Solved Undelivered Mail Returned to Sender
-
Searched the forums without finding an answer to this issue.
I have a domain hosted at fastmail. One of the e-mails is setup to forward to vivaldi.net - When sending to this e-mail I receive an error (see below). Any clues what causes this bounch back?
My SPF for the domain hosted is : v=spf1 include:spf.messagingengine.com ~all
My DMARC is : v=DMARC1; p=none;-- Error --
Action: failed
Status: 5.7.23
Remote-MTA: dns; mxi-1.vivaldi.net
Diagnostic-Code: smtp; 550 5.7.23 [email protected]: Recipient address
rejected: Message rejected due to: SPF fail - not authorized. -
Got answer from Fastmail. This resolved the issue.
They have a feature named SRS Rewriting.
Read about it here :
https://www.fastmail.help/hc/en-us/articles/360060591073-How-to-set-up-aliases#advancedThis was Fastmails response. After toggling the SRS Rewrite, it works as excepted.
-
@appsec said in Undelivered Mail Returned to Sender:
One of the e-mails is setup to forward to vivaldi.net - When sending to this e-mail I receive an error (see below)
Strange.
I tested my mail server with a test account redirecting to my vivaldi.net address, worked without any issue.
-
@DoctorG Thanks for testing - probably fastmail side then.
-
@appsec I try to ask internally to check.
But as team is out of office, i have to wait until Monday morning for a respnose. -
@appsec said in Undelivered Mail Returned to Sender:
v=spf1 include:spf.messagingengine.com ~all
Could be adding your domain could help:
v=spf1 include:spf.messagingengine.com +a:MYDOMAIN.TLD ~allI only administrate own mail servers and do not know what the issue could be on Fastmail's side.
-
@appsec Yes, but i can not test fastmail as i have no account and do not want to share with them my mobile number.
-
NP. Not a significant issue, was just curious if anybody happens to know why.
Did not work including my own domain either.
-
@appsec said in Undelivered Mail Returned to Sender:
Did not work including my own domain either.
Sad, was only a guess try by me.
//EDIT:
I have a idea: i create a test account on my mail server and you can try to forward mail from Fastmail.
Mailaddress given in chatI am curious if my server rejects, too.
-
Update : The issue happens only when I send from my work MS365 account. Other MS365 accounts forwards the e-mail to vivaldi.net.
I've created a support ticket to Fastmail to see if they can understand why the issue happens.
-
@appsec SPF issues are usually at the initiating domain/server level. A server used by the local Linux groups I'm with, was recently relocated to a new data center and after configuration in the new location, Gmail and a couple of other domains began to reject e-mails coming from the server. It was found to be an SPF/DKIM issue on the server, relating to reverse DNS lookup. It's expected to be resolved upon the installation of a replacement server.
The SPF/config files for the domain which your work Office 365 account uses, are what should be looked at, as you've said the other accounts do not have this issue.
Not a Vivaldi issue.
-
@edwardp said in Undelivered Mail Returned to Sender:
@appsec SPF issues are usually at the initiating domain/server level. A server used by the local Linux groups I'm with, was recently relocated to a new data center and after configuration in the new location, Gmail and a couple of other domains began to reject e-mails coming from the server. It was found to be an SPF/DKIM issue on the server, relating to reverse DNS lookup. It's expected to be resolved upon the installation of a replacement server.
The SPF/config files for the domain which your work Office 365 account uses, are what should be looked at, as you've said the other accounts do not have this issue.
Not a Vivaldi issue.
You are probably correct. I will use some dig magic and look at their DKIM / SPF .
Tx. -
Aappsec marked this topic as a question on -
Got answer from Fastmail. This resolved the issue.
They have a feature named SRS Rewriting.
Read about it here :
https://www.fastmail.help/hc/en-us/articles/360060591073-How-to-set-up-aliases#advancedThis was Fastmails response. After toggling the SRS Rewrite, it works as excepted.
-
Aappsec has marked this topic as solved on
-
@appsec wow that is awesome that you went through all those troubleshooting steps. I had long since semi-abandonded trying to solve it and was just "manually "exporting emails and saving them where I wanted them to be. Thank you for posting this.
-
@Dborhanian Tx. Regarding export/import mails. I use a great tool named imapsync - syncing one imap server to another. (If you need to move e.g a large chunk of emails from another server to Vivaldi).
-
@appsec Good
Thanks for telling us about the SRS and the DKIM/SPF issue, could be useful for other users running a mail domain on Fastmail.
-
I discovered some more useful info related to this issue. (Not using the fix from fastmail - just to understand how to prevent using the SRS feature)
I had another e-mail domain/address which experienced the bounch-back when I sendt e-mail to an address which forwarded to "vivaldi.net" e-mail.
This domain had the following DNS items (SPF / DMARC).
v=spf1 include:spf.messagingengine.com mx -all
v=DMARC1; p=quarantine; fo=1; aspf=s; adkim=s;When I change this to :
v=spf1 include:spf.messagingengine.com ~all
v=DMARC1; p=none;The e-mail does not get a bounch-back and is delivered to vivaldi.net as expected.
-
@appsec said in Undelivered Mail Returned to Sender:
This domain had the following DNS items (SPF / DMARC).
v=spf1 include:spf.messagingengine.com mx -all
v=DMARC1; p=quarantine; fo=1; aspf=s; adkim=s;First SPF/DMARC is mega-restrictive. Not good if you want to send/receive mails.
Was this a default set by Fastmail?@appsec said in Undelivered Mail Returned to Sender:
When I change this to :
v=spf1 include:spf.messagingengine.com ~all
v=DMARC1; p=none;The e-mail does not get a bounch-back and is delivered to vivaldi.net as expected.
Fine, you have working redirect now.
-
@DoctorG said in Undelivered Mail Returned to Sender:
@appsec said in Undelivered Mail Returned to Sender:
This domain had the following DNS items (SPF / DMARC).
v=spf1 include:spf.messagingengine.com mx -all
v=DMARC1; p=quarantine; fo=1; aspf=s; adkim=s;First SPF/DMARC is mega-restrictive. Not good if you want to send/receive mails.
Was this a default set by Fastmail?No
- It has been me palying with doing "mega-restrictive" SPF/DMARC settings
I might have lost some mails during this experiment. He he -
@appsec You were making by experiments. You are learning. You are root. You can destroy on your server what you like.
My answer is not meant as a harsh critic.
And we server admins all know what can happen on administrated systems. Much.
-
@DoctorG He he
- no problem. Was hosting my own DNS / e-Mail (Postfix) back in early 2000. Don't know how I managed that .... 
Though about hosting my e-mail server for a while also - but, it seems a bit to hard to co-op and keep the attackers out of the system.
