Postfix: How to check if my email headers are RFC5321/RFC5322 compliant?

email postfix email-bounces

We are running a Postfix MTA (version: 3.4.14, OS: Debian 10) and since a short time emails sent to a certain provider (Web.de/GMX) are not being accepted anymore (the emails are sent by an ancient Perl program, which has always worked reliably so far):

Jan 26 10:21:51 hostname postfix/smtp[24531]: 5915310CD43: to=<[email protected]>, relay=mx-ha02.web.de[212.227.17.8]:25, delay=0.34, delays=0. 01/0/0.18/0.15, dsn=5.0.0, status=bounced (host mx-ha02.web.de[212.227.17.8] said: 554-Transaction failed 554-Reject due to policy restrictions. 554 For explanation visit https://web.de/email/senderguidelines?ip=1.3.5.2&c=hi (in reply to end of DATA command))

I sent an email to the operator of Web.de and got the following answer:

E-mails will be rejected by our mail system if the information given in the e-mail header does not comply with the specifications in RFC 5321 and RFC 5322. This includes the following points:

  • The following headers must be syntactically correct: Date, From, Sender, To
  • The headers BCC, CC, Date, From, Sender, Subject and To must not appear more than once.

Therefore, please check the information provided by your system for correctness and contact the administrator of your system if necessary. Please also note our sender guidelines:

https://www.gmx.net/mail/senderguidelines/

https://web.de/email/senderguidelines/

I checked the headers and they don't appear more than once (this is an email I sent to my private email address):

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from mail.mypersonalmta.com
        by mail.mypersonalmta.com with LMTP
        id Mj4HKoIHEGATFAAA8lfkpQ
        (envelope-from <[email protected]>)
        for <[email protected]>; Tue, 26 Jan 2021 13:13:54 +0100
Received: from sender.com (sender.com [1.1.1.1])
        by mail.mypersonalmta.com (Postfix) with ESMTPS id 311DC3EBDA
        for <[email protected]>; Tue, 26 Jan 2021 13:13:54 +0100 (CET)
Received: by sender.com (Postfix, from userid 33)
        id DFAF110CBE9; Tue, 26 Jan 2021 13:13:51 +0100 (CET)
X-Priority: 3 (Normal)
Reply-to: "My Name" <[email protected]>
From: "My Name" <[email protected]>
To: "My Name" <[email protected]>
Subject: =?UTF-8?B?U2VydmVya29uZmlndXJhdGlvbg==?=
Mime-Version: 1.0
Content-type: multipart/mixed;
        boundary="==Serviceplaner==multipart/mixed==0=="
Message-Id: <[email protected]>
Date: Tue, 26 Jan 2021 13:13:51 +0100 (CET)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com;
        s=dk100; t=1611663234;
        h=from:from:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:mime-version:mime-version:
         content-type:content-type; bh=b1FPU+OUKvDQDm+TJNNJ4gnjC2tvP3esicGNZxlMRGU=;
        b=NGDHmG4XaGZYCkDB4iT7MlzYTREHbpL5QrJZm1guR2CsL18B6efRf7SU+roM+p9vaY/8VI
        5g77bu9XiQ1Uz9g2wqHfKQ45Kh7pPjlxxT9gugKBi+Wb0eo0oQQ/C+dLe/LdRRZqnY+4Gc
        lnmpO6FXv9i7sfNXkcHUq62UPQIBT40=
ARC-Seal: i=1; s=dk100; d=mydomain.com; t=1611663234; a=rsa-sha256;
        cv=none;
        b=xMVJHET/VP+NQdzb2osJo1BVLMgCX60/0SL9ZSywsJiDEkUReK8wedi2Ahw+kSBypj+XWO
        TKH7/OZjWxbzUlKeMqFo4kLpHj2ygIu2ThXpYXYbW/D+tNG7CK7f3byz+j8myaddressGj+g9hQ05
        I0LnjAInYPniK8qGsFJG4sXvrUb/7CY=
ARC-Authentication-Results: i=1;
        mail.mypersonalmta.com;
        dkim=none;
        spf=pass (mail.mypersonalmta.com: domain of [email protected] designates 1.1.1.1 as permitted sender) [email protected]
X-Spamd-Bar: ++++
X-Spam-Level: ****
Authentication-Results: mail.mypersonalmta.com;
        dkim=none;
        dmarc=none;
        spf=pass (mail.mypersonalmta.com: domain of [email protected] designates 1.1.1.1 as permitted sender) [email protected]

I don’t know how to check if the email headers are syntactically correct and RFC5321/RFC5322 compliant. I have an idea, but I'm not quite sure: Maybe it's because there's UTF8 in the Subject header (UTF-8 that's converted to ASCII is maybe a problem, I don't know)? How would you proceed in this case? Any ideas? :)


The boilerplate referring to fixing your mail syntax is not likely indicating a problem with that specifically - it is just one of the things you can do while there may not be much you can do about e.g. them (or their information sources, namely Spamhaus) not liking your hosting provider.

One common problem is headers appearing different to the recipient than to you, because of inconsistent folding.

You could be inadvertently ending your headers early and thus missing mandatory headers - or ending one body part without CRLF so the recipient is unable to use the multipart boundary assuming an incomplete mail.

Have some other program parse your mail - your raw mail, not a copy-pasted version where your editor has already neatly canonicalized all line endings with single \n.

cat ~/MAIL/Sent/cur/ui.uid.a,S | python3 -c 'import sys,email,email.policy; print("\n".join(part.get_content_type() for part in email.message_from_file(sys.stdin, policy=email.policy.SMTP+email.policy.strict).walk()))'

Related

Debian: create a new user without home directory
Why is this exclude_lines in filebeat excluding all logs?
Fail2ban keeps sending emails to root rather than my email
How do I change the email address that Google Cloud Platform alerts go to?
How can I check numeric string
Website behind Firewall: How to HTTPS through a Reverse SSH Tunnel? [closed]
Speed issue on using Linux subsystem search on a Windows server [closed]
What is modem MAC MTA address?
Can not ping internal systems while on VPN
Tranforme each item in JSON array to JSON Object
DNS TXT records failing to propogate
Creative solution for a crippled zpool (aka help a dying raid to survive for 1-2 weeks)