Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Autoreply empty mail from
exim-users at exim
Jul 26, 2022, 2:33 AM
Post #1 of 5 (406 views)
Permalink
Hi all!

Exim 4.94
I have trouble with autoreply transport (and any email from Exim-self)
in check DMARK when Exim send bounce/autoreply messages to google.
I want to configure vacation-router. SPF, DKIM, PTR is configured for my
server. When I send email from myself google receives it and pass DKIM,
SPF, DMARK.
When exim send autoreply message to google, google answer:
user@gmail.com R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com
[108.177.126.26]
X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes:
SMTP error from remote mail server after pipelined end of data:
550-5.7.26 Unauthenticated email from domain.com is not accepted due to
550-5.7.26 domain's DMARC policy. Please contact the administrator of
550-5.7.26 domain.com domain if this was a legitimate mail. Please visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about
the 550 5.7.26 DMARC initiative.
I run exim in debug mode and saw next:

MAIL FROM and $sender_address_domain - empty

14:35:21 41842  SMTP>> MAIL FROM:<> SIZE=1609
.....
14:35:21 41842  dkim signing direct-mode
14:35:21 41842  ?considering:
${lookup{$sender_address_domain}lsearch*@{/etc/exim4/dkim/dkim_files}{$sender_address_domain}{}}
14:35:21 41842   ?considering:
$sender_address_domain}lsearch*@{/etc/exim4/dkim/dkim_files}{$sender_address_domain}{}}
14:35:21 41842   ???expanding: $sender_address_domain
14:35:21 41842   ??????result:
14:35:21 41842   ?considering:
/etc/exim4/dkim/dkim_files}{$sender_address_domain}{}}
14:35:21 41842   ???expanding: /etc/exim4/dkim/dkim_files
14:35:21 41842   ??????result: /etc/exim4/dkim/dkim_files
14:35:21 41842  search_open: lsearch "/etc/exim4/dkim/dkim_files"
14:35:21 41842  search_find: file="/etc/exim4/dkim/dkim_files"
14:35:21 41842    key="" partial=-1 affix=NULL starflags=2 opts=NULL
14:35:21 41842  LRU list:
14:35:21 41842    :/etc/exim4/dkim/dkim_files
14:35:21 41842    End
14:35:21 41842  internal_search_find: file="/etc/exim4/dkim/dkim_files"
14:35:21 41842    type=lsearch key="" opts=NULL
14:35:21 41842  trying to match *
14:35:21 41842  internal_search_find: file="/etc/exim4/dkim/dkim_files"
14:35:21 41842    type=lsearch key="*" opts=NULL
14:35:21 41842  file lookup required for *
14:35:21 41842    in /etc/exim4/dkim/dkim_files
14:35:21 41842  lookup failed
14:35:21 41842   ????scanning: $sender_address_domain}{}}
14:35:21 41842   ???expanding: $sender_address_domain
14:35:21 41842   ??????result:
14:35:21 41842   ????skipping: result is not used
14:35:21 41842   ?considering: }}
14:35:21 41842   ???expanding:
14:35:21 41842   ??????result:
14:35:21 41842  ???expanding:
${lookup{$sender_address_domain}lsearch*@{/etc/exim4/dkim/dkim_files}{$sender_address_domain}{}}
14:35:21 41842  ??????result:
14:35:21 41842 DKIM: no viable signatures to use

I've read several articles about it. And I understood that empty field
mail-from is normal for bounce-messages. But how resolve problem with
google and other?
Thanks in advance!

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Autoreply empty mail from [ In reply to ]
exim-users at exim
Aug 1, 2022, 5:29 AM
Post #2 of 5 (406 views)
Permalink
> From: Timur <timur@alcopack.de>

> I have trouble with autoreply transport (and any email from Exim-self)
> in check DMARK when Exim send bounce/autoreply messages to google.
> I want to configure vacation-router. SPF, DKIM, PTR is configured for my
> server. When I send email from myself google receives it and pass DKIM,
> SPF, DMARK.
> When exim send autoreply message to google, google answer:
> user@gmail.com R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com
> [108.177.126.26]
> X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes:
> SMTP error from remote mail server after pipelined end of data:
> 550-5.7.26 Unauthenticated email from domain.com is not accepted due to
> 550-5.7.26 domain's DMARC policy. Please contact the administrator of
> 550-5.7.26 domain.com domain if this was a legitimate mail. Please visit
> 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about
> the 550 5.7.26 DMARC initiative.
> I run exim in debug mode and saw next:
>
> MAIL FROM and $sender_address_domain - empty

When MAIL FROM is empty, receivers should use the domain in HELO.
Give the command:

exim -be '$primary_hostname'

If it says not exactly the domain you use in DKIM
then use primary_hostname in the beginning of Exim config.

If your mail server handles mail for several domains then use helo_data
option in the smtp transport.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Autoreply empty mail from [ In reply to ]
exim-users at exim
Aug 1, 2022, 5:46 AM
Post #3 of 5 (406 views)
Permalink
Ahoj,

D?a Tue, 26 Jul 2022 12:33:04 +0300 Timur via Exim-users
<exim-users@exim.org> napísal:

> Hi all!
>
> Exim 4.94
> I have trouble with autoreply transport (and any email from
> Exim-self) in check DMARK when Exim send bounce/autoreply messages to
> ...
> MAIL FROM and $sender_address_domain - empty

For SPF with empty sender you have to ensure SPF DNS record for your
HELO name.

Your DKIM signing is based on sender domain, which is empty, thus
lookup fails and no DKIM signature is done.

For DMARC, you have to ensure, that your SPF (HELO name in this case)
and/or DKIM match domain in 5322.From: header. Simplest way is to do
DKIM lookup based on 5322.From: domain instead (or in addition to)
sender domain lookup, but be aware, that there can be multiple addresses
(domains) in 5322.From: header.

But emails with multiple 5322.From: addresses will be rejected anyway on
sites, which does DMARC validation, as that is not DMARC compliant...

regards

--
Slavko
https://www.slavino.sk
Re: Autoreply empty mail from [ In reply to ]
exim-users at exim
Aug 2, 2022, 2:28 AM
Post #4 of 5 (406 views)
Permalink
# exim -be '$primary_hostname'
says:
mail.domain.com (This is my mail host)

from smtp transport config:
helo_data = mail.domain.com

DKIM generated for domain.com with selector mail
There is DNS record for domain:
mail._domainkey.domain.com. TXT   v=DKIM1; k=rsa; p=....

Whats wrong?

8/1/2022 3:29 PM, Lena--- via Exim-users ?????:
>> From: Timur<timur@alcopack.de>
>> I have trouble with autoreply transport (and any email from Exim-self)
>> in check DMARK when Exim send bounce/autoreply messages to google.
>> I want to configure vacation-router. SPF, DKIM, PTR is configured for my
>> server. When I send email from myself google receives it and pass DKIM,
>> SPF, DMARK.
>> When exim send autoreply message to google, google answer:
>> user@gmail.com R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com
>> [108.177.126.26]
>> X=TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_256_GCM:256 CV=yes:
>> SMTP error from remote mail server after pipelined end of data:
>> 550-5.7.26 Unauthenticated email from domain.com is not accepted due to
>> 550-5.7.26 domain's DMARC policy. Please contact the administrator of
>> 550-5.7.26 domain.com domain if this was a legitimate mail. Please visit
>> 550-5.7.26https://support.google.com/mail/answer/2451690 to learn about
>> the 550 5.7.26 DMARC initiative.
>> I run exim in debug mode and saw next:
>>
>> MAIL FROM and $sender_address_domain - empty
> When MAIL FROM is empty, receivers should use the domain in HELO.
> Give the command:
>
> exim -be '$primary_hostname'
>
> If it says not exactly the domain you use in DKIM
> then use primary_hostname in the beginning of Exim config.
>
> If your mail server handles mail for several domains then use helo_data
> option in the smtp transport.
>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Autoreply empty mail from [ In reply to ]
exim-users at exim
Aug 2, 2022, 7:18 AM
Post #5 of 5 (406 views)
Permalink
> From: Timur <timur @ alcopack.de>

> # exim -be '$primary_hostname'
> says:
> mail.domain.com (This is my mail host)
>
> from smtp transport config:
> helo_data = mail.domain.com
>
> DKIM generated for domain.com with selector mail
> There is DNS record for domain:
> mail._domainkey.domain.com. TXT?? v=DKIM1; k=rsa; p=....
>
> Whats wrong?

Your email to [exim-users] had the domain alcopack.de in "From:" header line
(I'm talking not about envelope-from also known as MAIL FROM).
alcopack.de and mail.alcopack.de resolve to different IP-addresses.
Your Exim is on mail.alcopack.de, right?
You have DMARC record for alcopack.de but not for mail.alcopack.de:

~ $ dig +short _dmarc.mail.alcopack.de txt
~ $ dig +short _dmarc.alcopack.de txt
"v=DMARC1; p=none"

mail.alcopack.de (in HELO) and alcopack.de (in DMARC and DKIM)
are different domains.

Also, make sure that if $sender_address_domain is empty,
your Exim config uses correct domain for DKIM signing - exactly same domain
as in DMARC.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal