E-mail verification messages sending slow/not working

I’ve been attempting to verify my e-mail multiple times but only received one e-mail, and clicking it did not update my account.

Please remove all but my latest verification request from queue and remove any *@winzlo.com entries from your exclude list, as this is a new setup for a domain I have begun self-hosting mail/web/content through, and would like to begin utilizing Cloudflare for CDN/DNS. Thanks!

I have pinged the right folks who should be able to check for exclusion list entries :slight_smile:

On it.

@winzlo I see the bounced emails and have removed your account from the suppression list, you should be good to go, let us know if you encounter further issues.

2 Likes

Can we try that one more time? The last e-mail I did receive, but when I clicked the link, the time had already expired. That was my bad, had to step away for a minute.

I do not see a recent bounce but went through the removal steps anyway as a justincase.

Ok, I will check my mail/inbox/spam folders and see if anything come through in the next 5 minutes. If it does not, I will attempt to re-send the verification message yet again. I’m receiving other mail, and other mail from Cloudflare, so I am not apt to believe this to be a problem on my end. I am not auto-deleting any messages marked as spam, and watching the queue/logs closely for activity.

Status update. Nothing coming in from Cloudflare in the last 10 minutes. Clicking to re-send validation message.

Ok, I found the problem. Question is, whose side is it on?

DMARC rejected message:
milter-reject for END-OF-MESSAGE. 5.7.1 rejected by DMARC policy for notify.cloudflare.com with invalid ARC result.

My DNS is now fully hosted by ClloudFlare. Is my _dmarc entry not correct? Seems to be working in all other situations.

I think that’s a message from your host about Cloudflare’s configuration…

It shouldn’t have anything to do with your e-mail config.

Are you able to share the originating IP for the e-mail?

My _dmarc. record is:

v=DMARC1; p=none; rua=mailto:postmaster@<domain>

This came from documentation directly from my mail server software’s vendor, and if I understand it correctly, it takes no action and in this case is just a placeholder for the event in which I did take action, and that action would be to send to postmaster@.

Your setup is fine, that wouldn’t be the issue at all :slight_smile:

Originating IP is 192.174.87.157.

This IP doesn’t seem authorised to send for the domain in question.

192.174.87.157 looks a SparkMailPost IP.
They include _spf.sparkpostmail.com, but that seems to result in a weird record.

v=spf1 exists:%{i}._spf.sparkpostmail.com ~all 

This should work per the SPF specs, etc.
The record it wants to check exists, but might be unsupported by @winzlo’s e-mail provider.

dig 192.174.87.157._spf.sparkpostmail.com +short
192.174.87.157

We might need an internal check, @cloonan :slight_smile: This might cause issues.

This is what I get for hosting my own mail server. I know too much more about why things break. :slight_smile: At least it helps more than “It’s broken. Can you make it go?”

Oh yeah, that’s a very easy no-no… e-mail is hard and something one should stay away from lol

Problem is, every time I get my mail hosted, it gets hacked. I decided to bite the bucket, get business internet, servers and host it myself. I’m using Synology MailPlus, which is a postfix derivative, but I can’t be 100% sure about that. It’s a licensed product, and as I said, set up according to the vendor’s specifications. I’m only getting recently rejected mail regarding the DMARC, although spam detection using spamhaus has flagged the messages also, but nothing destructive done to those.

I’d personally go for one of the big vendors, tbh. Way cheaper than what you are doing and, provided good password behaviour and 2fa, you’ll be good.

Honestly not sure how to proceed here.

Maybe @cloonan or @ncormier can force a different e-mail sender on Cloudflare’s end… not a clue.

I am currently investigating this as it definitely seems like a sender issue, and I am seeing what we can do.

Second IP also being rejected by DMARC: 192.174.87.158

The easiest thing I can do is shut off DMARC for the moment, verify and re-enable it. But, that skirts around the bigger problem that Cloudflare seems to have with regards to sending messages to commercial installations that have their own mail solutions. I have a feeling I am an outlier, but not a small minority of cases where this is happening based on the scope Cloudflare operates at.

Much appreciated!