HELP wanted to understand email rejection

eXTric · January 12, 2025, 11:26am

I would like to ask some help understanding the email rejection I received.
Seems the email is rejected by the recipient SPAM projection because it is send via an IP that does not belong to me.

“Diagnostic-Code: smtp; 550 SPF check failed. 80.67.29.18 is not allowed to send mail from domain.net.”

I don’t know IP 80.67.29.18 and don’t understand how it would be involved is the email chain.

Is there maybe someone who can shed some light on this. Not sure if it is a problem on the recipient side or I should further investigate.

info@abschliff.de
(ultimately generated from info@parkettkleber-shop.de)
host mx10.antispam.mailspamprotection.com [34.149.79.66]
SMTP error from remote mail server after end of data:
550 SPF check failed. 80.67.29.18 is not allowed to send mail from domain.net.
Reporting-MTA: dns; mx09.ispgateway.de
Action: failed
Final-Recipient: rfc822;info@parkettkleber-shop.de
Status: 5.0.0
Remote-MTA: dns; mx10.antispam.mailspamprotection.com
Diagnostic-Code: smtp; 550 SPF check failed. 80.67.29.18 is not allowed to send mail from domain.net.
Return-path: <MyName@domain.net>
Received: from [MYIP] (helo=box.domain.net)
by mx09.ispgateway.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.98)
(envelope-from <MyName@domain.net>)
id 1tWAf1-000000008T4-2aAd
for info@parkettkleber-shop.de;
Fri, 10 Jan 2025 09:46:32 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.net; s=mail;
t=1736498790; bh=klI1hJONsddsArQfmOBEAFGdzPRip5/kbdiW4FzRsOQ=;
h=From:Subject:Date:References:To:In-Reply-To:From;
Received: from authenticated-user (box.domain.net MYIP])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by box.domain.net (Postfix) with ESMTPSA id 27C71DA0097;
Fri, 10 Jan 2025 09:46:28 +0100 (CET)
From: MyName De <MyName@domain.net>
Content-Type: multipart/alternative;
boundary=“Apple-Mail=_4FE47EDE-3928-49A5-A68F-2577C7E00302”
Mime-Version: 1.0
Subject: Re: Deine Bestellung bei Parkettkleber Shop
Date: Fri, 10 Jan 2025 09:46:15 +0100
References: <81483a70013982c0ec02f3d5c5f25e44@parkettkleber-shop.de>
To: Parkettkleber Shop <info@parkettkleber-shop.de>,
info@berger-seidle.shop
In-Reply-To: <81483a70013982c0ec02f3d5c5f25e44@parkettkleber-shop.de>
Message-Id: <52A024BD-925B-4631-9F74-1D7AD6C903B9@domain.net>
X-Received-SPF: pass ( mx09.ispgateway.de: domain of domain.net designates MYIP as permitted sender )
X-DKIM: DKIM passed: (address=MyName@domain.net domain=domain.net), signature is good.

vele · January 12, 2025, 12:31pm

Is your IP identical with the SPF IP?

Are you sending via your own port 25 or you use a relay?

This IP seems to be part of this
https://admin.ispgateway.de/public/index.php?module=chmail

eXTric · January 12, 2025, 2:56pm

Yes this is my IP from the VPS at contabo
I am not using a relay and have a vanilla MiaB.

Not what the ISP gateway does but sounds like this is something managed by recipient

https://www.abuseipdb.com/check/80.67.18.9

vele · January 12, 2025, 7:43pm

The remote hosts rejects your message because it thinks your IP is not allowed according to the SPF record.
Check your spf record here SPF Surveyor - dmarcian

It does not look to me like a vanilla MIAB SPF record from the search

Go to MIAB admin>> Custom DNS and look for a TXT record like this, if it exists:
v=spf1 a ~all
Get rid of the a mechanism, delete the record

If it does not exist, go ahead and add this TXT record:

v=spf1 mx -all

The mx mechanism is default SPF record for MIAB.

See syntax here:

You can also add individual IPv4 and Ipv6 to be sure that the remote host respond more quickly in terms of accepting and rejecting. The syntax of the TXT record is:

v=spf1 mx ip4:X.X.X.X ip4:X.X.X.X ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all

I am not sure why the hosts rejects your SPF. Maybe because of the /32 subnet.

DM me with the full rejected header if you are not able to resolve the issue.
Test by sending to gmail. If the message arrives in gmail go to Show Original and inspect the headers there as well. DMARC, DKIM and SPF should say OK.

andrew · January 12, 2025, 10:03pm

Just a quick thought - was the “original” email actually sent from your box? (Your logs and/or sent folders should be able to tell you.)

It’s possible that original email was a fake from some completely different computer, pretending to be from your box. In that case, the spam/DKIM filtering was working correctly.

We’ve all been tripped up trying to track down things which were not really faults.

eXTric · January 13, 2025, 4:28pm

The IP that is rejected is not my IP. It is the one from ISPGATEWAY 80.67.29.18 which is rejected and I dont understand how it fits into the picture.

I can email my companies corporate exchange, hotmail and gmail with no issues.
SPF validator reveals no errors

vele · January 13, 2025, 7:03pm

Check the logs at that particular time, Fri, 10 Jan 2025 09:46:32 +0100:

run:

cat /var/log/mail.log | grep "postfix/smtp" | grep -P 'status='

Is this particular message sent from your machine? The status in the log should say SENT status=sent
If not, it might be something suspicious such as spoofing.