25 Nov
2014
25 Nov
'14
4:57 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Two people (one an Alpine developer) have complained to me that they can
not send email to me on my opensuse.org alias, because it gets bounced to
them with this message from from a suse.de server:
The mail system
<robin.listas (aatt) telefonica.net> (expanded from <carlos.e.r (aatt)
opensuse.org>): host
tnetmx.telefonica.net[86.109.99.69] said: 522 - Failed SPF (in reply to
MAIL FROM command)
I just sent emails to my opensuse address from gmail and from another
account, and both got through, so I can't replicate the problem, nor do I
have full headers.
I don't know how to investigate this, where lies the problem: on the
opensuse redirector, on my ISP being too strict, on the sender side not
supporting spf or setting data incorrectly, or what?
In case there is a problem with the opensuse redirector I ask here first,
otherwise I'll move to another list.
- --
Cheers
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlRz/jMACgkQtTMYHG2NR9WXSgCfWa33QBdC7iXhzlclZMat0dtX
4W8An1WipSWNmkAMaUs+S9x8NRYCxHn3
=MC5s
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
25 Nov
25 Nov
9:44 a.m.
Carlos E. R. wrote:
Hi,
Two people (one an Alpine developer) have complained to me that they
can not send email to me on my opensuse.org alias, because it gets
bounced to them with this message from from a suse.de server:
The mail system
<robin.listas (aatt) telefonica.net> (expanded from <carlos.e.r (aatt)
opensuse.org>): host
tnetmx.telefonica.net[86.109.99.69] said: 522 - Failed SPF (in
reply to MAIL FROM command)
It looks like the Telefonica host rejects due to a failing SPF check.
My guess is that the sender's SPF record does not include the opensuse
forwarding host. (obviously). Forwarding of mails is a typical problem
with SPF. Usually the forwarding server is advised to implement SRS.
--
Per Jessen, Zürich (7.9°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
11:59 a.m.
Issues with any opensuse.org infrastructure are probably best reported
to the admin(a)opensuse.org ticketing system, rather than here where
they might not get the attention of anyone who's able to help
On 25 November 2014 at 09:44, Per Jessen <per(a)computer.org> wrote:
Carlos E. R. wrote:
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
Hi,
Two people (one an Alpine developer) have complained to me that they
can not send email to me on my opensuse.org alias, because it gets
bounced to them with this message from from a suse.de server:
The mail system
<robin.listas (aatt) telefonica.net> (expanded from <carlos.e.r (aatt)
opensuse.org>): host
tnetmx.telefonica.net[86.109.99.69] said: 522 - Failed SPF (in
reply to MAIL FROM command)
It looks like the Telefonica host rejects due to a failing SPF check.
My guess is that the sender's SPF record does not include the opensuse
forwarding host. (obviously). Forwarding of mails is a typical problem
with SPF. Usually the forwarding server is advised to implement SRS.
--
Per Jessen, Zürich (7.9°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
12:14 p.m.
Richard Brown wrote:
Issues with any opensuse.org infrastructure are
probably best reported
to the admin(a)opensuse.org ticketing system, rather than here where
they might not get the attention of anyone who's able to help
Agree. Anyway, we've looked at this issue before -
http://osdir.com/ml/linux.suse.opensuse.project/2008-08/msg00005.html
Solutions such as https://github.com/roehling/postsrsd might be worth a
closer look.
--
Per Jessen, Zürich (7.9°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
2:55 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2014-11-25 09:44, Per Jessen wrote:
It looks like the Telefonica host rejects due to a
failing SPF check.
My guess is that the sender's SPF record does not include the opensuse
forwarding host. (obviously). Forwarding of mails is a typical problem
with SPF. Usually the forwarding server is advised to implement SRS.
That's what I'm starting to think. My ISP has probably switched to a strict SPF
check, and that the sender ISP requests hard failure, no softfail.
In that case, there is nothing that opensuse.org can do.
I found in google two ways to check it:
nslookup -q=txt gmx.com
dig gmx.com txt host localhost
and I get:
;; ANSWER SECTION:
gmx.com. 83796 IN TXT "v=spf1 ip4:213.165.64.0/23
ip4:74.208.5.64/26 ip4:74.208.122.0/26 ip4:212.227.126.128/25 ip4:212.227.15.0/24
ip4:212.227.17.0/27 ip4:74.208.4.192/26 ip4:82.165.159.0/24 ip4:50.22.171.0/28 -all"
gmx.com. 83796 IN TXT
"google-site-verification=YxvYPeuavgDRQDYTX-3dSD3JNMsDn5yO7loiNot-h0Q"
And looking at the wikipedia:
http://en.wikipedia.org/wiki/Sender_Policy_Framework#Implementation
ALL Matches always; used for a default result like -all for all IPs not matched by prior
mechanisms.
- - (minus) for FAIL, the mail should be rejected (see below).
My reading is that the sender ISP requests hard fail for IPs not in that list, and my ISP
complies.
opensuse.org triggers the failure, because redirection breaks SPF, so there is nothing to
tell the administrators here because there is nothing they can do
Am I reading it right, or am I mistaken?
The only thing they can do is create something else instead of a redirector, like a real
mail service.
For instance, ieee.org had a redirector service, and they switched about a year ago to
google services with real email instead, which avoids this problem.
And that would be indeed a matter for this mail list, I believe. :-?
- --
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlR0ikgACgkQtTMYHG2NR9UC7gCfco32d1SGz+XSvxjg+mOZlwMe
rOUAn3WtpuxoIVBYSdecZmNDAWCc4XVU
=yYxF
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
8:42 p.m.
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2014-11-25 09:44, Per Jessen wrote:
There is, see SRS.
It looks like the Telefonica host rejects due to
a failing SPF check.
My guess is that the sender's SPF record does not include the
opensuse
forwarding host. (obviously). Forwarding of mails is a typical
problem
with SPF. Usually the forwarding server is advised to implement SRS.
That's what I'm starting to think. My ISP has probably switched to a
strict SPF check, and that the sender ISP requests hard failure, no
softfail.
In that case, there is nothing that opensuse.org can do. My reading is that the sender ISP requests hard fail
for IPs not in
that list, and my ISP complies.
Right.
opensuse.org triggers the failure, because redirection
breaks SPF, so
there is nothing to tell the administrators here because there is
nothing they can do
They could install/apply SRS. For openSUSE, I think it would be quite a
reasonable thing to do.
The only thing they can do is create something else
instead of a
redirector, like a real mail service. For instance, ieee.org had a
redirector service, and they switched about a year ago to google
services with real email instead, which avoids this problem.
Only if you use the google service. I just have my mail forwarded.
I think Richard Brown was correct, it's a matter for whoever looks after
the openSUSE.org redirection service. Maybe admin(a)opensuse.org.
--
Per Jessen, Zürich (7.9°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
10:21 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2014-11-25 20:42, Per Jessen wrote:
Ah. I'll have a look.
Carlos E. R. wrote:
In that case,
there is nothing that opensuse.org can do.
There is, see SRS. I think Richard Brown was correct, it's a matter
for whoever looks
after the openSUSE.org redirection service. Maybe
admin(a)opensuse.org.
Ok, then.
- --
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlR08uYACgkQtTMYHG2NR9VlHgCghAlZj8drfVTGj5azS5Ny+I4u
XlIAnRkIn7Y2IJY0vHXUo4GMLXsuhvOf
=zW3b
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
27 Nov
27 Nov
3:11 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2014-11-25 22:21, Carlos E. R. wrote:
Done. tickets #4876
- --
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
I think
Richard Brown was correct, it's a matter for whoever looks
after the openSUSE.org redirection service. Maybe
admin(a)opensuse.org.
Ok, then.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlR2iEIACgkQtTMYHG2NR9Wr/gCgkk9EIR6wwovO4xIalFT2ERac
gHwAnRyIALm1z3ov10d8OuPuc/BQ3JE0
=4But
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
2243
days inactive
2245
days old
7 comments
3 participants
participants (3)
-
Carlos E. R. -
Per Jessen -
Richard Brown