Topic: Random bounces
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: CentOS 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
This is a bit of a long post, but I'm trying to add as much relevant information as I can think of...
A bit of history:
Say our mail domain is domain.com. Some of our mailboxes are forwarding email to gapps (at user@gapps.domain.com), others to regular gmail/yahoo/whatever accounts, with or without also keeping a local copy.
Now, 99% of the time, this works as expected, but every once in a while, gapps is bouncing a message back with
554 5.7.1 : Recipient address rejected: SMTP AUTH is required for users under this sender domain
Re-sending the same message will again fix it in 99% of the cases. Rarely it will have to be sent a third time.
Both SPF and DKIM are set correctly, but I doubt that's where the problem is because, again, it works correctly 99% of the time.
This seems to happen mostly (only?) with internal messages, and mostly (only?) when forwarding to gapps accounts.
It also may happen when sending to multiple recipients, all of which are forwarding to gapps, one will bounce, and all others go through. This in particular I find puzzling...
This situation has existed like this for years, without other issues, and has been mostly just annoying, but we can live with it.
The system works flawlessly otherwise.
The bigger problem:
Recently, a customer sent us this bounce message which is similar, but more serious than internal only ones.
(Note, this user forwards to a regular gmail account, not gapps like above, which may explain the difference in wording):
<user@gmail.com>: host gmail-smtp-in.l.google.com[108.177.96.27] said:
550-5.7.26 Your email has been blocked because the sender is unauthenticated.
550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [mail.domain.com] with ip: [redacted] = did not pass
How can SPF/DKIM fail in less than 1% of all cases?
This is the first occurrence we know of that involves external email, or other destinations than gapps.
We would be OK with just ignoring this error, since gapps/gmail are just backup accounts in case things go horribly wrong, but the customer assumer (and rightfully so) we did not receive the email, which we did.
The questions:
Any theories what may be going on here (or how to further debug/fix/workaround)
Is there some way to do a retry or something before bouncing back to our customers
Any ideas on how to (temporary) prevent the user from receiving this bounce message completely, and just ignore it
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.