-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2014-11-25 09:44, Per Jessen wrote:
It looks like the Telefonica host rejects due to a
failing SPF check.
My guess is that the sender's SPF record does not include the opensuse
forwarding host. (obviously). Forwarding of mails is a typical problem
with SPF. Usually the forwarding server is advised to implement SRS.
That's what I'm starting to think. My ISP has probably switched to a strict SPF
check, and that the sender ISP requests hard failure, no softfail.
In that case, there is nothing that
opensuse.org can do.
I found in google two ways to check it:
nslookup -q=txt
gmx.com
dig
gmx.com txt host localhost
and I get:
;; ANSWER SECTION:
gmx.com. 83796 IN TXT "v=spf1 ip4:213.165.64.0/23
ip4:74.208.5.64/26 ip4:74.208.122.0/26 ip4:212.227.126.128/25 ip4:212.227.15.0/24
ip4:212.227.17.0/27 ip4:74.208.4.192/26 ip4:82.165.159.0/24 ip4:50.22.171.0/28 -all"
gmx.com. 83796 IN TXT
"google-site-verification=YxvYPeuavgDRQDYTX-3dSD3JNMsDn5yO7loiNot-h0Q"
And looking at the wikipedia:
http://en.wikipedia.org/wiki/Sender_Policy_Framework#Implementation
ALL Matches always; used for a default result like -all for all IPs not matched by prior
mechanisms.
- - (minus) for FAIL, the mail should be rejected (see below).
My reading is that the sender ISP requests hard fail for IPs not in that list, and my ISP
complies.
opensuse.org triggers the failure, because redirection breaks SPF, so there is nothing to
tell the administrators here because there is nothing they can do
Am I reading it right, or am I mistaken?
The only thing they can do is create something else instead of a redirector, like a real
mail service.
For instance,
ieee.org had a redirector service, and they switched about a year ago to
google services with real email instead, which avoids this problem.
And that would be indeed a matter for this mail list, I believe. :-?
- --
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlR0ikgACgkQtTMYHG2NR9UC7gCfco32d1SGz+XSvxjg+mOZlwMe
rOUAn3WtpuxoIVBYSdecZmNDAWCc4XVU
=yYxF
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org