Fw: Undelivered Mail Returned to Sender

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Fw: Undelivered Mail Returned to Sender

mmuetzel
I tried to respond to an email to the maintainers mailing list this morning.
But the mail bounced back with the message below.

To me, this looks like either an error in how dreamhost forwards the message to the gnu email address (more likely). Or an error on the gnu side rejecting a message that it shouldn't (less likely).

Did something change with how mails are forwarded from [hidden email] to [hidden email]?

Markus

> Gesendet: Freitag, 10. Juli 2020 um 08:43 Uhr
> Von: "Mail Delivery System" <[hidden email]>
> An: [hidden email]
> Betreff: Undelivered Mail Returned to Sender
>
> This is the mail system at host pdx1-sub0-mail-mx70.g.dreamhost.com.
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> If you are a current customer of DreamHost, please contact our
> technical support team here
>
> https://panel.dreamhost.com/support
>
> If you are not a customer please use our contact form at.
>
> http://dreamhost.com/contact
>
> If you do so, please include this email in your support ticket. You can
> delete your own text from the attached returned message.
>
>                 DreamHost Email Support
>
> <[hidden email]> (expanded from <[hidden email]>): host
>     eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.164 is not allowed to
>     send mail from gmx.de.  Please see 550
>     http://www.openspf.org/Why?scope=mfrom;identity=markus.muetzel@...;ip=64.90.62.164
>     (in reply to RCPT TO command)
>

Am 10. Juli 2020 um 03:36 Uhr schrieb "Kai Torben Ohlhus":
> You are right, with the "--with-pkg-dir" option you specify a custom
> location for the default "/pkg" directory, thus you have to download
> everything all over again.
>

I might be misunderstanding what your wrote. But to maybe clear up a bit where setting the pkg-dir can be useful, please let me give an example:
Assume you would have several local MXE Octave repositories that are configured for incompatible builds (e.g. win64, win32 and native linux). In this case, you could point the pkg-dir of all of these repositories to a common location. That way you *won't* have to download everything all over again for each of the repositories...

Markus

message-delivery-status-attachment (559 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Fw: Undelivered Mail Returned to Sender

chloros
Hi Markus,

the same thing happened to me on wednesday when I replied to one of the
jsondecode emails. I got the same error:

DreamHost Email Support
<[hidden email]> (expanded from <[hidden email]>):
host eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.163 is not
allowed to send mail from gmx.de.

Yet another gmx feature ...

Best regards


On Fri, 2020-07-10 at 14:03 +0200, Markus Mützel wrote:
> I tried to respond to an email to the maintainers mailing list this
> morning.
> But the mail bounced back with the message below.
>


Reply | Threaded
Open this post in threaded view
|

Re: Fw: Undelivered Mail Returned to Sender

mmuetzel
Am 10. Juli 2020 um 17:34 Uhr schrieb "chloros":

> Hi Markus,
>
> the same thing happened to me on wednesday when I replied to one of the
> jsondecode emails. I got the same error:
>
> DreamHost Email Support
> <[hidden email]> (expanded from <[hidden email]>):
> host eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.163 is not
> allowed to send mail from gmx.de.
>
> Yet another gmx feature ...
>
> Best regards
>

I'm not sure this is gmx's fault in this case. I don't think they can do anything if the gnu server bounces the message that dreamhost forwards...

Markus


Reply | Threaded
Open this post in threaded view
|

Re: Fw: Undelivered Mail Returned to Sender

chloros
On Fri, 2020-07-10 at 17:38 +0200, Markus Mützel wrote:

> Am 10. Juli 2020 um 17:34 Uhr schrieb "chloros":
> > Hi Markus,
> >
> > the same thing happened to me on wednesday when I replied to one of
> > the
> > jsondecode emails. I got the same error:
> >
> > DreamHost Email Support
> > <[hidden email]> (expanded from <[hidden email]
> > >):
> > host eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.163 is
> > not
> > allowed to send mail from gmx.de.
> >
> > Yet another gmx feature ...
> >
> > Best regards
> >
>
> I'm not sure this is gmx's fault in this case. I don't think they can
> do anything if the gnu server bounces the message that dreamhost
> forwards...
>
> Markus
>


Hi Markus,

when i search for 'SPF', i get hits that display "Anti-Spam". That
already rings like a bell in my ears. I don't know exactly either, but
what i understand is, that the recipient's mail server (eggs.gnu.org)
comes to the conclusion that the sender IP is not authorized to send
emails for the domain 'gmx.de', according to the SPF record. But then
the SPF record for gmx could be broken.

For example if i check online for 'gmx.de':
SPF Authentication: SPF Failed for IP - 64.90.62.163

Best regards


Reply | Threaded
Open this post in threaded view
|

Re: Fw: Undelivered Mail Returned to Sender

Octave - Maintainers mailing list
In reply to this post by chloros
On 7/10/20 11:34 AM, chloros wrote:

> Hi Markus,
>
> the same thing happened to me on wednesday when I replied to one of the
> jsondecode emails. I got the same error:
>
> DreamHost Email Support
> <[hidden email]> (expanded from <[hidden email]>):
> host eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.163 is not
> allowed to send mail from gmx.de.
>
> Yet another gmx feature ...


So typically what happens is that either an email listserver or
someone's forwarding results in an email that claims to be from you but
actually coming from gmx. The email headers specify SPF checks, and the
gnu.org MTA obediently verifies them and balks. That's why modern
listservers say things like From: listserver.us on behalf of
[hidden email]--the SPF is correct wrt. the actual sender, and yet you can
still see who actually originated the email.


Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

mmuetzel
In reply to this post by mmuetzel
> Am 10. Juli 2020 um 18:29 Uhr schrieb "chloros":
> > On Fri, 2020-07-10 at 17:38 +0200, Markus Mützel wrote:
> > > Am 10. Juli 2020 um 17:34 Uhr schrieb "chloros":
> > > > Hi Markus,
> > > >
> > > > the same thing happened to me on wednesday when I replied to one of
> > > > the
> > > > jsondecode emails. I got the same error:
> > > >
> > > > DreamHost Email Support
> > > > <[hidden email]> (expanded from <[hidden email]
> > > > >):
> > > > host eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.163 is
> > > > not
> > > > allowed to send mail from gmx.de.
> > > >
> > > > Yet another gmx feature ...
> > > >
> > > > Best regards
> > > >
> > >
> > > I'm not sure this is gmx's fault in this case. I don't think they can
> > > do anything if the gnu server bounces the message that dreamhost
> > > forwards...
> > >
> > > Markus
> > >
> >
> > Hi Markus,
> >
> > when i search for 'SPF', i get hits that display "Anti-Spam". That
> > already rings like a bell in my ears. I don't know exactly either, but
> > what i understand is, that the recipient's mail server (eggs.gnu.org)
> > comes to the conclusion that the sender IP is not authorized to send
> > emails for the domain 'gmx.de', according to the SPF record. But then
> > the SPF record for gmx could be broken.
> >
> > For example if i check online for 'gmx.de':
> > SPF Authentication: SPF Failed for IP - 64.90.62.163
> >
>
> From the results of a reverse lookup on that address, I'd guess that the IP in the error message belongs to dreamhost:
> PS > nslookup.exe 64.90.62.163
> Name:    mx1.dreamhost.com
> Address:  64.90.62.163
>
> That's why I'd think it is ok that SPF says that no messages from the gmx.de domain should be sent from that IP. And hence, it is probably ok for gnu.org to reject that message.
>
> Instead, dreamhost should probably adapt the sender in the header:
> https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
>
> Markus
>

Forgot to keep the mailing list in CC.


Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

chloros

> > From the results of a reverse lookup on that address, I'd guess
> > that the IP in the error message belongs to dreamhost:
> > PS > nslookup.exe 64.90.62.163
> > Name:    mx1.dreamhost.com
> > Address:  64.90.62.163
> >
> > That's why I'd think it is ok that SPF says that no messages from
> > the gmx.de domain should be sent from that IP. And hence, it is
> > probably ok for gnu.org to reject that message.
> >
> > Instead, dreamhost should probably adapt the sender in the header:
> > https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
> >

Yes, you are right!


Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

mmuetzel
Am 10. Juli 2020 um 19:34 Uhr schrieb "chloros":

> > > From the results of a reverse lookup on that address, I'd guess
> > > that the IP in the error message belongs to dreamhost:
> > > PS > nslookup.exe 64.90.62.163
> > > Name:    mx1.dreamhost.com
> > > Address:  64.90.62.163
> > >
> > > That's why I'd think it is ok that SPF says that no messages from
> > > the gmx.de domain should be sent from that IP. And hence, it is
> > > probably ok for gnu.org to reject that message.
> > >
> > > Instead, dreamhost should probably adapt the sender in the header:
> > > https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
> > >
>
> Yes, you are right!
>

@jwe: Are you managing the dreamhost account?
Do you think they could help setting up the email forward of [hidden email] to [hidden email] correctly?
At the moment gnu.org rejects some of the messages because the sending domain and the IP of the dreamhost server mismatch (see above).

Markus

Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

John W. Eaton
Administrator
On 7/11/20 4:28 AM, Markus Mützel wrote:

> @jwe: Are you managing the dreamhost account?

Yes.

> Do you think they could help setting up the email forward of [hidden email] to [hidden email] correctly?
> At the moment gnu.org rejects some of the messages because the sending domain and the IP of the dreamhost server mismatch (see above).

I'm not sure what to ask them to do.

I have many forwards for each list on the server (not sure that all are
needed, but I added them to be complete since all of these are used by
mailmain):

   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]  [hidden email]
   [hidden email]
[hidden email]
   [hidden email]
[hidden email]

If you want to avoid the forwarding problems, then maybe the best
solution is to just use the @gnu.org addresses directly?

jwe

Reply | Threaded
Open this post in threaded view
|

Re: Fw: Undelivered Mail Returned to Sender

John W. Eaton
Administrator
In reply to this post by Octave - Maintainers mailing list
On 7/10/20 1:04 PM, Przemek Klosowski via Octave-maintainers wrote:

> On 7/10/20 11:34 AM, chloros wrote:
>> Hi Markus,
>>
>> the same thing happened to me on wednesday when I replied to one of the
>> jsondecode emails. I got the same error:
>>
>> DreamHost Email Support
>> <[hidden email]> (expanded from <[hidden email]>):
>> host eggs.gnu.org[209.51.188.92] said: 550-[SPF] 64.90.62.163 is not
>> allowed to send mail from gmx.de.
>>
>> Yet another gmx feature ...
>
>
> So typically what happens is that either an email listserver or
> someone's forwarding results in an email that claims to be from you but
> actually coming from gmx. The email headers specify SPF checks, and the
> gnu.org MTA obediently verifies them and balks. That's why modern
> listservers say things like From: listserver.us on behalf of
> [hidden email]--the SPF is correct wrt. the actual sender, and yet you can
> still see who actually originated the email.

Dreamhost, which is handling the @octave.org mail, is just forwarding
the message to an @gnu.org address that is processed by the mailman
mailing list software.

Is there something that can be changed in mailman to allow the messages
to go through, or are the messages rejected before mailman even sees
them?  I recall a problem with gmail subscribers in the past and that we
made some change to the mailman config so that messages to them would
not bounce.

If messages can't be forwarded to list servers without special treatment
on the system that does the forwarding, then maybe we should phase out
the forwarding addresses.

jwe


Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

mmuetzel
In reply to this post by John W. Eaton
Am 15. Juli 2020 um 11:58 Uhr schrieb "John W. Eaton":

> On 7/11/20 4:28 AM, Markus Mützel wrote:
>
> > @jwe: Are you managing the dreamhost account?
>
> Yes.
>
> > Do you think they could help setting up the email forward of [hidden email] to [hidden email] correctly?
> > At the moment gnu.org rejects some of the messages because the sending domain and the IP of the dreamhost server mismatch (see above).
>
> I'm not sure what to ask them to do.
>
> I have many forwards for each list on the server (not sure that all are
> needed, but I added them to be complete since all of these are used by
> mailmain):
>
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]  [hidden email]
>    [hidden email]
> [hidden email]
>    [hidden email]
> [hidden email]

To be honest, I thought that the mail server on octave.org was managed by dreamhost. But from what you've written, I gather that you manage mailman on that server yourself?

I'm not sure if this will work. But maybe the following will setup SRS on that server (stolen from https://www.howtoforge.com/community/threads/postfix-sender-rewriting-scheme.66290/ ):
# apt-get install postsrsd
# sed -i "s/^SRS_DOMAIN=.*/SRS_DOMAIN=`hostname -f`/" /etc/default/postsrsd
# service postsrsd stop
# service postsrsd start
# postconf -e "sender_canonical_maps = tcp:localhost:10001"
# postconf -e "sender_canonical_classes = envelope_sender"
# postconf -e "recipient_canonical_maps = tcp:localhost:10002"
# postconf -e "recipient_canonical_classes= envelope_recipient,header_recipient"
# postfix reload

If that isn't possible, maybe we could also ask gnu.org to whitelist the IP of the mailserver on octave.org.

>
> If you want to avoid the forwarding problems, then maybe the best
> solution is to just use the @gnu.org addresses directly?

You are right, I could just use the @gnu.org addresses instead (and I usually do now). But it's easy to forget to check which mail address will be used when clicking on "Reply all".

Markus


Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

John W. Eaton
Administrator
On 7/15/20 6:31 AM, Markus Mützel wrote:

> Am 15. Juli 2020 um 11:58 Uhr schrieb "John W. Eaton":
>> On 7/11/20 4:28 AM, Markus Mützel wrote:
>>
>>> @jwe: Are you managing the dreamhost account?
>>
>> Yes.
>>
>>> Do you think they could help setting up the email forward of [hidden email] to [hidden email] correctly?
>>> At the moment gnu.org rejects some of the messages because the sending domain and the IP of the dreamhost server mismatch (see above).
>>
>> I'm not sure what to ask them to do.
>>
>> I have many forwards for each list on the server (not sure that all are
>> needed, but I added them to be complete since all of these are used by
>> mailmain):
>>
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]  [hidden email]
>>     [hidden email]
>> [hidden email]
>>     [hidden email]
>> [hidden email]
>
> To be honest, I thought that the mail server on octave.org was managed by dreamhost. But from what you've written, I gather that you manage mailman on that server yourself?

The mailman mailing list manager runs on a gnu.org system.  There is
also an smtp mail server running on dreamhost that handles the mail for
the octave.org domain.  It forwards the mail sent to @octave.org
addresses that are used for the mailing lists (like those shown above)
to the @gnu.org addresses where mailmain processes the list mail.

> If that isn't possible, maybe we could also ask gnu.org to whitelist the IP of the mailserver on octave.org.

I will ask about that.

jwe

Reply | Threaded
Open this post in threaded view
|

Re: Undelivered Mail Returned to Sender

mmuetzel
Am 15. Juli 2020 um 14:39 Uhr schrieb "John W. Eaton":

> On 7/15/20 6:31 AM, Markus Mützel wrote:
> > Am 15. Juli 2020 um 11:58 Uhr schrieb "John W. Eaton":
> >> On 7/11/20 4:28 AM, Markus Mützel wrote:
> >>> Do you think they could help setting up the email forward of [hidden email] to [hidden email] correctly?
> >>> At the moment gnu.org rejects some of the messages because the sending domain and the IP of the dreamhost server mismatch (see above).
> >>
> >> I'm not sure what to ask them to do.
> >>
> >> I have many forwards for each list on the server (not sure that all are
> >> needed, but I added them to be complete since all of these are used by
> >> mailmain):
> >>
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]  [hidden email]
> >>     [hidden email]
> >> [hidden email]
> >>     [hidden email]
> >> [hidden email]
> >
> > To be honest, I thought that the mail server on octave.org was managed by dreamhost. But from what you've written, I gather that you manage mailman on that server yourself?
>
> The mailman mailing list manager runs on a gnu.org system.  There is
> also an smtp mail server running on dreamhost that handles the mail for
> the octave.org domain.  It forwards the mail sent to @octave.org
> addresses that are used for the mailing lists (like those shown above)
> to the @gnu.org addresses where mailmain processes the list mail.
>
> > If that isn't possible, maybe we could also ask gnu.org to whitelist the IP of the mailserver on octave.org.
>
> I will ask about that.

Whitelisting the dreamhost mail server is probably only the second best solution.
That would mean that gnu.org would need to accept messages from their server independent on the sender domain. That could lead to an increased amount of spam on the mailing list if others are using the dreamhost servers to send or re-route their spam.
Imho, the best solution would still be if the mailserver that does the forwarding would apply SRS when forwarding the mails:
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

But I'm still not sure how the dreamhost product works:
Do they just provide the hardware and you can run any server software with any configuration you would like?
Or do they provide (among other things) an email server for which you just entered the forwards in some kind of web form?
Or is it still something different?

Markus