[opensuse-project] opensuse mail redirection problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Two people (one an Alpine developer) have complained to me that they can not send email to me on my opensuse.org alias, because it gets bounced to them with this message from from a suse.de server: The mail system <robin.listas (aatt) telefonica.net> (expanded from <carlos.e.r (aatt) opensuse.org>): host tnetmx.telefonica.net[86.109.99.69] said: 522 - Failed SPF (in reply to MAIL FROM command) I just sent emails to my opensuse address from gmail and from another account, and both got through, so I can't replicate the problem, nor do I have full headers. I don't know how to investigate this, where lies the problem: on the opensuse redirector, on my ISP being too strict, on the sender side not supporting spf or setting data incorrectly, or what? In case there is a problem with the opensuse redirector I ask here first, otherwise I'll move to another list. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlRz/jMACgkQtTMYHG2NR9WXSgCfWa33QBdC7iXhzlclZMat0dtX 4W8An1WipSWNmkAMaUs+S9x8NRYCxHn3 =MC5s -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Carlos E. R. wrote:
It looks like the Telefonica host rejects due to a failing SPF check. My guess is that the sender's SPF record does not include the opensuse forwarding host. (obviously). Forwarding of mails is a typical problem with SPF. Usually the forwarding server is advised to implement SRS. -- Per Jessen, Zürich (7.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Issues with any opensuse.org infrastructure are probably best reported to the admin@opensuse.org ticketing system, rather than here where they might not get the attention of anyone who's able to help On 25 November 2014 at 09:44, Per Jessen <per@computer.org> wrote:
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Richard Brown wrote:
Agree. Anyway, we've looked at this issue before - http://osdir.com/ml/linux.suse.opensuse.project/2008-08/msg00005.html Solutions such as https://github.com/roehling/postsrsd might be worth a closer look. -- Per Jessen, Zürich (7.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-11-25 09:44, Per Jessen wrote:
That's what I'm starting to think. My ISP has probably switched to a strict SPF check, and that the sender ISP requests hard failure, no softfail. In that case, there is nothing that opensuse.org can do. I found in google two ways to check it: nslookup -q=txt gmx.com dig gmx.com txt host localhost and I get: ;; ANSWER SECTION: gmx.com. 83796 IN TXT "v=spf1 ip4:213.165.64.0/23 ip4:74.208.5.64/26 ip4:74.208.122.0/26 ip4:212.227.126.128/25 ip4:212.227.15.0/24 ip4:212.227.17.0/27 ip4:74.208.4.192/26 ip4:82.165.159.0/24 ip4:50.22.171.0/28 -all" gmx.com. 83796 IN TXT "google-site-verification=YxvYPeuavgDRQDYTX-3dSD3JNMsDn5yO7loiNot-h0Q" And looking at the wikipedia: http://en.wikipedia.org/wiki/Sender_Policy_Framework#Implementation ALL Matches always; used for a default result like -all for all IPs not matched by prior mechanisms. - - (minus) for FAIL, the mail should be rejected (see below). My reading is that the sender ISP requests hard fail for IPs not in that list, and my ISP complies. opensuse.org triggers the failure, because redirection breaks SPF, so there is nothing to tell the administrators here because there is nothing they can do Am I reading it right, or am I mistaken? The only thing they can do is create something else instead of a redirector, like a real mail service. For instance, ieee.org had a redirector service, and they switched about a year ago to google services with real email instead, which avoids this problem. And that would be indeed a matter for this mail list, I believe. :-? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlR0ikgACgkQtTMYHG2NR9UC7gCfco32d1SGz+XSvxjg+mOZlwMe rOUAn3WtpuxoIVBYSdecZmNDAWCc4XVU =yYxF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Carlos E. R. wrote:
There is, see SRS.
My reading is that the sender ISP requests hard fail for IPs not in that list, and my ISP complies.
Right.
They could install/apply SRS. For openSUSE, I think it would be quite a reasonable thing to do.
Only if you use the google service. I just have my mail forwarded. I think Richard Brown was correct, it's a matter for whoever looks after the openSUSE.org redirection service. Maybe admin@opensuse.org. -- Per Jessen, Zürich (7.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-11-25 20:42, Per Jessen wrote:
Carlos E. R. wrote:
In that case, there is nothing that opensuse.org can do.
There is, see SRS.
Ah. I'll have a look.
Ok, then. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlR08uYACgkQtTMYHG2NR9VlHgCghAlZj8drfVTGj5azS5Ny+I4u XlIAnRkIn7Y2IJY0vHXUo4GMLXsuhvOf =zW3b -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-11-25 22:21, Carlos E. R. wrote:
Done. tickets #4876 - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlR2iEIACgkQtTMYHG2NR9Wr/gCgkk9EIR6wwovO4xIalFT2ERac gHwAnRyIALm1z3ov10d8OuPuc/BQ3JE0 =4But -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
participants (3)
-
Carlos E. R. -
Per Jessen -
Richard Brown