[Bug 414666] New: opensuse. org emailadresses will fail for default SPF configurations
https://bugzilla.novell.com/show_bug.cgi?id=414666 Summary: opensuse.org emailadresses will fail for default SPF configurations Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: 3rd party software AssignedTo: opensuse-communityscreening@forge.provo.novell.com ReportedBy: fnmueller@opensuse.org QAContact: opensuse-communityscreening@forge.provo.novell.com Found By: Beta-Customer If the sending and the the receiving party of an Email (to @opensuse.org) use providers that use SPF the Email will be bounced as suse.de has not implemented SRS. Instead, they only redirect the Email, which looks like they are trying to fake the sender. This bug is in my eyes very critical as the @opensuse.org receivers do not get notified for faild attempts. I only got aware of it after six month and many many people have failed to send me email to my opensuse.org adress (and finally some managed to complain about it). If the Email is forwarded to gmx or googlemail for instance, it will be turned down by the respective server. I suspect many many opensuse members are hit by this. I already contacted postmaster@suse.de and got this reply: "Hi, disable your rejects on SPF records or whitelist our server on _YOUR_ server. --> host mx1.fnmueller.de[217.13.200.26] said: <-- If you want to use you opensuse.org address, you have to disable SPF checks. The SUSE email server only redirect messages to you and do not rewrite the sender addresses. Your server thinks we are sending unauthorized emails (spam) with @gmx sender addresses. Cheers Matthias" (Sadly, I never got a reply on why SRS is not implemented.) This is imho the worst way to go. All opensuse members would have to be notified as well as they would have to be able to make their providers make the respective changes, which is quite hard for providers like google or gmx. Just not using SPF is not an option either. So SRS should be implemented on suse.de as this will transparently solve the problem for all now existing and future members. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=414666
User benji@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c1
Benjamin Weber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c2
Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=414666
User per.jessen@enidan.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c4
Per Jessen
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c5
--- Comment #5 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c6
--- Comment #6 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User per.jessen@enidan.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c7
--- Comment #7 from Per Jessen
You do not understand. zenez.com publishes an SPF record. I use the -all When I use an gerberb@opensuse.org, the email looks like it came from gerberb@zenez.com instead of gerberb@opensuse.org. It then hits my system claiming to be from gerberb@zenez.com and because of my record it is rejected. With SRS I do not have this problem.
I think that's purely a configuration issue on your side and nothing to do with opensuse at all. And you don't need SRS to solve it either, Postfix will do it for you. I'm using "per@computer.org" from my own mailserver (enidan.com) as well, but when I send mails from here, they don't look like they came from "enidan.com", they look like they came from "per@computer.org", but obviously from an "enidan.com" mailserver. "enidan.com" does publish an SPF record, although with "?all", but there's no way that'll somehow influence who will receive my mails from "per@computer.org". (computer.org does also not publish an SPF record). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c8
--- Comment #8 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c9
--- Comment #9 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c10
--- Comment #10 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c11
--- Comment #11 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User fnmueller@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c12
Felix-Nicolai Müller
https://bugzilla.novell.com/show_bug.cgi?id=414666
User per.jessen@enidan.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c13
--- Comment #13 from Per Jessen
https://bugzilla.novell.com/show_bug.cgi?id=414666
User fnmueller@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c14
--- Comment #14 from Felix-Nicolai Müller
https://bugzilla.novell.com/show_bug.cgi?id=414666
User per.jessen@enidan.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c15
--- Comment #15 from Per Jessen
"Second, the proposed solutions are untried and untested - I don't think it's a good idea to rush into a deployment on a high volume mail server." How do you know that?
Allright, I'm guessing - like Boyd Gerber said a while ago "pysrs is not recommended for postfix", and libsrs2 is still only out for postfix 2.1.4 (whilst postfix has moved on to 2.5.3). Does not sound like tried and tested to me.
"Third, AFAICS, this problem does not affect everyone with an @opensuse.org alias - in fact, it is only a problem when your forwarding-to address is on a mail-server with strict SPF enforcement." Just plain wrong. The forwarding-from address / server is "the problem" (well, not it SPF was properly supported by suse.de). Therefore, if you don't have your opensuse.org address forwarded to a server you have complete control of- you have a problem.
Well, I can only say that my company does a LOT of email forwarding, and the only time SPF causes a problem is when the recipient mail server has strict SPF enforcement. So far we have only hit this problem with one single mail server.
Open communication and a status update from time to time would certainly keep me calmer.
The report has not yet been assigned to anyone. I'm sure something will happen tomorrow. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=414666
User gerberb@zenez.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c16
--- Comment #16 from Boyd Gerber
https://bugzilla.novell.com/show_bug.cgi?id=414666
User aj@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c17
--- Comment #17 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=414666
User adrian@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c18
Adrian Schröter
https://bugzilla.novell.com/show_bug.cgi?id=414666
User mhoppe@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=414666#c19
Matthias Boettger
participants (1)
-
bugzilla_noreply@novell.com