SRS and autoreply on gmail

[rclemings]

One of my users is having a problem with autoreplies to her aliased gmail address being misrouted.

See: Autoreply with SRS for what appears to be a similar problem. There it is attributed to exim's SRS implementation. We do have "Enable Sender Rewriting Scheme (SRS) Support" set to "on" in our exim configuration.

Specifically, my user's real email address is (masked) [email protected]. She has a forwarder on our system. [email protected], which forwards to [email protected].

She went into gmail and set up an out-of-office autoreply for [email protected]. Immediately she started getting bounces.

An example:

An email came in from [email protected].

The autoreply then was addressed not to [email protected], as intended, but to [email protected], which fails because [email protected] is an invalid address.

Is this a known issue or a configuration problem on our end?

 

[cPanelMichael]

The autoreply then was addressed not to [email protected], as intended, but to [email protected], which fails because [email protected] is an invalid address.

Hello,

Are you using any third-party mail services (e.g. SendGrid) on this system? What does the header look like on the email that's delivered to the Google address (the one that triggers the auto-reply)?

Thank you.

 

[rclemings]

Hello,

Are you using any third-party mail services (e.g. SendGrid) on this system? What does the header look like on the email that's delivered to the Google address (the one that triggers the auto-reply)?

Thank you.

No on SendGrid, etc. I'm trying to get the user to send me headers for an example message. Is there a place I can send it to you off-forum so I don't have to mask anything?

 

[cPanelMichael]

Hello,

You can send it via a private message, or post it here with the identifying information removed.

Thank you.

 

[rclemings]

Hello,

You can send it via a private message, or post it here with the identifying information removed.

Thank you.

Apologies for the delay.

I finally have this information (albeit from a different user, who has a gmail-hosted domain) and can send it to you via private message.

But how do I do that? I can't find the way.

 

[cPanelMichael]

Hi @rclemings,

I sent you a private message so you can simply click reply on the conversation.

Thanks!

 

[cPanelMichael]

Hello,

To update, internal case CPANEL-14114 is open to report a scenario where Gmail's autoresponder feature is unable to automatically respond to messages sent from cPanel servers that match the following conditions:

1. The message sent to Gmail stems from an email forwarder configured in cPanel with the @gmail address as the destination.
2. SRS is enabled on the cPanel server.

I'll monitor this case and update this thread with more information as it becomes available.

Thank you.

 

[cPanelMichael]

Hello,

To update, this behavior was determined to be a product of using SRS when the the remote mail server's autoresponder is configured to respond to the "sender" address instead of the "from" address. The workaround is to disable SRS, or to report the issue to the remote mail server (e.g. Gmail) to determine if it's possible to modify their autoresponder's behavior.

Thank you.

 

[rclemings]

Hello,

To update, this behavior was determined to be a product of using SRS when the the remote mail server's autoresponder is configured to respond to the "sender" address instead of the "from" address. The workaround is to disable SRS, or to report the issue to the remote mail server (e.g. Gmail) to determine if it's possible to modify their autoresponder's behavior.

Thank you.

Can you tell whether the intended recipient gets the autoreply or not despite the bounce? Based on a couple of cases I've seen, it looks to me as if the autoreply goes through and the bounce is spurious, but it would be nice to confirm.

 

[cPanelMichael]

Can you tell whether the intended recipient gets the autoreply or not despite the bounce? Based on a couple of cases I've seen, it looks to me as if the autoreply goes through and the bounce is spurious, but it would be nice to confirm.

In the previous report of this issue, the message was bounced instead of delivered. However, if Gmail was able to successfully send the automatic response to the "sender address" it detected, then the message may have gone through. You likely will receive a better answer about the exact behavior of that message from Google.

Thank you.

 

[rclemings]

Following up ...

No luck getting an answer from Google. However, a Gmail user suggests that it is the host's responsibility to "unwrap" the original sender's address from the rewritten envelope return address and route it correctly in the event of autoreplies and bounces.

See "best answer" reply here:
productforums.google.com/forum/#!topic/gmail/nLre7BqsbQA;context-place=topicsearchin/gmail/category$3Amanaging-settings-and-mail|sort:relevance|spell:false

"Gmail sends automatic responses to the return address from the SMTP 'envelope.' In this case, it appears that your email host has started changing the return address using something known as "Sender Rewriting Scheme" (SRS), but they didn't fully implement it. SRS is intended to allow mail forwarders to use SPF, but still get forwarded messages delivered. It encodes the original return address in the rewritten address so that automatic responses can be forwarded to the original sender. Your mail host is using SRS, but not forwarding the responses."

The following appear to support that position (although they speak to bounces rather than autoreplies).

SPF: SRS: "If [email protected] is undeliverable, pobox.com gets the bounce; it unwraps [email protected] and forwards the bounce back to her. Note that no escaping is needed."

Pobox Help: SPF, SRS rewriting and how it affects forwarding email: "But, if your ISP rejects the message for another reason, like your account being over quota, we can still reverse the address, and send the bounce message back to the original message sender."

How to set up aliases: "If for some reason the email ends up bouncing, the NDN will be sent back to [email protected], which we'll get, then unwrap and send back to [email protected]."

If this is correct, it suggests that cPanel's SRS implementation needs to do that unwrapping. What's the best way to make that happen? It strikes me as a bug, since it causes major problems for some users, as opposed to a feature request for new functionality.

 

[cPanelMichael]

If this is correct, it suggests that cPanel's SRS implementation needs to do that unwrapping. What's the best way to make that happen? It strikes me as a bug, since it causes major problems for some users, as opposed to a feature request for new functionality.

Could you open a bug report with the information in your last response so we can take a closer look and determine if it's something we could implement?

Submit A Bug Report

Thank you.

 

[rclemings]

Done, ticket #8828761.

 

[Dave Wilson]

Done, ticket #8828761.

Hi - Just having the same issue and wondering if there was a final outcome to this. I agree that cPanel's SRS implementation needs to do that unwrapping, any other solution involving turning off SRS would be a step backwards.

 

[rclemings]

No final answer that I know of, but I opened a ticket and was given a patch that seemed to solve the problem for at least some senders. (I tested it by sending an email to an alias that redirected to my Gmail account. It worked fine when I sent from my comcast.net address, but not from my yahoo.com address. I didn't try any other senders.)

It's ticket #8828761 if you want to inquire yourself and need to refer them to the details.

 

[cPanelMichael]

Hello,

The workaround in the support ticket was to implement a reverse-path SRS redirect router at the PREVIRTUALUSER include point in "WHM >> Exim Configuration Manager >> Advanced Editor". EX:

bounce_srs_before_catchall:
    driver = redirect
    srs = reverse
    data = ${srs_recipient}

Thank you.

 

[rclemings]

Hello,

The workaround in the support ticket was to implement a reverse-path SRS redirect router at the PREVIRTUALUSER include point in "WHM >> Exim Configuration Manager >> Advanced Editor". EX:

bounce_srs_before_catchall:
    driver = redirect
    srs = reverse
    data = ${srs_recipient}

Thank you.

This may be of interest to anyone still having this issue:

https://support.cpanel.net/hc/en-us/articles/4407861340823-Messages-Addressed-to-an-SRS-Generated-Return-Path-Can-Fail-Intermittently

It doesn't appear that anyone is working on it, unfortunately.