Hi DM,
I've had my BBS set up to relay outgoing SMTP email through Vertrauen for a while, according to this wiki page: https://wiki.synchro.net/howto:relay_smtp
Recently, all outgoing email from my system has been coming back with a 'failure to deliver' message. I don't know what has changed. For instance, I tried sending a test email to my Gmail account from my BBS and got this response back:
TZ: fe20
vert.synchro.net reporting delivery failure of message
from Nightfox to eric.oulashin@gmail.com
Reason:
gmail-smtp-in.l.google.com replied with:
"550 5.7.26 https://support.google.com/mail/answer/81126#authentication x188-20020a6263c5000000b006d98bbbd3cbsi11324918pfb.295 - gsmtp"
instead of the expected reply:
"250 ..."
Original message text follows:
This is a test
Maybe it was just a temporary failure? I just tried and successfully delivered an email to that address (from the same mail severs):
Re: Email relay through Vertrauen failing
By: Digital Man to Nightfox on Sun Jan 07 2024 06:49 pm
Maybe it was just a temporary failure? I just tried and successfully delivered an email to that address (from the same mail severs):
Hopefully it's temporary. But for at least a month or so now, every email I've sent out from my BBS (routed through yours) has had a failure response.
Gmail has recently started requiring a _dmarc dns record to be created to continue to accept emails. I've had to do that in several other non-bbs systems lately because they are cracking down on "spam". Not to suggest what you're sending is spam, but you should look into creating a _dmarc dns address that works for you, even if it's to do nothing.
Re: Email relay through Vertrauen failing
By: Jason to Nightfox on Tue Jan 16 2024 11:56 pm
Gmail has recently started requiring a _dmarc dns record to be created to continue to accept emails. I've had to do that in several other non-bbs systems lately because they are cracking down on "spam". Not to suggest what you're sending is spam, but you should look into creating a _dmarc dns address that works for you, even if it's to do nothing.
Since I'm relaying my outgoing email through Vertrauen, I'm not sure if it would be me or Vertrauen that needs thta DNS record.
Re: Email relay through Vertrauen failing
By: Jason to Nightfox on Tue Jan 16 2024 11:56 pm
Gmail has recently started requiring a _dmarc dns record to be created to continue to accept emails. I've had to do that in several other non-bbs systems lately because they are cracking down on "spam".
Not to suggest what you're sending is spam, but you should look into creating a _dmarc dns address that works for you, even if it's to do nothing.
Since I'm relaying my outgoing email through Vertrauen, I'm not sure if it would be me or Vertrauen that needs thta DNS record.
Nightfox
Re: Email relay through Vertrauen failingIf I remember correctly, the DMARC must be added at the last MTA relay
By: Nightfox to Jason on Wed Jan 17 2024 09:12:07
Re: Email relay through Vertrauen failing
By: Jason to Nightfox on Tue Jan 16 2024 11:56 pm
Gmail has recently started requiring a _dmarc dns record to
be created to continue to accept emails. I've had to do that
in several other non-bbs systems lately because they are
cracking down on "spam". Not to suggest what you're sending
is spam, but you should look into creating a _dmarc dns
address that works for you, even if it's to do nothing.
Since I'm relaying my outgoing email through Vertrauen, I'm not
sure if it would be me or Vertrauen that needs thta DNS record.
Nightfox
It's the DNS record that needs updating to support a _DMARC entry for
your own domain, nothing to do with the outbound MTA(s). Here is my
_DMARC entry on my cloudflare DNS.
"TXT", "_dmarc.bbs.magnum.uk.net", "v=DMARC1; p=reject"
A good website to use to check your DMARC config is:
https://mxtoolbox.com/
Which has some DMARC testing functions.
Many receiving email services will also throw your BBS's email into
the SPAM folder or just outright drop it, if DKIM is also not used.
DKIM however requires the last outbound MTA sign the email with your
DKIM private key which needs to match a DKIM public key within your
DNS configuration.
I use a postfix MTA to act as an inbound / outbouund relay for my BBS
emails, which takes care anti malware, anti spam, SPF (inbound),
DMARC (inbound) and DKIM (inbound / outbound) processing.
Feel free to reach out to me if you'd like any help setting up an MTA
relay.
---
â– Synchronet â– >>> Magnum BBS <<< - bbs.magnum.uk.net
If I remember correctly, the DMARC must be added at the last MTA relay before it is sent out. Or maybe I'm thinking SPF or something else, but
I know that one of them has to be added by your mail relay and not you.
Gmail has recently started requiring a _dmarc dns record to be created to continue to accept emails. I've had to do that in several other non-bbs
systems lately because they are cracking down on "spam". Not to suggest what you're sending is spam, but you should look into creating a _dmarc dns
address that works for you, even if it's to do nothing.
Since I'm relaying my outgoing email through Vertrauen, I'm not sure if it would be me or Vertrauen that needs thta DNS record.
Nightfox
It might just be an SPF record that you need (for *your* domain). Vertruaen already has an SPF record for the synchro.net domain and I can send to gmail addresses (from synchro.net domains) just fine.
Re: Email relay through Vertrauen failing
By: Digital Man to Nightfox on Wed Jan 17 2024 12:28 pm
It might just be an SPF record that you need (for *your* domain). Vertruaen already has an SPF record for the synchro.net domain and I can send to gmail addresses (from synchro.net domains) just fine.
I'm finally getting around (again) to trying to fix my BBS's issue of outgoing emails being rejected by Gmail.
I saw this page on the wiki explaining how to set up email security, including the SPF record and others:
https://wiki.synchro.net/howto:emailsec
It seems Gmail does indeed need an SPF record. According to the wiki page, and using the SPF maker tool, I made an SPF record and set it up in my domain (digitaldistortionbbs.com). I've tried sending some emails to my gmail address, but it seems they're still being rejected.
I've tried a few different things in my SPF record but with no success. This is my current SPF record:
"v=spf1 mx a ptr a:vert.synchro.net include:digdist.synchro.net include:vert.synchro.net ?all"
Using mxtoolbox.com, I did an SPF check of my domain and it seems it should be valid. I probably don't have it configured correctly, but I'm not sure what might be wrong. Do you have an idea?
(digitaldistortionbbs.com). I've tried sending some emails to my gmail address, but it seems they're still being rejected.
If you're relaying your outbound mail through Vertrauen, then the mail could be sent from cvs.synchro.net or vert.synchro.net (2 different hosts), so you would need to list both in your SPF.
I just use "v=spf1 mx a -all" and that works for me.
(digitaldistortionbbs.com). I've tried sending some emails to my gmail
address, but it seems they're still being rejected.
Are they being rejected or being sent to spam? Also, do you have the PTR for your IP matching the A record? I heard they like both an SPF record and matching A/PTRs. Like DM said, tho, "v=spf1 mx a -all" seems to work for the SPF.
It looks like an A record is for a destination IP address. Since my IP address could be dynamic, my concern would be that I'd have to change my A record when my IP address changes, and I don't know when my IP address might change.
Also, I just tried adding an A recor
with my IP address, but it complains
because a CNAME,NS record already
exists having the same name (I use
I'm guessing CNAME is ok.. but that URL
in your previous message talks about
having both SPF and DKIM.
Re: Email relay through Vertrauen
By: phigan to Nightfox on Thu Jun 13 2024 12:55 pm
I'm guessing CNAME is ok.. but that URL
in your previous message talks about
having both SPF and DKIM.
The Synchronet wiki page for email security says "Note: DKIM capabilities is currently not available in Synchronet". The page from Google says that they require the following:
- All senders: SPF or DKIM
- Bulk senders: SPF, DKIM, and DMARK
I'm not a bulk sender, and since it says SPF OR DKIM, I thought either one would suffice (i.e., only SPF).
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 412 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 124:58:31 |
| Calls: | 8,600 |
| Calls today: | 1 |
| Files: | 13,231 |
| Messages: | 5,936,864 |