[Solved] Replying to message I sent is bounced back by gmail

Email stack:

  • dovecot

  • postfix

  • SPF

  • DKIM

note: I basically followed the setup here (with minor adjustments): https://library.linode.com/email/postfi … 0.04-lucid">https://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid

Mail server OS:

  • ubuntu 12.04

Mail client:

  • apple mail

Scenario:

  • I send an email to someone.

  • They don't respond, and instead of sending a new email I just reply to the original email.

  • e.g. "References:" and "In-Reply-To:" headers are the same as the original "Message-Id:" header.

  • I receive a bounce-back email from mailer-daemon@googlemail.com suggesting I visit this link: http://mail.google.com/support/bin/answ … wer=188131">http://mail.google.com/support/bin/answer.py?hl=en&answer=188131

  • note: see below for relevant text from support link

SPF and DKIM info from bounced-back email headers:

  • spf=softfail (google.com: domain of transitioning email@domain.com does not designate [string of numbers and chars] as permitted sender) smtp.mail=email@domain.com;

  • dkim=pass header.i=@domain.com;

Relevant text from Google support link:
> If you're a mail server administrator:

Ownership and Filtering

We recommend that you do not change the envelope sender when forwarding email to Gmail. Sometimes, when forwarding email, the envelope sender gets changed to your domain. When this happens, Gmail may learn that your domain is sending spam, and will treat other emails from this domain as spam as well.

Are you using procmail for forwarding?

Please note that procmail is one of the most common reasons why the envelope sender gets changed when forwarding. Adding the following to your config file will fix this issue:

SENDER=formail -c -x Return-Path

SENDMAILFLAGS="-oi -f $SENDER"

Alternatively, changing the envelope sender is ok if you do one of the following:

Put "SPAM" in the subject

OR discard any spam emails and not forward them to Gmail at all.

SpamAssassin is a free spam filter that can be used for identifying spam outside of Gmail, and putting "SPAM" in the subject.

Authentication

  • Do not modify, remove or shuffle message headers or modify the body of the message. DKIM or DomainKeys signatures will break if the body is altered, and all authentication information will be lost.

  • Common DKIM breakages include modifying the mime boundaries, anti-virus or anti-spam programs modifying the body of the message, expanding the message recipient using LDAP, and re-encoding the message.

  • Several highly-phished domains have asked Gmail to enforce strict authentication checks on their mail. These domains include eBay, Paypal, and Google. If your mail server modifies the forwarded messages from these domains, these messages will be marked as phishing.

  • One symptom of this problem is that a messages from these domains forwarded through your mail server to Gmail will have an Authentication-Results header that show that DKIM did not pass, while messages sent directly to Gmail will have a passing signature.

My questions:

  • Has anyone else had this issue, and if so, could you provide me with some guidance?

  • Email I've sent has been bounced back three times, and each time the scenario has been the same (i.e. replying to an email I initially sent). What is causing this?

  • Will setting up procmail fix this? I've scanned the documentation, however, it's not clear to me why it would fix.

  • Could you suggest anything else I should be looking into to fix this?

Thanks in advance for help/guidance.

1 Reply

This is solved. After further investigation it turns out having ipv6 enabled prevented the email from getting through to Google Apps.

It also turns out I was initially wrong: it's not that replying to emails I sent caused them to bounce, it's that sending email to addresses associated with Google Apps accounts would cause them to bounce. I don't know why Google Apps rejected my email and regular Gmail didn't, but after sending test emails to multiple Apps and Gmail addresses it was obvious this was the case.

As for the solution to this problem, two things gave it away:

1. This line from the mailer-daemon@googlemail.com email gave it away:
> Received-SPF: softfail (google.com: domain of transitioning email@example.com does not designate xxxx:xxxx::xxxx:xxxx:xxxx:xxxx as permitted sender) client-ip=xxxx:xxxx::xxxx:xxxx:xxxx:xxxx;
(Specifically, the ipv6 addr (xxxx:xxxx::xxxx:xxxx:xxxx:xxxx) jumped out at me as wrong.)

2. Google.com blocked queries ssh'd through my domains IP address:

After some bing-fu I came across this forum post - https://forum.linode.com/viewtopic.php?p=59816 - which prompted me to disable ipv6.

Here's how I did it:

1. Confirm if ipv6 is enabled/disabled:

# cat /proc/sys/net/ipv6/conf/all/disable_ipv6

0 –> Enabled

1 --> Disabled

2. If it's enabled, edit /etc/sysctl.conf:

# emacs /etc/sysctl.conf

3. Add this to the bottom of /etc/sysctl.conf:

# disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1

4. Reload your config:

# sysctl -p

This did the trick for me. I'm finally able to send email to Google Apps addresses, and I'm also able to use Google from my domain's IP address without getting blocked.

edit: Retrieved password for other account. Status changed to closed.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct