[SOLVED] gmail: This message does not have authentication information or fails to

mfoley · 05-19-2022, 05:52 PM

When sending to gmail recipients I am getting:

Code:

   ----- The following addresses had permanent fatal errors -----
<thisperson@gmail.com>
    (reason: 550-5.7.26 This message does not have authentication information or fails to)

   ----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 This message does not have authentication information or fails to
<<< 550-5.7.26 pass authentication checks. To best protect our users from spam, the
<<< 550-5.7.26 message has been blocked. Please visit
<<< 550-5.7.26  https://support.google.com/mail/answer/81126#authentication for more
<<< 550 5.7.26 information. d12-20020ac8118c000000b002f39bc44cf5si1445588qtj.729 - gsmtp
554 5.0.0 Service unavailable

The ISP has changed IP addresses for my server, but I do have a rDNS for this server for the new IP and DKIM validates. I did not have this problem before the IP was changed.

Email to recipients at domains other than gmail.com work fine.

Any idea what other authentication checks it could be looking for? I'm out of ideas.

TenTenths · 05-20-2022, 03:54 AM

Check to see if your new IP address appears in any blacklists.

Which of the other suggestions on the page referenced have you tried?

TenTenths · 05-20-2022, 03:58 AM

Quote:

Originally Posted by mfoley

The ISP has changed IP addresses for my server, but I do have a rDNS for this server for the new IP and DKIM validates. I did not have this problem before the IP was changed.

I assume you've updated your SPF record to include this new IP and that SPF record has been published and is live.

As I mentioned in another thread, this is a very handy testing service which gives you an e-mail address to send to and then does the relevant checks:

https://www.appmaildev.com/en/dkim

It's the "Next Step" button near the top that you click to start the test, it may give you some pointers.

mfoley · 05-20-2022, 10:42 AM

Quote:

Originally Posted by TenTenths

I assume you've updated your SPF record to include this new IP and that SPF record has been published and is live.

Ah ha!!! No, I forgot all about the SPF record. OK, I've now changed it to the correct IP. I'll give it some time to verify it's now working.

Meanwhile, perhaps you can clarify a point of perpetual confusion (on my part). This server hosts several domains and email is sent with those domain addresses (joe@this.com, pete@that.org, ...). The Domain Name Registrar does have the correct A and MX records for these domains, but do they also each need SPF records? Currently, I only have the "real" host's SPF record which is the hostname show in the email Identity in the connection dialogue (sendmail.mc: confDOMAIN_NAME).

mfoley · 05-22-2022, 11:47 AM

Still a problem. The A, MX, SPF, DKIM records are all now correct and mxtoolbox.com verifies all this is OK. I'm still getting rejections from Gmail:

Code:

   ----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.1 [23.244.81.7      18] Our system has detected that this message is
<<< 550-5.7.1 likely suspicious due to the very low reputation of the sending IP
<<< 550-5.7.1 address. To best protect our users from spam, the message has been
<<< 550-5.7.1 blocked. Please visit
<<< 550 5.7.1  https://support.google.com/mail/answer/188131 for more information. g5-20020a05620a40c500b006a2e166c804si653697qko.606 - gsmtp
554 5.0.0 Service unavailable

Apparently, whoever had this IP before me earned a very low reputation as a spammer and was blocked at Gmail. Unfortunately, I have now inherited this tainted IP.

The link specified in that error message took me to a Gmail tool (Postmaster Tools) to add a TXT record for verifying the domain for gmail. I've added that record, and Google verified it. I'll have to wait until the next group of messages go out to see if that did it.

More later ...

mfoley · 05-27-2022, 01:12 AM

I'm working on that last issue with the Breezeline service provider, but I have another question on SFP records.

Should I use ~all, -all or ?all as the Fail option?

I can't figure out from the description of this option what I need. For mail coming into my server, I don't really care if they have an SPF record. Some mail servers, like Gmail, want to see an SPF record, which is why I have one configured. How does the Fail option affect destination servers, or does it?

mfoley · 05-27-2022, 03:18 PM

I'm posting this last question as a new thread. I got my original answer and adding more questions sometimes adds too much complexity to a thread. The new thread is https://www.linuxquestions.org/quest...49#post6356949

jr.retreatllc · 06-01-2022, 10:53 AM

Quote:

Originally Posted by mfoley

When sending to gmail recipients I am getting:

Code:

   ----- The following addresses had permanent fatal errors -----
<thisperson@gmail.com>
    (reason: 550-5.7.26 This message does not have authentication information or fails to)

   ----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 This message does not have authentication information or fails to
<<< 550-5.7.26 pass authentication checks. To best protect our users from spam, the
<<< 550-5.7.26 message has been blocked. Please visit
<<< 550-5.7.26  https://support.google.com/mail/answer/81126#authentication for more
<<< 550 5.7.26 information. d12-20020ac8118c000000b002f39bc44cf5si1445588qtj.729 - gsmtp
554 5.0.0 Service unavailable

The ISP has changed IP addresses for my server, but I do have a rDNS for this server for the new IP and DKIM validates. I did not have this problem before the IP was changed.

Email to recipients at domains other than gmail.com work fine.

Any idea what other authentication checks it could be looking for? I'm out of ideas.

If I am not mistaken this is the same issue I have been working with on thread https://www.linuxquestions.org/quest...65#post6357965