We've noticed an issue where the email SolidCP sends for email MFA (access to the SolidCP management webUI itself) doesn't ever arrive to the intended mailbox. We traced it down specifically to Google-hosted mailboxes (Gmail and Google Workspaces)
Digging into our mail gateway SMTP logs, we noticed this response from Google:
2025-09-24T14:20:33-04:00 << 550-5.7.1 [<REDACTED MAIL GATEWAY IP>] Messages missing a valid Message-ID header are not 2025-09-24T14:20:33-04:00 << 550-5.7.1 accepted. For more information, go to 2025-09-24T14:20:33-04:00 << 550-5.7.1 https://support.google.com/mail/?p=RfcMessageNonCompliant and review 2025-09-24T14:20:33-04:00 << 550 5.7.1 RFC 5322 specifications. e9e14a558f8ab-425805ae4cdsi83214125ab.205 - gsmtp 2025-09-24T14:20:33-04:00 Failed delivery to aspmx.l.google.com:25 from <REDACTED MAIL GATEWAY IP>, reason: failed when sending dot to end DATA section. Last message from receiving server: 550 5.7.1 [<REDACTED MAIL GATEWAY IP>] Messages missing a valid Message-ID header are not 5.7.1 accepted. For more information, go to 5.7.1 https://support.google.com/mail/?p=RfcMessageNonCompliant and review 5.7.1 RFC 5322 specifications. e9e14a558f8ab-425805ae4cdsi83214125ab.205 - gsmtp 2025-09-24T14:20:33-04:00 Closing connection...
Digging into the message headers of the email, the MFA emails are indeed missing a Message-ID header. According to Google, this is in violation of RFC5322.
While this isn't technically true, since it's in the RFC as optional (though they later stress that emails SHOULD have a message-id header), we can't ignore the practical impact. Google is a very large provider, and MFA emails not delivering to their servers is a problem for a lot of users.
Is this something that can be addressed? Am I overlooking some setting somewhere that would add a message-id to these emails? Is there any kind of workaround I can implement in the interim of a patch or fix?
