I'm setting mailgun route to xx#me.com to forward an email to a server at http://xxx:7000/reply.
I tested already the email route and it's fine as well as the server is up both in browser and using curl. However sending an email to xx#me.com still nothing happens.
There is already a similar question but nobody answered:
Can't recieve incoming mail with Mailgun
There are a few requirements for handling incoming emails with Mailgun.
Your account must be verified (email/SMS message)
The domain or subdomain must be added to the account.
SPF & DKIM must be verified and have MX records configured with Mailgun's values. Details for DNS record information
Route filters configured with the recipient domain or subdomain matching. (Example: Domain "bar.com" is added to the account. The expression can match_recipient("foo#bar.com"). If a subdomain is added, then it will need to match the subdomain, e.g. match_recipient("foo#mg.bar.com"))
The error from the linked question would be due to one of the above requirements wasn't fulfilled. A rejection of "550 5.7.1 Relaying denied" from Mailgun's incoming mail servers indicates a domain or subdomain has MX records pointed toward Mailgun's but the domain does not exist within an account.
**Disclaimer I work at Mailgun
I know this is 6 months old, but since I spent 4 hours trying to figure this out, I will share my solution:
There is another cause of the 5.7.1 Relaying denied message: My mailgun account wasn't verified. I saw someone suggest this but I figured they just meant that I had to verify the address I was forwarding to. Nope, when I logged in today I saw a banner at the top saying click here to resend your verification email. I did that, it went through a text message verification process, and all immediately started working!
I know this is quite a stale thread, but I also wanted to chime in here in hopes of saving folks a few hours of their life trying to solve the "550 5.7.1 Relaying denied" caper.
For me? It was what has plagued me on several occasions. I was able to verify via Gmail > 'Settings' > 'Accounts and Import' > 'Add another email address' only after I disconnected from my software-based VPN (Private Internet Access).
[Your sigh or wince here]
Now, go get it... make it happen. ;-)
If you're using MailGun with cPanel (for example, after following this tutorial) and you're getting the 550 5.7.1 Relaying denied error, make sure you're using the MailGun SMTP credentials given after adding your domain (as opposed to your MailGun username and password as the documentation suggests). That was the origin of my own problem.
Another reason for this error code may well be that you are trying to send stuff over SMTP whereas you've indicated on the sending properties of mailgun settings for your domain that you want to use the API...
Related
I've bought a domain and I'm hosting Cloudflare as my DNS host. I mainly use this domain for sending emails.
I use Google workspace for receiving and sending emails, but I also use the Sendgrid API to send one automatic email a day from a simple python program (using Sendgrid's python library) I keep running.
I have correctly authenticated my domain in Sendgrid and added the CNAME records to Cloudflare as Sendgrid advises. I have also configured Google correctly with my domain using their info. I've tested both configurations with their tools.
I'm now in the process of adding extra security to my emails. I've configured SPF, DMARC and DKIM using the simple instructions Google provides. Added all the records once again to my DNS provider (Cloudflare) and started to observe my daily DMARC reports.
I'm using URIports (https://app.uriports.com/) to make sense of these reports :P
Apparently, everything is ok with the mails I send from Google. But not ok with the emails sent via Sengrid. The DMARC analysis is the following:
We have received the following report from google.com about 1 message that was received in the following timespan: 02-13 0:00 (24h). This email was received from IP address xxx.xxx.xxx.xxx with hostname something.outbound-mail.sendgrid.net supposedly from <user>#<mydomain>.
DKIM validation passed because at least one signature is valid
Signature 1 for domain <mydomain> passed. The message was signed, and the signature passed verification tests.
Signature 2 for domain sendgrid.info passed. The message was signed, and the signature passed verification tests but the DKIM signature domain sendgrid.info does not align with the Header-From domain <mydomain>.
SPF and DMARC validations are ok.
I confess I'm lost and I'm searching everywhere without success. Can anyone help me understading in what direction to go?
Can it be a problem with the python program?
Many thanks! Cheers!
Gil
To set your mind at ease, your setup is fine! Nothing to worry about.
DKIM is, among other things a reputation tool. SendGrid is adding two signatures to your emails, one for your domain, which will help pass DMARC authentication. And one for their domain / service. This second one is optional from the DMARC perspective, but may improve Inbox delivery.
There are many services that operate in a similar fashion, adding an additional DKIM signature to outbound emails.
I have an issue where I have a custom domain set up with gmail, I have all DNS pointing to the correct location as defined in the google documentation (4 hours is the smallest TTL my DNS allows me to assign):
I have already set up gmail in google admin, and that all seems correct to me.
The weird thing is that if I send email from the account admin#mycustomdomain.com I can send it and the recipient will receive it.
However if they try to respond, they get an error from Mail Delivery Subsystem saying that it is not delivered, and it never appears in the admin#mycustomdomain.com email address.
Does anyone know what I'm missing? I've made sure that there are no extra MX records that could be messing this up in my DNS as well. I have been googling around about it but I am not finding anything I haven't tried already and am not sure how to debug this.
My team supports a website for a client, and we use SendGrid to send email related to the site on their behalf.
We do not have anything to do with their own email server and I don't at present know anything about it.
So far as I can work out, SendGrid has proper authentication and is an authorised sender for their domain, and almost 98% of email is delivered successfully.
However, we have had a handful of bounces with the reason "550 relaying denied" and all of these were to addresses at our client's domain (the same one as their website and the from address of the emails.)
Most emails to their domain were delivered successfully.
Unfortunately I don't have access to the full headers of the bounce emails, only the reason.
I understand that in general this error can either be caused by
the sender not being authenticated correctly. I am very far from being an expert in this but so far as I can tell, there is nothing wrong there. Or
a DNS or similar misconfiguration on the part of the recipient's email domain. I have even less understanding about this and I have no access or responsibility for the client's email server.
My main question is, is there any way the domain being the same as the from address could be related? Being as the email is claiming to be from the same place it's sent to, is it possible for that to affect how it's handled by relays?
If not, I'd also appreciate any pointers on where to look for the issue (or what to advise the client to look at if the problem is likely to be from their end.) I have been trying to research issues with email configuration and authentication but I am very much a novice in this area.
Thanks in advance.
The domain being the same could very well be related, but normally when that happens, the receiving server refuses all mail purporting to be from itself.
Separate from DKIM & SPF, most mail servers believe they alone are responsible for the mail from their domain.com. As such, a lot of them have anti-phishing filters that reject "outside" mail that claims to be from themselves. It's like "You can't be Carrie, I'm Carrie! Go Away!"
The fact that it's only some mail is interesting. The error being relay denied may also be key, though these anti-phishing filters often use "fake" errors to not give away the game.
Do the recipients of the messages that are being rejected have some kind of internal forwarding applied? That may be the cause, in which case that bounce reason is honest.
Or they may have a more defined anti-phishing feature, only rejecting mail From or For certain addresses. You can try testing certain combinations, and see if anything is repeatable.
Ultimately however, it will come down to working with the receiving mail domain's admin, and either updating those rules, or whitelisting the SendGrid IPs that are sending the mail to them.
I've searched all around, made several changes over the past two weeks, and still no luck so here I am.
We just put up a new site, and there are 3 different forms. Each form sends to a different email of theirs, a forwarder that sends to the same email of theirs (I had to make this after I figured out there was a problem with them not receiving emails from the website), and one of our emails.
Currently, they use office 365 for their email. A few days ago I figured out to change the SPF record, so I added the IP of their current website.
Here is the current SPF record:
v=spf1 include:spf.protection.outlook.com ip4:23.229.157.193 a ~all
I'm stumped. I've sent test submissions, and they receive the forward, and I receive it from my email, but the email that it's supposed to be sent to doesn't receive it.
I don't have access to their office 365 account. I tried a different option of sending the emails through swiftmailer, but GoDaddy doesn't allow me to connect to their smtp details, so that's a bust.
Has anyone encountered this problem before and know of a solution? All help is greatly appreciated.
THE SOLUTION:
After hours of calling, I was able to get the problem solved. I should have edited this earlier, but better late than never. In cPanel, there is an area for routing mail. It was set to local, rather than remote. Every email that came through went to the local emails, and since their were none, they were discarded. After changing the option to remote, the emails started flowing through. After the 3rd or 4th call, I reached someone who's actually dealt with this problem because he explained what was happening and the fix in under two minutes, unlike the others. I hope this helps anyone in the future with the same problems I encountered.
If you've configured SPF on your sending smtp server, you can configure a _dmarc
DNS record with an email address for the receiving server to send mail reports to...
Better yet, if this 'new' server is not required to be fully operational while you set up everything - you can set the _dmarc record to tell the receiving server to reject anything that doesn't pass the SPF test.
In any case, if you are setting up an email server that will send messages to any outside Internet address, and you have the ability to install software on the server - you should install and configure:
SPF, DKIM, and have a dmarc DNS record.
If you don't have these items, it's very likely much of your site's notification email will end up in the subscribers' spam box, or worse rejected by the receiving server.
Several good websites that have helped me:
unlocktheinbox.com
dmarcian.com
emailsecuritygrader
protodave.com dkim key checker
appmaildev.com domainkeys test
gettingemaildelivered.com
Short question:
Is there a way to reliably deliver emails using mailgun routes without getting this error message:
Failed: redacted#yahoo.com → redacted#gmail.com 'Re: Sample Subject Line' Server response: 550 550 5.7.1 Unauthenticated email from yahoo.com is not accepted due to domain's 5.7.1 DMARC policy. Please contact administrator of yahoo.com domain if 5.7.1 this was a legitimate mail. Please visit 5.7.1 http://support.google.com/mail/answer/2451690 to learn about DMARC 5.7.1 initiative. pw18si13572314vdb.85 - gsmtp
I like using mailgun routes because it meets my needs perfectly... but it seems that I can't reliably deliver mail to multiple recipients this way.
Long Story
I'm trying to find a service that will allow me to
create an email alias, mylist#mydomain.com
Send emails to mylist#mydomain.com and have that single email delivered to 10-20 people with me as the sender and mylist#mydomain.com in the to field (so "reply" goes to the sender and "reply-all" goes to everyone)
Mailgun routes fit this perfectly
I read their API docs and implemented a solution to read from our group database and make web calls to update my routes. Everything is great.
Everything worked great until I started getting the DMARC messages. Is there a way to avoid this? We're a small group (but dynamic) group and we'd like to make sending emails easy.
Thanks~!
Mailgun is now providing mailing list support, so you only need to create a new mailing list mylist#mydomain.com, add members to it, and then each members can discuss by sending an email to mylist#mydomain.com.
See https://documentation.mailgun.com/user_manual.html#mailing-lists