I used to be able to nicely forward your email from discourse to my gmail over the postfix on my own host, but now gmail rejects it due to dmarc issues.
I was able to receive a message in July, but not later.
Hi @solemnPonie0,
Can you share the email headers for both the original and forwarded message so we can investigate? You can message our account privately or email them to sysadmin@kitware.com
Thank you!
Well, it seems that you, guys, have SPF configured, but not DKIM.
Here is the message:
Received: from discourse.kitware.com (discourse.kitware.com [50.58.123.179])
by :smile:. :heart_eyes:.net (Postfix) with ESMTPS id 9CE1520358
for <test009@:heart_eyes:.net>; Thu, 10 Oct 2024 12:16:22 +0800 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=:heart_eyes:.net;
s=2024-10-06; t=1728533782;
bh=fY93QEg5T+/7w1snetfk5vhbQ1fSrWtLJ/z76E7prFY=;
h=Date:From:Reply-To:To:Subject;
b=VfvNLUu6aNS0vBNMQjBU57miUytQmhr6rFURpo7ZcoguEJoB/F0PK71Kz83Xcm4kv
v6djkmIv6Fx0daVml1NCCze9Ohm6vAZPrUPqYn+vdVeITu49wDcKSqDwUASJ+emqRW
UwTH1l3NyHVz4aFp/xbZutJKQMSvBLqB0tjM2d6JYIBHXAUY+cNISbP6O7YstD2RsI
VxlGe8vYduVFmFup0g69p+DlM2LbPS1d/AtGu6G8q8B/HFBreZ0C45nTX2fTWGJ5jD
VCPxc9FIgT8uWWYIG2en3MB3mBXF5iomx1E0sUcGavn+zewHKS53jJRn/pCBXA/b2s
23+4NtJwZeIKw==
Received: from localhost (unknown [172.17.0.3])
by discourse.kitware.com (Postfix) with ESMTPS id A70B5B6059A
for <test009@:heart_eyes:.net>; Thu, 10 Oct 2024 00:16:41 -0400 (EDT)
Date: Thu, 10 Oct 2024 04:16:41 +0000
From: CMake Discourse <noreply@discourse.cmake.org>
Reply-To: CMake Discourse <noreply@discourse.cmake.org>
To: test009@:heart_eyes:.net
Message-ID: <b0e6b0d4-2cb0-43c6-9d53-11269935daa7@discourse.cmake.org>
Subject: [CMake] Confirm your new account
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_67075529958e8_1f174f3602478569a"
Content-Transfer-Encoding: 7bit
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-TUID: bu6HpFl6+22x
----==_mimepart_67075529958e8_1f174f3602478569a
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Welcome to CMake Discourse!
Click the following link to confirm and activate your new account:
Your domain has SPF, which is quite strict:
discourse.cmake.org. 1799 IN TXT "v=spf1 ip4:66.162.65.208/28 ip4:66.194.253.16/28 ip4:97.65.130.160/28 ip4:50.58.123.176/28 ip4:23.31.117.184/29 ip4:92.65.130.160/28 ~all"
But the message is missing the DKIM signature from your domain.
The DKIM signature that is present is the signature of my domain, which I use for forwarding, and pretty much nothing else, but this does not seem enough for GMail, which is checking DKIM not just for MAIL FROM, but also for the header From:, which is still CMake Discourse <noreply@discourse.cmake.org>. And this DKIM is missing on the inbound message.
And GMail just says “your SPF does not match, go away”.
If I rewrite the header to be of my own email, just like I do with MAIL FROM, the message goes through, but it’s not a nice thing to do, to be honest.
The messages that used to be delivered correctly had the DKIM signature from discourse.cmake.org.
@solemnPonie0 Thanks for sharing that, we can look into adding DKIM in addition to SPF. I sent a test email with DKIM to verify it will work. Please let me know if you receive it via Gmail.
If I understand your process I’m not sure this will work because of identifier misalignment.
DKIM has been enabled on all of our Discourse sites. Let us know if you have any issues.