haraka / Haraka

A fast, highly extensible, and event driven SMTP server
https://haraka.github.io
MIT License
5.11k stars 660 forks source link

Sender verficiation failed #3346

Closed ravivgolov closed 6 months ago

ravivgolov commented 6 months ago

Hello

2024-05-07T14:13:46.444Z [NOTICE] [AB4B262D-1E18-4E06-9BC2-89A61AA477D3.1.1] [outbound] recipient <test@user.com> rejected: 550 Verification failed for <my@domain.com> Sender verify failed

Which is causing the rejection, the recipient or Haraka? When I try the same email with a different SMTP relay, it works. However, when I switched back to the Haraka SMTP relay, I received a rejection. I have disabled the SPF/DKIM plugin, but I am still getting the same error.

The domain is signed with DKIM, DMARC, and SPF, and passes all tests when I send emails to Gmail. However, it does not work with some other mail servers. I am confident that the problem lies with the configuration in Haraka, because when I send the same email to the same recipient using the same sender email and a different MTA, it works.

Any idea how to debug this in Haraka? Thanks

msimerson commented 6 months ago

The remote rejected the message.

You can increase the logging verbosity to see more of the SMTP conversation but I suspect your issue will be that something about your message isn't what you expect.

ravivgolov commented 6 months ago

Thank you. I will increase the logging verbosity to possibly shed some light on the issue.

Based on your experience, how is it possible in this scenario for the same sender email and the same recipient to be rejected via one relay and accepted via another?

All that changed is the SMTP relay: Failed: swaks --to user@recipient.com --from my@domain.com --server relay1.server.com --port 587 --tls --auth-user user --auth-password pass --header "Subject: Test DKIM signing"

Works: swaks --to user@recipient.com --from my@domain.com --server relay2.server.com --port 587 --tls --auth-user user --auth-password pass --header "Subject: Test DKIM signing" Both are signed with all the required keys and pass all the tests. Is it possible that the IP of relay1 is blacklisted on the recipient server?

msimerson commented 6 months ago

Besides legally cheating on taxes or death, everything is possible. This is not a Haraka issue.