"Sender address rejected: Null sender not allowed here" when forwarding e-mail sent from an gmail address

Question

I'm trying to have an e-mail address at my @example.org forward to an external e-mail address outside my domains.

When using my ISPs SMTP relay server, I get the following error:

Dec 27 15:10:40 bowser sm-mta[76444]: 0BREAbT3071556: to=<support@mydomain.org>, delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=32614, relay=my.isp.relay.host.example. [IPv4-address], dsn=5.7.1, reply=554 5.7.1 <my-private-email@gmail.com>: Sender address rejected: Access denied, stat=Service unavailable
Dec 27 15:10:40 bowser sm-mta[76444]: 0BREAbT3071556: 0BREAeT2076444: DSN: Service unavailable
Dec 27 15:10:40 bowser sm-mta[76444]: 0BREAeT2076444: to=<my-private-email@gmail.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=34394, relay=my.isp.relay.host.example. [IPv4-address], dsn=5.7.1, reply=554 5.7.1 <>: Sender address rejected: Null sender not allowed here, stat=Service unavailable
Dec 27 15:10:40 bowser sm-mta[76444]: 0BREAeT2076444: 0BREAeT3076444: return to sender: Service unavailable

Notice the <> after 5.7.1 on line 3

This problem only seems to come when I try to send an e-mail from a gmail account to my intended forward address, if I use the server's own internal mail to send to that address, e-mails are forwarded to the destination address as expected.

So I figured, maybe this gets solved by using the gmail SMTP server instead, but then I got this problem instead: every e-mail sent from my host to any external domain (e.g. @gmail.com) gets the Mail From:-header set to the authenticating gmail account's e-mail address, while the envelope-from and reply to-headers are set to the original sender's e-mail address. This causes GMail and others I'm sure to want to reply to "Firstname Lastname authenticated_address@gmail.com" rather than "Firstname Lastname original_address@example.org"

I have some settings to my sendmail .mc file that have been been appended over the years to get things running, but I can't say with confidence that none of them are causing this issue and breaking the functionality I want. Redacted mc below:

divert(-1)
divert(0)
VERSIONID(`$bowser.example.org.mc 2020-12-27 16:50:00 dadver $')
OSTYPE(freebsd6)dnl
DOMAIN(generic)dnl

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')dnl
FEATURE(blocklist_recipients)dnl
FEATURE(local_procmail)dnl
FEATURE(authinfo, `hash /etc/mail/auth/client-info')dnl
FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl

define(`CERT_DIR', `/usr/local/etc/letsencrypt/live/mail.example.org/')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/chain.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/privkey.pem')dnl
define(`confCRL', `/usr/local/certs/revoke.crl')
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

TRUST_AUTH_MECH(`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

FEATURE(no_default_msa)dnl ## overridden with DAEMON_OPTIONS below

CLIENT_OPTIONS(`Name=IPv4-client-mail.example.org, Family=inet')dnl
CLIENT_OPTIONS(`Name=IPv6-client-mail.example.org, Family=inet6')dnl
DAEMON_OPTIONS(`Name=IPv4-localhost, Addr=127.0.0.1, M=A, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv4-mail.example.org, Addr= my-public-ipv4-ip, M=A, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv6-mail.example.org, Addr= my-public-ipv6-ip, M=A, Family=inet6')dnl
DAEMON_OPTIONS(`Name=IPv6-localhost, Addr=::1, M=A, Family=inet6')dnl
DAEMON_OPTIONS(`Name=MSA-IPv4-localhost, Addr=127.0.0.1, Port=587, M=E')dnl
DAEMON_OPTIONS(`Name=MSA-IPv4-mail.example.org, Addr= my-public-ipv4-ip, Port=587, M=Ea')dnl
DAEMON_OPTIONS(`Name=MSA-IPv6-mail.example.org, Addr= my-public-ipv6-ip, Port=587, M=Ea, Family=inet6')dnl
DAEMON_OPTIONS(`Name=MSA-IPv6-localhost, Addr=::1, Port=587, M=E, Family=inet6')dnl

define(`SMART_HOST', `[my.isp.relay.server]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

INPUT_MAIL_FILTER(`spfmilter',`S=unix:/var/run/spfmilter.sock')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')

define(`confMILTER_MACROS_CONNECT',``b, j, _, {daemon_name}, {if_name}, {if_addr}, {client_addr}'')dnl

define(`confMILTER_MACROS_ENVRCPT',``b, r, v, Z, {rcpt_mailer}, {rcpt_host}, {rcpt_addr}'')dnl

INPUT_MAIL_FILTER(`milter-manager',`S=unix:/var/run/milter-manager/milter-manager.sock')dnl

INPUT_MAIL_FILTER(`dkim-filter', `S=unix:/var/run/dkim/opendkim.sock, F=T, T=R:2m')

define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')dnl

MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

I've tried adding From:gmail.com RELAY and To:destination-host-for-the-forward-to-address RELAY to the access file, adding the destination-host-for-the-forward-to-address to the relay-domains file in order to try to fix the first issue, but no difference.

score 3 · Answer 1 · answered Dec 27 '20 at 18:48

This is all caused by your mail server's interaction with your ISP's mail server, being rejected by that server.

Let's look at what is going on.

Dec 27 15:10:40 bowser sm-mta[76444]: 0BREAbT3071556: to=<support@mydomain.org>, delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=32614, relay=my.isp.relay.host.example. [IPv4-address], dsn=5.7.1, reply=554 5.7.1 <my-private-email@gmail.com>: Sender address rejected: Access denied, stat=Service unavailable

First your server tries to relay your email and gets rejected because they don't like the envelope sender.

Dec 27 15:10:40 bowser sm-mta[76444]: 0BREAeT2076444: to=<my-private-email@gmail.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=34394, relay=my.isp.relay.host.example. [IPv4-address], dsn=5.7.1, reply=554 5.7.1 <>: Sender address rejected: Null sender not allowed here, stat=Service unavailable

Next, your server generates a bounce email and tries to send that bounce message out via the ISP's email server. Bounce messages have an empty envelope sender.

It's not clear why you're trying to send this email via your ISP's server, as (1) you say it works when you send directly, and (2) your business class Internet service should permit you to send mail directly to anywhere (if it doesn't, start yelling at your ISP until they fix it).

With regard to (1), it works when I'm sending e-mail from my own server to the forward e-mail address that gets out to a different server. However when I send an e-mail from a gmail account to my forward e-mail address, the problem arises causing gmail accounts not being able to send to that e-mail address. — dadver, Dec 28 '20 at 11:22
Regarding your second point (my server generates bounce email), is it possible to tell the server to -not- relay mail going locally on my server or even better bounce it to the original sender? As it is now, the bounce e-mail is sent to my local user rather than the sender @gmail.com — dadver, Dec 28 '20 at 11:48
Couldn't this be a case of my ISPs relay server not accepting mails from @gmail.com from my server as my server doesn't adhere to gmails DKIM? — dadver, Dec 28 '20 at 12:45

"Sender address rejected: Null sender not allowed here" when forwarding e-mail sent from an gmail address

1 Answers1