, or redirecting/including server. to your root domain.
Solution 2
Adding more info for @Synchro 's answer.
It is the fact that the Return-Path address is using the server.cbs-canon.com domain and there is no SPF record in that zone. You only need an SPF record for the domain used in your Return-Path address. For your server's emails that would be server.cbs-canon.com. For Google that would probably be just cbs-canon.com.
The same goes for DKIM. The receiving server is checking for the selector named default in the domain server.cbs-canon.com (so doing a query for TXT record default._domainkey.server.cbs-canon.com), which does not exist.
DMARC will then check if either the SPF (Return-Path) or DKIM (d=) domain aligns with the Header.From domain (or sharing the oranizational domain in case of relaxed mode).
Probably the easiest fix for you right now is to copy the SPF TXT record and DKIM selector record to the server.cbs-canon.com domain.
Related videos on Youtube
01 : 28
01 : 39
00 : 50
01 : 50
12 : 43
06 : 24
ezak
Updated on June 04, 2022Comments
-
ezak about 2 years
I have problem with google and I can't send email to any gmail or Gsuite emails got report from mail server log
Feb 17 12:16:30 server postfix/smtp[19451]: 853E35E55A: to=<[email protected]>, relay=aspmx.l.google.com[209.85.144.27]:25, delay=0.38, delays=0.05/0/0.15/0.17, dsn=5.7.26, status=bounced (host aspmx.l.google.com[209.85.144.27] said: 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. w19si7586061qkp.34 - gsmtp (in reply to end of DATA command))and I'm not blacklisted in any spam website ( I do check in most of website which provide blocklist checker)
also I didn't have any problem in SPF or DKIM or DMARC
here is SPF checker https://prnt.sc/26xomwz
here is DKIM checker https://prnt.sc/26xoodg
here is DMARC checker https://prnt.sc/26xopgo
here is DMARC report from google
<?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> <org_name>google.com</org_name> <email>[email protected]</email> <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info> <report_id>10254909114662490508</report_id> <date_range> <begin>1644969600</begin> <end>1645055999</end> </date_range> </report_metadata> <policy_published> <domain>cbs-canon.com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>quarantine</p> <sp>quarantine</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>5.161.45.186</source_ip> <count>187</count> <policy_evaluated> <disposition>quarantine</disposition> <dkim>fail</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>server.cbs-canon.com</header_from> </identifiers> <auth_results> <dkim> <domain>server.cbs-canon.com</domain> <result>fail</result> <selector>default</selector> </dkim> <spf> <domain>server.cbs-canon.com</domain> <result>none</result> </spf> </auth_results> </record> <record> <row> <source_ip>5.161.45.186</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <header_from>cbs-canon.com</header_from> </identifiers> <auth_results> <dkim> <domain>cbs-canon.com</domain> <result>pass</result> <selector>default</selector> </dkim> <spf> <domain>cbs-canon.com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback>how can I know where is the problem
-
ezak over 2 yearsperfect, there was miss configuratation in DKIM signatures.. I have fixed them and also I have disable bounce notification for root@hostname, because it was caching the bounce message
-
ezak over 2 yearsbut I have another problem, emails got to the SPAM folder. I found that CSF sending emails from root@hostname (which hostname in my current hostname), and it's marked as spam.. as CSF is sending many messages, all of them are sent to SPAM .. even if I marked them as non-spam.. still, any email from CSF and other normal email send to spam.. Gmail said
Why is this message in spam? It is similar to messages that were identified as spam in the past. -
ezak over 2 yearsthanks for your notes, its also applied and the email now is sent.. but as my last reply for @Synhro its send to SPAM folder
-
Reinto over 2 yearsIs CSF your firewall software? If it is sending as a non-routable, possibly single-label domain, then it will be downgraded in reputation by many Mailbox Service Providers. Because multitude of checks cant be performed or fail. Try and configure a proper FROM address/domain instead. -
Synchro over 2 yearsUnfortunately with gmail it’s probably more accurately “messages that we misidentified as spam before”. Good point by @Reinto though – make sure you’re using a full domain, not just a bare hostname in your from address.