Forward Email with SES, Got "554 Message rejected: Email address is not verified"
-
I am trying to setup an Email account with my domain, and forward all incoming mails to my Gmail account. I tried two methods:
- Set up a mail list in Cloudron Email, and add my Gmail address as list member
- Create the Email address, and set up simple filter in SnappyMail, forward all mails to my Gmail address
When testing, I use
a@gmail.comto send an Email tob@mydomain.comand expects the mail is forwarded toc@gmail.com. I encountered the same error for both approaches. When Cloudron send Email with SES, SES rejected because it cannot verifya@gmail.comas sender.554 Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: A <a@gmail.com>I checked Sieve tutorial, looks like Sieve will also use the original "From" for
redirect. Is there anyway I can forward the Email without replacing SES?Thanks!
-
Can you verify a@gmail.com? I thought you can verify both an email, or/as well as a domain.
-
Can you verify a@gmail.com? I thought you can verify both an email, or/as well as a domain.
@scooke Yes, I guess I can verify
a@gmail.comin SES, but that's not what I want.I would like to forward all Emails sending to
b@mydomain.comto my own Gmail.a@gmail.comis just used for testing.I hope there is an Email forwarding fuction works like "Forward" of regular Email client.
-
I am not familiar with sieve, ChatGPT said Sieve cannot change to "From" in header.
-
Do you have complete control over b@mydomain.com? You can set the various DNS entries?
And maybe you are too focused on a@gmail.com since that's just a test. It seems the main problem is that b@mydomain.com is not forwarding email. If any email is not set up correctly, like a@gmail.com, you can't control. But be sure you can manage b@mydomain.com. Can you? And b@mydomain.com is ON your Cloudron, right? So you are using Cloudron's email server?
-
Do you have complete control over b@mydomain.com? You can set the various DNS entries?
And maybe you are too focused on a@gmail.com since that's just a test. It seems the main problem is that b@mydomain.com is not forwarding email. If any email is not set up correctly, like a@gmail.com, you can't control. But be sure you can manage b@mydomain.com. Can you? And b@mydomain.com is ON your Cloudron, right? So you are using Cloudron's email server?
@scooke Yes, I have control over
mydomain.comand can set DNS entries.I use the Email server of Cloudron. I first tried forward with Email list within Cloudron Email. (create Email list
b@mydomain.comand distribute toc@gmail.com) It has the same issue. SES refuse to send the Email since From isa@gmail.com.Since this doesn't work, I created the Snappymail web client and hope it can support more advanced forward feature.
-
okokokokok 什么?If you are using the Cloudron email server and set it up to use SES, then the error messages most certainly look like SES error messages, and not Cloudron. Read this: https://docs.aws.amazon.com/ses/latest/dg/mail-from.html Suffice to say, setting up SES well and proper is, in my experience, quite a challenge. It is Amazon who won't deliver your email, not Cloudron.
Have you considered just using the built-in SMTP server? That's what I use, and have not had any problems (i'm fortunate that my server IP is still clean, and I monitor my email sending, too).
Read also http://www.open-spf.org/SRS/. There is a small green box in the upper right corner advising you to "whitelist forwarder IP addresses" in the SPF field. Have you done that in your DNS? It would like something like:
v=spf1 a:mydomain.com ip4:xx.xxx.xxx.xxx ~all -
J jdaviescoates referenced this topic on
-
Seems like I might be facing something similar, see my post here: https://forum.cloudron.io/post/101670
I'm using the Cloudron built-in SMTP server.
I wonder if it is also linked to this: https://forum.cloudron.io/post/99711
-
okokokokok 什么?If you are using the Cloudron email server and set it up to use SES, then the error messages most certainly look like SES error messages, and not Cloudron. Read this: https://docs.aws.amazon.com/ses/latest/dg/mail-from.html Suffice to say, setting up SES well and proper is, in my experience, quite a challenge. It is Amazon who won't deliver your email, not Cloudron.
Have you considered just using the built-in SMTP server? That's what I use, and have not had any problems (i'm fortunate that my server IP is still clean, and I monitor my email sending, too).
Read also http://www.open-spf.org/SRS/. There is a small green box in the upper right corner advising you to "whitelist forwarder IP addresses" in the SPF field. Have you done that in your DNS? It would like something like:
v=spf1 a:mydomain.com ip4:xx.xxx.xxx.xxx ~all@scooke said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
advising you to "whitelist forwarder IP addresses" in the SPF field. Have you done that in your DNS? It would like something like: v=spf1 a:mydomain.com ip4:xx.xxx.xxx.xxx ~all
I wonder, does something like that also need to be done for the IPv6 address?
-
For SPF record correctness, have you all verified using the awesome https://www.mail-tester.com/ already?
For email forwarding to gmail, there might be a general problem with Gmail+SRS . This hasn't been tested in a while, so we hvae to look into this for next release.
-
@scooke said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
advising you to "whitelist forwarder IP addresses" in the SPF field. Have you done that in your DNS? It would like something like: v=spf1 a:mydomain.com ip4:xx.xxx.xxx.xxx ~all
I wonder, does something like that also need to be done for the IPv6 address?
@avatar1024 said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
IPv6 address
Here is an OOLLDD post which says "yes" https://serverfault.com/questions/529121/mail-marked-as-spam-with-spf-record-allowing-servers-ipv4-but-not-ipv6
Something a little more "recent" https://stackoverflow.com/questions/19142369/create-both-ipv4-and-ipv6-spf-record
And from last year: https://dmarcly.com/blog/what-is-an-spf-record-and-how-does-it-work-spf-record-explained
Somewhere in this forum there were questions about what servers with IPv6 with hosting or dns or email, and I believe the usual final response is that if the server has active IPv6, then whatever the tech in question is also has to have that active. If not, then deactivate IPV6 on the server. So, I suspect, now, that your Cloudron is using IPv6 to send email and it is that missing SPF record, ip6: which is causing the issue. Try to fix that and tell us what happens. Remember, DNS can take longer than expected to resolve, so be patient.
-
To add to @scooke : generally, only a:my.domain.com is needed. The latest node code is sending via IPv6, if your server has IPv6. This means that the SPF record is correct, only if my.domain.com resolves to the IPv6 (i.e you have an AAAA record for my.domain.com).
To summarize:
- If you disable IPv6 on server entirely, be sure to remove all the AAAA records
- If you have left IPv6 enabled on server but my.domain.com has no AAAA record, then fix this by adding the AAAA record .
I can't think of a reason why you should explicitly need ip4: ip6: in SPF .
-
To add to @scooke : generally, only a:my.domain.com is needed. The latest node code is sending via IPv6, if your server has IPv6. This means that the SPF record is correct, only if my.domain.com resolves to the IPv6 (i.e you have an AAAA record for my.domain.com).
To summarize:
- If you disable IPv6 on server entirely, be sure to remove all the AAAA records
- If you have left IPv6 enabled on server but my.domain.com has no AAAA record, then fix this by adding the AAAA record .
I can't think of a reason why you should explicitly need ip4: ip6: in SPF .
@girish said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
I can't think of a reason why you should explicitly need ip4: ip6: in SPF
TBH I wouldn't be at all surprised if this becomes a widely expected requirement the way things seem to be heading. Cloudron ought to create an SPF record with both included by default IMHO.
-
@scooke said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
advising you to "whitelist forwarder IP addresses" in the SPF field. Have you done that in your DNS? It would like something like: v=spf1 a:mydomain.com ip4:xx.xxx.xxx.xxx ~all
I wonder, does something like that also need to be done for the IPv6 address?
@avatar1024 said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
I wonder, does something like that also need to be done for the IPv6 address?
I think you might well be onto something (just based on a very quick search and finding that people want to do both)
eg. https://stackoverflow.com/questions/19142369/create-both-ipv4-and-ipv6-spf-record#19145933
-
@girish said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
I can't think of a reason why you should explicitly need ip4: ip6: in SPF
TBH I wouldn't be at all surprised if this becomes a widely expected requirement the way things seem to be heading. Cloudron ought to create an SPF record with both included by default IMHO.
@jdaviescoates said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
Cloudron ought to
This is why I manage my DNS by hand using Wildcard. It's easier figuring out what I did wrong.
-
If SRS is not an option (or not obeyed by Gmail) you can look into some advanced sieve stuff:
https://doc.dovecot.org/2.3/configuration_manual/sieve/configuring_auto_forward_sender_address/
-
For SPF record correctness, have you all verified using the awesome https://www.mail-tester.com/ already?
For email forwarding to gmail, there might be a general problem with Gmail+SRS . This hasn't been tested in a while, so we hvae to look into this for next release.
@joseph said in Forward Email with SES, Got "554 Message rejected: Email address is not verified":
For email forwarding to gmail, there might be a general problem with Gmail+SRS . This hasn't been tested in a while, so we hvae to look into this for next release.
Yes I reckon there is at least one problem with SRS rewrite. I always get a bounce with the forward through Cloudron when the original sender and the final recipient are both Gmail.
FYI, probably also in relation to SRS rewrite I also hit this at some point: https://forum.cloudron.io/post/99711.Though since the past few days I have noticed other rare occasional bounce just sending from the server to Gmail, and this one two different servers. IPv6 is set-up properly on both, PTR records checks fine, AAAA records are set-up, IPv6 is activated on Cloudron, DNS are synced....but somehow Gmail still fails to see the PTR for the IPv6.
I have disabled IPv6 again but this time persistently, i.e. disabling on Cloudron and copying on the server
net.ipv6.conf.eth0.disable_ipv6=1in /etc/sysctl.conf. So far so good, but something seems definitely up with Gmail and IPv6 with the Cloudron mail server. -
Thanks to everyone who gave me suggestions. I finally found a solution. ChatGPT provided misleading information—actually, the 'From' field can be modified. Here is the Sieve filter I ultimately used.
require ["editheader", "variables", "copy"]; if true { if header :matches "From" "*" { set "original_from" "${0}"; } else { set "original_from" "unknown@domain.com"; } deleteheader "Reply-To"; addheader "Reply-To" "${original_from}"; deleteheader "From"; deleteheader "DKIM-Signature"; addheader "From" "Forwarder <forwarder@mydomain.com>"; addheader "X-Original-From" "${original_from}"; redirect "myemail@gmail.com"; keep; }
