TLDR: gmail has very strict anti-spam and forwarding emails makes it even tougher to pass their spam filters. The best you can do is run your emails through a test site like mail-tester.com and lookup how to solve each of the issues presented. I found forwarding emails to outlook instead of gmail worked fine. If you find a better solution, let me know in the comments.
The post:
I’m working on migrating an old phpBB forum to another format and running into email problems again. I noticed the software was not sending out any emails. I’m not sure how long this has been an issue. I went into rainloop within cyberpanel to view the email address directly. I tried to send a message from rainloop and I got a message that it “can’t connect to the server”.
I tried a few things and I’m not sure what ultimately fixed the problem. I first made sure I had issued a full SSL certificate to the mail server (mail.domain.com) but I’m not even sure that the emails are going through that domain. I also restarted openlightspeed and went to the manage postfix page and just clicked save, as I wasn’t making any changes. Perhaps that restarted postfix as things worked after that. Not being able to trust that the email is consistent remains a concern for me with using cyberpanel. I never had these issues with cpanel, but I don’t want to abandon cyberpanel just yet if this is something I can figure out.
I tested out one of my email forwarders and found the email was not being forwarded. I checked the email logs which had the following messages:
relay=gmail-smtp-in.l.google.com[142.251.111.26]:25, delay=0.71, delays=0.19/0.01/0.25/0.26, dsn=5.7.25, status=bounced (host gmail-smtp-in.l.google.com[142.251.111.26] said: 550-5.7.25 [144.xxx.xx.xx] The IP address sending this message does not have a
550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not
550-5.7.25 point to the sending IP. As a policy, Gmail does not accept messages
550-5.7.25 from IPs with missing PTR records. Please visit
550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for more
550 5.7.25 information. o22-20020ac84296000000b00342b7e428c9si4280163qtl.117 – gsmtp (in reply to end of DATA command))postfix/smtp[155745]: 0C4552FA2DB: to=<>, relay=gmail-smtp-in.l.google.com[172.253.63.27]:25, delay=0.48, delays=0/0/0.24/0.23, dsn=5.7.25, status=bounced (host gmail-smtp-in.l.google.com[172.253.63.27] said: 550-5.7.25 [144.xxx.xx.xx] The IP address sending this message does not have a
550-5.7.25 PTR record setup, or the corresponding forward DNS entry does not
550-5.7.25 point to the sending IP. As a policy, Gmail does not accept messages
550-5.7.25 from IPs with missing PTR records. Please visit
550-5.7.25 https://support.google.com/mail/answer/81126#ip-practices for more
550 5.7.25 information. hu10-20020a056214234a00b00496c983a460si2413821qvb.561 – gsmtp (in reply to end of DATA command))
I thought I had this issue worked out in this thread I posted on PTR records, but apparently I’ll have to review the information again to see if I can get things working. I had added the PTR record to my DNS settings, but clearly that wasn’t enough.
The one piece I hadn’t fully fixed was the reverse DNS setting. There is a place where you can set the reverse DNS domain in the vultr settings – you select settings from the choices along the top and then under IPv4 you can change the default Reverse DNS settings. Here’s a screen shot:
I then went to Cloudflare and under DNS for the reverse DNS domain I’m using, I added a PTR record. There is a type of DNS setting, like A record and MX record, but called PTR. I used that and set the name and domain name to the reverse DNS domain name itself. But now I’m getting this error message in my logs:
postfix/smtp[161202]: B93982FA2DE: to=<>, relay=gmail-smtp-in.l.google.com[142.251.111.26]:25, delay=0.62, delays=0/0/0.28/0.34, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[142.251.111.26] said:
550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
550-5.7.26 do not pass). SPF check for [] does not pass with ip: [144.xxx.xx.xx
550-5.7.26 ].To best protect our users from spam, the message has been blocked.
550-5.7.26 Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.26 information. bj18-20020a05620a191200b006bae240ea17si4190202qkb.293 – gsmtp (in reply to end of DATA command))
Okay – taking a step back and trying from the start. I sent an email directly from my main email address on the server and it sometimes goes through and sometimes doesn’t.
I’ve done some additional checks to make sure the DKIM setting is accurate, as well as the dmarc and any other configurations I could find. I’ve checked my email score on testing websites and it seems good when sending directly from my cyberpanel addresses in rainloop is scoring well. It now seems only forwarded emails to gmail that are getting rejected with the above message. I’m seeing some people reporting that gmail is particularly sensitive about some of these settings, so I’m going to have to look into it a bit deeper – to see how much is a cyberpanel issues, how much is an issue with the settings I’ve used, and how much is a gmail issue. Frustrating, but maybe not entirely cyberpanel’s fault.
<update> – after lots of testing a variety of settings, the best I could do was fix any issues raised at mail-tester.com and even then gmail was rejecting many forwarded emails – but not consistent. I suspect gmail use a variety of spam detection methods and forwarded emails are going to fail certain checks as the origin sending email does not match the information of the forwarding server. I tried similar tests with a different server set-up with cpanel and gmail was rejecting those messages as well. The only way I could get all of my emails without logging in to view them in rainloop was to forward them to an outlook.com account. I’ve been with gmail since it started and I’m shocked that I’m having this problem and finding a microsoft product superior. When I have time, maybe I’ll do another post about gmail going overboard to the point that users (like me) will start using other email options, at least for forwarded emails.