LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-12-2013, 08:27 PM   #1
marciano
Member
 
Registered: Oct 2005
Location: Uruguay
Distribution: CentOS 6.6 Ubuntu 12.4 MacOS 10.9
Posts: 121

Rep: Reputation: 17
Softfail in forwarded messages and delayed delivery


I've set my mail server to forward all incoming messages from certain user (my_name) to his Gmail account.

Certain sender, sender_name@sender_domain.com sends an email to my_name@my_domain.com

I've set my mail server my_mail_server.com(ip=nnn.nnn.nnn.nnn) to forward all incoming messages to a Gmail account myname@gmail.com

The problem is (despite local times) that the messages are delayed (42-18=24 minutes in this case) to deliver to Gmail inbox I don't know why.

Here's the message header I attached with highlights


> Delivered-To: myname@gmail.com
>
> Received: by 10.114.10.195 with SMTP id k3csp88470ldb;
> Mon, 12 Aug 2013 06:42:22 -0700 (PDT)
>
> X-Received: by 10.50.87.36 with SMTP id
> u4mr8103347igz.40.1376314941978;
> Mon, 12 Aug 2013 06:42:21 -0700 (PDT)
>
> Return-Path: <sender_name@sender_domain.com>
>
> Received: from my_mail_server.com ([nnn.nnn.nnn.nnn])
> by mx.google.com with ESMTP id im4si12630666icb.34.2013.08.12.06.42.20
> for <myname@gmail.com>;
> Mon, 12 Aug 2013 06:42:21 -0700 (PDT)
>
> Received-SPF: softfail (google.com: domain of transitioning
> sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as
> permitted sender) client-ip=nnn.nnn.nnn.nnn;
>
> Authentication-Results: mx.google.com;
> spf=softfail (google.com: domain of transitioning sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as
> permitted sender) smtp.mail=sender_name@sender_domain.com
>
> Received: by my_mail_server.com (Postfix) id E3D2360D8E14; Mon, 12
> Aug 2013 10:18:03 -0300 (UYT)
>
> Delivered-To: myname@my_mail_server.com
>
> Received: from dug.privatedns.com (dug.privatedns.com
> [209.172.41.128]) by my_mail_server.com (Postfix) with ESMTP id
> 75C5F60D8E13 for <my_name@my_domain.com>; Mon, 12 Aug 2013 10:18:03
> -0300 (UYT)
>
> X-ASG-Debug-ID: 1376313481-029b1e0e4e9deee0001-7hAX0y
>
> Received: from mailhost.sender_domain.com (mailhost.sender_domain.com
> [212.23.37.186]) by dug.privatedns.com with ESMTP id 7hgO0xgLOgEHf4es
> for <my_name@my_domain.com>; Mon, 12 Aug 2013 09:18:01 -0400 (EDT)
>
> X-Barracuda-Envelope-From: sender_name@sender_domain.com
>
> X-Barracuda-Apparent-Source-IP: 212.23.37.186

> Received: (from uucp@localhost)

Thank you

Highlighted version
Attached Thumbnails
Click image for larger version

Name:	Screen Shot 2013-08-12 at 22.24.36.jpg
Views:	24
Size:	175.4 KB
ID:	13187  
 
Old 08-13-2013, 02:18 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,333

Rep: Reputation: Disabled
The Google mail server checks the SPF records of the sender domain, and discovers that the sending server is not listed. It then delays the delivery of the message.

It seems everything is working as it should. Checking the SPF records is a Good Thing, and I'm actually a bit surprised that the message is just delayed rather than rejected.

If your mail server is going to be sending mails from a given domain, its IP address should be added to the SPF records for that domain.
 
Old 08-13-2013, 03:17 PM   #3
marciano
Member
 
Registered: Oct 2005
Location: Uruguay
Distribution: CentOS 6.6 Ubuntu 12.4 MacOS 10.9
Posts: 121

Original Poster
Rep: Reputation: 17
Thanks Ser Olmy for your help.

This domain, my_domain.com, has this SPF record:
my_domain.com. IN TXT "v=spf1 ip4:nnn.nnnn.nnn.nnn a a:my_domain.com -all"
my_domain.com. IN MX 5 mace.privatedns.com

A summary of an authentication report from verifier.port25.com is
SPF check: pass
DomainKeys: neutral
DKIM check: pass
Sender-ID check: pass
Spamassassin check: ham

Occassionally I am getting some problems with Google Mail: first time a user receives a mail from my server it goes to spam folder.
The problem I described in my first post (the delay) appears after a month of forwarding mails to gmail.
Today I asked that sender to send me a test mail and no delay occurred.
Anyway, I checked the header and still the lines about softfail.
I can reproduce here the complete header if you think it would help.
Thank you,
M
 
Old 08-13-2013, 03:33 PM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,333

Rep: Reputation: Disabled
Quote:
Originally Posted by marciano View Post
This domain, my_domain.com, has this SPF record:
my_domain.com. IN TXT "v=spf1 ip4:nnn.nnnn.nnn.nnn a a:my_domain.com -all"
my_domain.com. IN MX 5 mace.privatedns.com
And the highlighed IP address is the (external) IP address of your mail server? And it's the exact same IP address as in the Received-From header and the softfail error message?

Code:
> Received: from my_mail_server.com ([nnn.nnn.nnn.nnn])
> by mx.google.com with ESMTP id im4si12630666icb.34.2013.08.12.06.42.20
> for <myname@gmail.com>;
> Mon, 12 Aug 2013 06:42:21 -0700 (PDT)
>
> Received-SPF: softfail (google.com: domain of transitioning
> sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as
> permitted sender) client-ip=nnn.nnn.nnn.nnn;
Again, the highlighted IP addresses should a) be the same, and b) not be identical to the SPF data, if the error message is to be believed.
Quote:
Originally Posted by marciano View Post
The problem I described in my first post (the delay) appears after a month of forwarding mails to gmail.
Today I asked that sender to send me a test mail and no delay occurred.
Anyway, I checked the header and still the lines about softfail.
I can reproduce here the complete header if you think it would help.
If the IP addresses in the SPF record and the softfail message are indeed the same, there's something very strange going on. The error message from Google is quite straightforward; it can't find the server IP in the SPF record for the sender domain. Perhaps the problem is related to a specific MTA at Google.

Have you considered adding a "true" SPF record (as defined by RFC 4408) to the DNS zone in addition to the existing TXT record?
 
Old 08-14-2013, 10:30 AM   #5
marciano
Member
 
Registered: Oct 2005
Location: Uruguay
Distribution: CentOS 6.6 Ubuntu 12.4 MacOS 10.9
Posts: 121

Original Poster
Rep: Reputation: 17
Hi Ser Olmy,

Quote:
Originally Posted by marciano
This domain, my_domain.com, has this SPF record:
my_domain.com. IN TXT "v=spf1 ip4:nnn.nnnn.nnn.nnn a a:my_domain.com -all"
my_domain.com. IN MX 5 mace.privatedns.com
Quote:
And the highlighed IP address is the (external) IP address of your mail server?
Yes.
Quote:
And it's the exact same IP address as in the Received-From header and the softfail error message?
Yes. Every mention of nnn.nnn.nnn.nnn refers to my external IP

Quote:
Authentication-Results: mx.google.com;
> spf=softfail (google.com: domain of transitioning sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as
> permitted sender) smtp.mail=sender_name@sender_domain.com
It is true that "sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as permitted sender"
But I am not sending mails in name or him, I'm just forwarding a mail he sent to me.
I don't understand what's wrong with that.

Quote:
Again, the highlighted IP addresses should a) be the same, and b) not be identical to the SPF data, if the error message is to be believed.
I don't get the point b)
Quote:
Have you considered adding a "true" SPF record (as defined by RFC 4408) to the DNS zone in addition to the existing TXT record?
Please explain to me what a true spf means. I'm not very knowledgeable in these matters.
Thanks a lot.
M
 
Old 08-14-2013, 04:51 PM   #6
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,333

Rep: Reputation: Disabled
Quote:
Originally Posted by marciano View Post
It is true that "sender_name@sender_domain.com does not designate nnn.nnn.nnn.nnn as permitted sender"
But I am not sending mails in name or him, I'm just forwarding a mail he sent to me.
I don't understand what's wrong with that.
I think you just identified the source of the problem. The Google server believes "sender_name@sender_domain.com" to be the From: address of the e-mail, while your intention was to forward a mail you received from that sender to a Gmail account. There could be something wrong with the format of the header or the mail body.

You should capture the entire SMTP transaction and look for malformed or misplaced headers. The culprit could be your mail client.
Quote:
Originally Posted by marciano View Post
Please explain to me what a true spf means. I'm not very knowledgeable in these matters.
When SPF was first launched, the SPF data was put in TXT records in the domain zone. Since then, a dedicated DNS record type called "SPF" has been defined. Most mail servers check both. It is of no importance in this case, as the softfail error is not really related to SPF, as the wrong sender domain is being checked against SPF data.
 
Old 08-14-2013, 06:09 PM   #7
marciano
Member
 
Registered: Oct 2005
Location: Uruguay
Distribution: CentOS 6.6 Ubuntu 12.4 MacOS 10.9
Posts: 121

Original Poster
Rep: Reputation: 17
Ser Olmy,

The forward configuration is not made from email client, it is set from server, Postfix.
I guess I have to ask Virtualmin folks for this problem because I use their control panel and I just checked a box "Forward to..."

Thanks a lot for your help
M
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix 2 weeks delayed messages adis_k Linux - Server 3 06-03-2013 02:38 AM
Delayed or no received messages in Kopete bogdan.dusa Linux - Software 1 06-22-2011 09:10 AM
sendmail forwarded messages to preserve original sender paranoid times Linux - Software 1 06-27-2007 02:24 PM
howto notify delivery of sent messages in thunderbird version 1.0.7-1.1.fc3 (20050929 dsids Linux - Software 1 03-23-2006 09:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration