2025-09-21 22:56:00
Another hour, another case of PEBCAK.
Emails from my self-hosted Mailcow instance to GMail were getting bounced with this error report:
status=bounced (host gmail-smtp-in.l.google.com said:
550-5.7.26 Unauthenticated email from broehaha.nl is not accepted due to
550-5.7.26 domain's DMARC policy. Please contact the administrator of
550-5.7.26 broehaha.nl domain if this was a legitimate mail. To learn about the
550-5.7.26 DMARC initiative, go to 550 5.7.26 https://support.google.com/mail/?p=DmarcRejection
It took a little fiddling and when I tested with the MXToolbox.com email deliverability tool I found out what was wrong.
While Mailcow was signing my emails with DKIM, the recipient wasn't able to match the signature to my published key. I had erroneously followed the example of another domain of mine, publishing the key as "s1._domainkey". That was wrong.
Mailcow's admin interface specifically tells you the selector in the DNS name. It should be "dkim._domainkey" (or is it "email._domainkey"??). I made both of those and now it works! Gmail validates my signatures, MXToolbox says it's fine too... and even another domain of mine no longer puts the emails in the junk folder. Nice!
kilala.nl tags: sysadmin,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.