Outbound SMTP (Continued)

Regarding my now-closed “Offloading Mail Services” post:

I have identified a potential issue with using these outbound SMTP services.

Using DuoCircle’s outbound SMTP service, I still have delivery issues.
Not 100% sure it’s responsible but their relay is applying spf authentication to my client.
Even though I authenticate with a username / password and pay $ with a company CC, they still authenticate my client mailer (claws mail on rocky 9.2) using spf and add the following header:

ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=fail smtp.mailfrom=xioplex.com smtp.remote-ip=<verizon residential ip>; dmarc=none header.from=xioplex.com; arc=none header.oldest-pass=0;

You can see spf=fail.
This is because I do not have <verizon residential ip> in my spf record (which of course I should not for various reasons).

Ultimately when sending a message to Gmail, selecting “Show original” indicates ARC: 'FAIL'.
Although it’s not tagged as SPAM, this and the presence of the fios residential ip is the only thing I can see that would cause this error message.

So it seems sending email from a residential IP for a custom domain is proving to be exceptionally difficult.

The only way I can conceive of doing it would be to send mail from my mail server so that I can put it in the spf record and run a DKIM service (this still doesn’t solve periodically being listed on the UCEPROTECT scammers RBLs).

Or find some outbound SMTP service that does NOT authenticate my client mailer using spf (which I would think should be ok if they have all of my intimate details like CC and company info).

Either that or just give-in and use web-mail.

But I REALLY don’t want to give-in and let microsoft or google or anyone else host my private company email.

Ideas would be appricated.


Couple of options. 1st is to relay through verizon’s smtp servers:

You probably need to check with verizon what needs to added to your spf record

The other option is see if you can get a static ip. You can then add that to the SPF. You will also need a rdns/ptr record which matches a Forward A record for the static IP.

Regards Tom.

Thanks Tom.

Actually I think I found a solution (immediately after posting here of course).

I just use my mail server (previously used mostly for receiving mail) to also send mail changing postfix/main.cf to add relayhost = outbound.mailhop.org:587 and added creds to postfix/sasl_passwd.

Then I added my mail servers fixed IP to spf and let DuoCircle handle DKIM.

Kinda convoluted IMO but I recon it’s a fairly typical delegation of responsibilities. It’s just because I’m one guy that this all seems terribly overkill to use two separate servers to handle a few emails. I suppose the real issue is that email is unusual in that there are no pre-established trust relations between authorities. It’s amazing it works at all.


1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.