I am experiencing an issue where, after installing Carbonio, I am unable to send emails to Gmail domains. However, sending emails to other external addresses works without any problems.
Below is the log output:
zextras@mail:~$ postqueue -p | grep 'host alt1.gmail-smtp-in.l.google.com' -B5
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
84A6F2C978B 2873 Mon Feb 24 18:19:18
(host alt1.gmail-smtp-in.l.google.com[108.177.98.27] said: 421-4.7.26 Your email has been rate limited because it is unauthenticated. Gmail 421-4.7.26 requires all senders to authenticate with either SPF or DKIM. 421-4.7.26 421-4.7.26 Authentication results: 421-4.7.26 DKIM = did not pass 421-4.7.26 SPF [ourdomain] with ip: [ourIP] = did not pass 421-4.7.26 421-4.7.26 For instructions on setting up authentication, go to 421 4.7.26 removed link d9443c01a7336-220d540970csi331003435ad.201 - gsmtp (in reply to end of DATA command))
zextras@mail:~$
I have ensured that SPF, DMARC, DKIM, PTR, A, and MX records are all valid.
In this server, there are two domains: domainA.net and domainB.net.
- Emails sent from domainA.net to Gmail are delivered successfully.
- Emails sent from domainB.net to Gmail fail with the above error.
I would appreciate any insights or suggestions on how to resolve this issue.
Thank you.
@guntur
Your log output suggesting authentication issue but I guess it is for domainB.net. Also. I can see your DKIM, SPF did not pass. So check followings for domainB.net:
- Double-check and update the SPF record for domainB.net
- Verify and re-sign DKIM for domainB.net
- Adjust DMARC policy to avoid rejecting unauthenticated emails
regards,
@shariful
Hi Shariful,
Thanks for your response. I appreciate your insights. I have some follow-up questions regarding the authentication issue with domainB.net:
SPF Record Format:
Since domainB.net is using domainA.net's mail server, what would be the correct SPF record format? Should it be something like this?
v=spf1 include:domainA.net ~all
Or should I explicitly list the mail server IPs?
DKIM Issue:
I have re-signed DKIM multiple times, and validation tests (including mail-tester.com) return a perfect score of 10 removed link However, emails sent to Gmail still show as "unauthenticated." What could be causing this discrepancy?
DMARC Policy:
I have currently set DMARC to p=none to gather more error reports, but I am still facing issues.
👉 Are there any additional tricks or workarounds to resolve this issue?
Looking forward to your guidance.
Best regards,
Thanks again for your effort. Just to simplify the things:
- Forget that you have multiple domains configured in the single server.
- All the domains have their own Zone files for their respective DNS records.
- The records you have configure in the zone file of domainA.net (i.e. A, MX, TXT, DKIM, DMARC), do same for the domainB.net in domainB.net's zone file but using domainB.net as reference. For example:
- create an A record for mail.domainB.net > IP of your server
- MX record of domainB.net > mail.domainB.net
- TXT/SPF record for domainB.net > v=spf1 mx a a:mail.domainB.net ~all
- Generate a DKIM key in the server for domainB.net and publish it just like you did for domainA.net
- Publish a DMARC record for domainB.net and make sure to create the accounts you are using in the DMARC record.
- You can repeat these steps for all the domains in your server.
I know you are already aware of these points and some of them are already in effect. Make sure all of them, and it should solve your issue.
regards,
@shariful
I have followed your instructions correctly, but I still can't send emails to Gmail. The emails are still marked as unauthenticated.
Below are the existing records for both of my domains. Could you help identify any mistakes in these configurations?
Record Type | domainA | IP/Value | domainB | IP/Value |
A | mail.domainA.net | 111.111.111.111 | mail.domainB.net | 222.222.222.222 |
AAAA | - | - | - | - |
CNAME | - | - | - | - |
MX | @ | mail.domainA.net | @ | mail.domainB.net |
DKIM | @ | v=DKIM1; k=rsa; p=xxxxxxx | @ | v=DKIM1; k=rsa; p=xxxxxxx |
SPF | @ | v=spf1 ip4:111.111.111.111 ip4:222.222.222.222 mx ~all | @ | v=spf1 mx a a:mail.domainB.net ~all |
DMARC | @ | v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:zextras@domainA.net; ruf=mailto:zextras@domainA.net; pct=100; fo=0:1:d:s; | @ | v=DMARC1; p=none; adkim=s; aspf=s; rua=mailto:andi.guntur@domainB.net; ruf=mailto:andi.guntur@domainB.net; pct=100; fo=0:1:d:s; |
I would really appreciate your help in checking where the issue might be. Thanks in advance!
please share the latest log.
- if both the domains are configured in the same server, you should have same IP address for both A records.
regards
Sorry for the late reply. Honestly, I’m getting a bit frustrated as I still haven't been able to resolve this issue. I’ve been trying to fix it for months, but there are still no signs of progress.
To isolate the problem, I even set up a standalone Carbonio mail server with domainB.com, but I’m still getting the same error: unable to send emails to Gmail.
Here’s the log from the mail server:
Mar 17 06:24:01 mail postfix/smtp[120934]: AB6E3262965: to=<destinationaccount@gmail.com>, relay=gmail-smtp-in.l.google.com[142.251.175.26]:25, delay=2.9, delays=0.02/0.02/1.6/1.3, dsn=5.7.25, status=bounced (host gmail-smtp-in.l.google.com[142.251.175.26] said: 550-5.7.25 [139.255.253.19] The IP address sending this message does not have a 550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not 550-5.7.25 match the sending IP. As a policy, Gmail does not accept messages 550-5.7.25 from IPs with missing PTR records. For more information, go to 550-5.7.25 https://support.google.com/a?p=sender-guidelines-ip 550-5.7.25 To learn more about Gmail requirements for bulk senders, visit 550 5.7.25 https://support.google.com/a?p=sender-guidelines. d9443c01a7336-225c6b890b3si102060435ad.430 - gsmtp (in reply to end of DATA command))
I have already checked everything:
✅ PTR record is correctly configured
✅ SPF, DKIM, and DMARC are valid
✅ Mail Tester gives a perfect 10/10 score
✅ MXToolbox shows all green checks
Yet, the emails still bounce with error 550-5.7.25, which points to an issue with PTR record or forward DNS entry.
As a workaround, would it be possible to force delivery to Gmail by modifying the transport
file in /cat/zextras/conf/transport ? For example:
gmail.com smtp:alt3.gmail-smtp-in.l.google.com
Would this help bypass the issue, or is there another way to force Gmail to accept the emails? Any suggestions would be greatly appreciated. Thanks! 🙏
@guntur
There are no other way to send email to Gmail without complying with their policy.
- You can try external gateway to send emails.
- But I tried the same in my environment and sent email to Gmail without any issue. (Attachment)
- Without knowing details, we could only share our side of feedbacks. I can see your sending IP address and find out the PTR record (Even not sure this PTR records applicability on this sender) for that IP address. But still I do not know what is your server hostname/primary domain/sending_user or sending user domain.
If you want help from other users, you need to share the details. Sometimes only a portion of log is not sufficient enough. I hope you would understand.
Regards,