Re: [DNG] excessive bounces
On Fri, 4 Jan 2019 21:26:45 + Rowland Penny via Dng wrote: > On Fri, 4 Jan 2019 12:53:48 -0800 > Rick Moen wrote: > > > Quoting Rowland Penny via Dng (dng@lists.dyne.org): > > > > > Rick, please stop name dropping and please stop, just stop. > > > > Seriously? I merely asked you, while thanking you for your work on > > Samba, to please say hullo to three of my friends and sometime > > co-workers, as they are on the Samba Team with you. They are in > > fact exactly that, I like them quite a lot, and I haven't seen them > > in far too long -- in some cases, since the dot-com collapse. > > Two of the names you mentioned aren't involved much in Samba any more > and the other lives nearer to you than me. I only mentioned I was a > member of the Samba team to try and show I know that the problem is > unlikely to be at my end. > > > > > For the rest, I have been trying to assist you -- using my longtime > > knowledge of how to investigate Mailman/MTA problems involving my > > own server and that of a number of groups where I'm a longtime > > listadmin. As such, I've told you who can gather the required > > data. If you don't believe me and would rather just pound the > > table about how you believe the problem isn't at Samba's e-mail > > server (which is entirely possible, and examining the logs would > > confirm of deny), then best of luck to you, but I'll definitely not > > repeat the mistake of trying to help you again. > > Thanks, because you were not helping, I need to know when the mails > bounced and why and you cannot help with this. Once I get this info, I > can ssh in and read the relevant logs > OK, after help from Katolaz and Jaromil (again thanks for the help), and with help from one of my Samba team mates the problem has been found. It is all down to an anti-spam rule that Samba uses, the rule is for any address that is info@, so when 'info at smallinnovations dot nl' sent an email to the Devuan mailing list and it was then sent to me, it bounced. Perhaps that user would like to change to change their email address, it wont affect me in future because lists.dyne.org has now been added as an exception, but it could affect others. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting Mike Bird (mgb-dev...@yosemite.net): > I've got a test message trying to go to Rowland and it's running > into the same problem at samba.org. *chuckle* Don't mind me. I'm just enjoying this timely visit from the Irony Fairy. I'd be very surprised if Dng has the bounce processing values set at anything but Mailman defaults. Those are described here: https://www.gnu.org/software/mailman/mailman-admin/node25.html Oddly, that page doesn't state default values, so those are: bounce_processing: yes bounce_score_threshold: 5.0 bounce_info_stale_after: 7 bounce_you_are_disabled_warnings: 3 bounce_you_are_disabled_warnings_interval: 7 bounce_unrecognized_goes_to_list_owner: yes bounce_notify_owner_on_disable: yes bounce_notify_owner_on_removal: yes Softfails such as those you describe from the samba.org SMTP host cause (when delivered back to Mailman) Mailman to increment subscriber's bounce score by 0.5 for each softfail notice from the subscriber's MTA. You speak of 'the retry parameters of this list': That's decided by MTA policy (on the mailing list host), not by the MLM software. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
On Fri January 4 2019 13:33:57 marc wrote: > Also: This isn't strictly a problem, but the highest priority > mail handler for samba.org doesn't seem to be running a mail server > at the moment: > > samba.org. 7200IN MX 5 ns1.samba.org. > samba.org. 7200IN MX 9 ns1.samba.org. > samba.org. 7200IN MX 7 smtp.samba.org. > > ;; Query time: 441 msec > ;; SERVER: 196.22.160.5#53(196.22.160.5) > ;; WHEN: Fri Jan 4 21:26:52 2019 > ;; MSG SIZE rcvd: 84 > > ~$ telnet ns1.samba.org 25 > Trying 144.76.82.137... > Connection failed: Connection refused > Trying 2a01:4f8:192:486::b0... > telnet: Unable to connect to remote host: Network is unreachable I've got a test message trying to go to Rowland and it's running into the same problem at samba.org. That test message should go through eventually but I don't know the retry and bounce parameters of this list so it's quite possible that a few failures could result in a bounce. Rowland, it looks like you need to ssh in and fix samba.org's MX. --Mike [Rowland cc'd because of bounces] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting marc (marc...@welz.org.za): > I see that smtp.samba.org seems to run exim - are the others > experiencing bounces and disabled subscriptions also running exim ? [Just so Dyne.org volunteers needn't explore that:] Exim runs SMTP on my linuxmafia.org host: No pattern of bounces, no MLM-disabling of my subscription's delivery. I've been subscribed since mid-2016. -- Cheers,"He who laughs last, lasts." Rick Moen -- Leo Rosten r...@linuxmafia.com McQ! (4x80) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
On Fri January 4 2019 13:31:59 Rick Moen wrote: > As I've mentioned upthread, I am a (friendly) _outsider_ to Dyne.org, who > runs and administers Mailman and MTAs elsewhere -- and as such have no > access to Dyne's MTA and MLM logs (nor samba.org's MTA logs). The best > help I could think of to give Rowland was to strongly suggest that he > contact the sysadmin teams (not the listadmns) of the hosts involved. TTBOMK bounce notifications if they happen happen immediately following a bounce. Assuming Rowland has received one or more bounce notifications from Mailman he can "ssh in and read the relevant logs" for a short period of time leading up to each bounce notification, as there should be at least one bounce during that time period. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
> Yes, I am totally aware of the above, but, as there is absolutely no > reason for the dng mails sent to me being bounced and that others have > had this happen to them, I feel the problem could be at the dng end. Maybe it is emergent (heh!) problem requiring a particular combination of sending and receiving software ? I see that smtp.samba.org seems to run exim - are the others experiencing bounces and disabled subscriptions also running exim ? Also: This isn't strictly a problem, but the highest priority mail handler for samba.org doesn't seem to be running a mail server at the moment: samba.org. 7200IN MX 5 ns1.samba.org. samba.org. 7200IN MX 9 ns1.samba.org. samba.org. 7200IN MX 7 smtp.samba.org. ;; Query time: 441 msec ;; SERVER: 196.22.160.5#53(196.22.160.5) ;; WHEN: Fri Jan 4 21:26:52 2019 ;; MSG SIZE rcvd: 84 ~$ telnet ns1.samba.org 25 Trying 144.76.82.137... Connection failed: Connection refused Trying 2a01:4f8:192:486::b0... telnet: Unable to connect to remote host: Network is unreachable regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting Mike Bird (mgb-dev...@yosemite.net): > I've been running mail servers and mailing lists for more than two > decades. > > Rick if you can give Rowland specific times (+timezone) of some > bounces that would assist Rowland's admins in finding the actual > reason for the bounces in his mail server's logs. Thank you, Mike, for attempting to help. As I've mentioned upthread, I am a (friendly) _outsider_ to Dyne.org, who runs and administers Mailman and MTAs elsewhere -- and as such have no access to Dyne's MTA and MLM logs (nor samba.org's MTA logs). The best help I could think of to give Rowland was to strongly suggest that he contact the sysadmin teams (not the listadmns) of the hosts involved. FWIW, Mailman listadmins cannot produce the timestamps of 'bounce' events unless they are also shell users. I assist Dyne.org's listadmins on some matters, and know that at least one of those listadmins lacks shell access (and would speculate that the others do, too). As I mentioned, reading MTA logs typically requires root shell, while Mailman logs merely require shell. I wish Rowland luck, but will not be assisting further with this problem. (If you can think of a way for Dyne.org's listadmin to look up 'bounce' timestamps without host shell access, please help them do so. Thanks.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
On Fri, 4 Jan 2019 12:53:48 -0800 Rick Moen wrote: > Quoting Rowland Penny via Dng (dng@lists.dyne.org): > > > Rick, please stop name dropping and please stop, just stop. > > Seriously? I merely asked you, while thanking you for your work on > Samba, to please say hullo to three of my friends and sometime > co-workers, as they are on the Samba Team with you. They are in fact > exactly that, I like them quite a lot, and I haven't seen them in far > too long -- in some cases, since the dot-com collapse. Two of the names you mentioned aren't involved much in Samba any more and the other lives nearer to you than me. I only mentioned I was a member of the Samba team to try and show I know that the problem is unlikely to be at my end. > > For the rest, I have been trying to assist you -- using my longtime > knowledge of how to investigate Mailman/MTA problems involving my own > server and that of a number of groups where I'm a longtime listadmin. > As such, I've told you who can gather the required data. If you don't > believe me and would rather just pound the table about how you believe > the problem isn't at Samba's e-mail server (which is entirely > possible, and examining the logs would confirm of deny), then best of > luck to you, but I'll definitely not repeat the mistake of trying to > help you again. Thanks, because you were not helping, I need to know when the mails bounced and why and you cannot help with this. Once I get this info, I can ssh in and read the relevant logs Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
I've been running mail servers and mailing lists for more than two decades. Rick if you can give Rowland specific times (+timezone) of some bounces that would assist Rowland's admins in finding the actual reason for the bounces in his mail server's logs. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting Rowland Penny via Dng (dng@lists.dyne.org): > Rick, please stop name dropping and please stop, just stop. Seriously? I merely asked you, while thanking you for your work on Samba, to please say hullo to three of my friends and sometime co-workers, as they are on the Samba Team with you. They are in fact exactly that, I like them quite a lot, and I haven't seen them in far too long -- in some cases, since the dot-com collapse. For the rest, I have been trying to assist you -- using my longtime knowledge of how to investigate Mailman/MTA problems involving my own server and that of a number of groups where I'm a longtime listadmin. As such, I've told you who can gather the required data. If you don't believe me and would rather just pound the table about how you believe the problem isn't at Samba's e-mail server (which is entirely possible, and examining the logs would confirm of deny), then best of luck to you, but I'll definitely not repeat the mistake of trying to help you again. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
On Fri, 4 Jan 2019 11:56:29 -0800 Rick Moen wrote: > Correcting mistype: > > > Please, let's work through the scenario. You as rpe...@samba.org > > subscribe to dng@lists.dyne.org. Hypothetically for purposes of > > discussion, for some reason the samba.org SMTP host occasionally > > does either SMTP error code 45x tempfail or 45x hardfail of > > subscriber > ^^^ '55x' > > copies of a Dng post addressed to you. > Rick, please stop name dropping and please stop, just stop. I have no reason to believe the problem is at the Samba's email server, very little gets stopped by it. All I am asking is for some one (probably the person who gets the bounce reports, if there are such things) to tell me when the mails were bounced and why. If you can do this Rick, then great, otherwise, please keep quite. This happens on a regular basis and not just to me. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Correcting mistype: > Please, let's work through the scenario. You as rpe...@samba.org > subscribe to dng@lists.dyne.org. Hypothetically for purposes of > discussion, for some reason the samba.org SMTP host occasionally > does either SMTP error code 45x tempfail or 45x hardfail of subscriber ^^^ '55x' > copies of a Dng post addressed to you. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting Rowland Penny via Dng (dng@lists.dyne.org): > Because, if the mails were bouncing, someone would get the bounce > reports and tell me. I get bounce reports for the samba and > samba-technical mailing lists (I am one of the moderators), so I know > what they look like. Please, let's work through the scenario. You as rpe...@samba.org subscribe to dng@lists.dyne.org. Hypothetically for purposes of discussion, for some reason the samba.org SMTP host occasionally does either SMTP error code 45x tempfail or 45x hardfail of subscriber copies of a Dng post addressed to you. Any SMTP Non-Delivery Report (NDR) or Delivery Status Notification (DSN) notice would be generated not at samba.org but rather at lists.dyne.org, right? Moreover, if for some reason a report were generated at samba.org about the SMTP refusal, logically it would go to the samba.org sysadmins, not to Samba 'list moderators' (or listadmins), because the latter have responsibility for Samba's mailing lists, not Dyne.org's. That's the model I've been used to, so unless I'm missing something very different about your situation, the right people to check logs would be the ones I described. > Are you aware that I am one of the Samba team members ? I am, indeed, and I sincerely thank you and the rest of your and the rest of the Samba Team's work. Please say a cheery 'Hullo' to my friends and erstwhile co-workers Andrew Tridgell, Jeremy Allison, and Rusty Russell. > Yes, I am totally aware of the above, but, as there is absolutely no > reason for the dng mails sent to me being bounced and that others have > had this happen to them, I feel the problem could be at the dng end. If so, that's good news, because once appropriate people look at the appropriate log files, it should be possible to figure out why (it is claimed) some Dng mail addressed to you from lists.dyne.org keeps getting either tempfailed or hardfailed. I would encourage you to concentrate on contacting one or both sysadmin teams. If I had shell with root privilege on either the samba.org or lists.dyne.org host, I'd have been glad to do that work, but sadly I'm an outsider to both projects. I apologoise for requiring _three_ responses last night to cover this matter, but it was quite late in my time zone, and I was rather tired. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
On Fri, 4 Jan 2019 04:21:28 -0800 Rick Moen wrote: > Quoting Rowland Penny via Dng (dng@lists.dyne.org): > > > > It has happened again, my membership to this list has been disabled > > due to excessive bounces. I am fairly sure this isn't true, or I > > would have told by one of the Samba team list moderators. > > > Sorry, just noticed the underlined bit. {scratches head} It's a > mystery to me how and why Samba's _list moderators_ (by which I'm > guessing you mean Samba's listadmins) would even have relevant data, > let alone convey it to you. Because, if the mails were bouncing, someone would get the bounce reports and tell me. I get bounce reports for the samba and samba-technical mailing lists (I am one of the moderators), so I know what they look like. Are you aware that I am one of the Samba team members ? > > Solving these problems, in my experience, requires at minimum > involvement by site sysadmins with access to read MTA logs one one or > both end (mailing list manager = MLM host and your receiving SMTP > host), and preferably also the MLM's logs. Mailman's logs are by > default world-readable by shell users. Typically, MTA logs are not. > Yes, I am totally aware of the above, but, as there is absolutely no reason for the dng mails sent to me being bounced and that others have had this happen to them, I feel the problem could be at the dng end. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting Rowland Penny via Dng (dng@lists.dyne.org): > > It has happened again, my membership to this list has been disabled due to > excessive bounces. I am fairly sure this isn't true, or I would have > told by one of the Samba team list moderators. Sorry, just noticed the underlined bit. {scratches head} It's a mystery to me how and why Samba's _list moderators_ (by which I'm guessing you mean Samba's listadmins) would even have relevant data, let alone convey it to you. Solving these problems, in my experience, requires at minimum involvement by site sysadmins with access to read MTA logs one one or both end (mailing list manager = MLM host and your receiving SMTP host), and preferably also the MLM's logs. Mailman's logs are by default world-readable by shell users. Typically, MTA logs are not. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
I wrote: > dyne.org system administrators can investigate this matter, by > examining the /var/lib/mailman/logs/bounce* log files and > corresponding MTA log entries on lists.dyne.org -- to see when and why > and when the bounce scores for your Dng membership for rpe...@samba.org > has increased, each time that has happened. Equally, the samba.org system administrators could examine _their_ MTA logs to see if/when mail attempts to rpe...@samba.org have recently been softfail or hardfail refused, and the reasons cited. You can and should ask them to. The advantage of having the var/lib/mailman/logs/bounce* entries from the Dyne.org end is to get the timestamps of when the bounce score for subscriber rpe...@samba.org on Dng was incremented -- to then correlate with MTA events. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] excessive bounces
Quoting Rowland Penny via Dng (dng@lists.dyne.org): > It has happened again, my membership to this list has been disabled > due to excessive bounces. I am fairly sure this isn't true, or I would > have told by one of the Samba team list moderators. dyne.org system administrators can investigate this matter, by examining the /var/lib/mailman/logs/bounce* log files and corresponding MTA log entries on lists.dyne.org -- to see when and why and when the bounce scores for your Dng membership for rpe...@samba.org has increased, each time that has happened. (My understanding is that the listadmins for Dng don't have the root shell access required for such investigation, but of course other Dyne.org core people do.) Bounce processing in GNU Mailman is adjustable as to a number of parameters used, both site-wide and per-mailing list, but here is how it goes if using default values: Each time for whatever reason the MTA detects non-delivery of a subscriber's copy, subscriber's bounce score gets incremented by 1 if parsing the MTA diagnostic appears to show a permanent failure, or by 0.5 if the MTA diagnostic appears to show a tempfail. Each day, if the subscriber hasn't had a new bounce event within the past 7 days, subscriber's bounce score resets to zero. Any day when the subscriber's bounce score has risen to 5.0, subscription delivery gets disabled. Once delivery has been disabled (which I gather is what you say was done to your subscription), the subscriber then gets three 'Your membership is disabled' autowarning mails, at intervals of a week, explaining what happened and how to re-enable delivery. If the subscriber doesn't respond, after a month, the subscriber gets unsubscribed. I personally am a (friendly) outsider to dyne.org -- but administer Mailman elsewhere, and so can explain in general terms how the mechanics works. Here's example content from log file /var/lib/mailman/logs/bounce on my own server, linuxmafia.com: Dec 24 18:26:43 2018 (23567) processing 1 queued bounces Dec 24 18:26:43 2018 (23567) skeptic: adity...@sbcglobal.net current bounce score: 2.0 Here is the matching MTA error: # zgrep adity...@sbcglobal.net /var/log/exim4/* | grep 2018-12-24 | grep "SMTP error" /var/log/exim4/mainlog.10.gz:2018-12-24 18:26:42 1gbcPW-00033B-SM ** adity...@sbcglobal.net R=dnslookup T=remote_smtp: SMTP error from remote mail server after MAIL FROM:: host al-ip4-mx-vip2.prodigy.net [144.160.235.144]: 550 5.7.1 Connections not accepted from servers without a valid sender domain.alph739 Fix reverse DNS for 198.144.195.186 # (FWIW, I was somewhat startled to see the claim that my IP address, 198.144.195.186, lacks valid DNS reverse pointing back to my mail domain, as that's just not the case: $ dig -x 198.144.195.186 +short linuxmafia.COM. $ Someone at prodigy.net is screwing things up, it appears -- maybe falsely triggering on the FQDN lettercase difference? But otherwise, I hope the above properly illustrates how Dyne.org sysadmins could research this matter.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
I too get 'em on my gmail account once in a while and have to confirm my subscription. It happens once every 2 months or so, therefore in my case I would not consider it excessive. (-; Clarke ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
On 29/10/2018 02:40, Linux O'Beardly wrote: Hey all, Is anyone else using a gmail account getting excessive bounce errors from the DNG mailing list? It keeps locking out my account. I'm not having any issues with any of my other mailing lists. Happened to me too. Bye! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
On Sun, Oct 28, 2018 at 09:40:57PM -0400, Linux O'Beardly wrote: > Hey all, > > Is anyone else using a gmail account getting excessive bounce errors from > the DNG mailing list? It keeps locking out my account. I'm not having any > issues with any of my other mailing lists. > > -- > Linux O'Beardly > @LinuxOBeardly > http://o.beard.ly > linux.obear...@gmail.com Yes, the same thing happened to me ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
I don't know if it's related, but I noticed that some emails aren't getting put in the lists.dyne.org mailing list archives. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
On Mon, 29 Oct 2018 09:44:43 +, Rowland wrote in message <20181029094443.146cb...@devstation.samdom.example.com>: > On Mon, 29 Oct 2018 10:38:47 +0100 > Harald Arnesen wrote: > > > Linux O'Beardly [10/29/18 2:40 AM]: > > > > > Is anyone else using a gmail account getting excessive bounce > > > errors from the DNG mailing list? It keeps locking out my > > > account. I'm not having any issues with any of my other mailing > > > lists. > > > > Yes, same here. > > I get them as well, but I don't use a gmail account. > > Rowland ..me too, me too, about once a month. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
On Mon, 29 Oct 2018 10:38:47 +0100 Harald Arnesen wrote: > Linux O'Beardly [10/29/18 2:40 AM]: > > > Is anyone else using a gmail account getting excessive bounce errors > > from the DNG mailing list? It keeps locking out my account. I'm not > > having any issues with any of my other mailing lists. > > Yes, same here. I get them as well, but I don't use a gmail account. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive Bounces
Linux O'Beardly [10/29/18 2:40 AM]: > Is anyone else using a gmail account getting excessive bounce errors > from the DNG mailing list? It keeps locking out my account. I'm not > having any issues with any of my other mailing lists. Yes, same here. -- Hilsen Harald ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Daniel, again, thank you for your efforts to collect diagnostic data for the Devuan Project, and for your care and precision. I respect the reasons you're making DMARC work for your domain, and certainly have no argument with you doing so (though I do not come to the same conclusion for my own domain). A few comments that come to mind: Quoting Daniel Abrecht (d...@danielabrecht.ch) > The SPF checks from the report have currently the result None, which > usually indicates that domain does not have an SPF record. I did add > ?mx:lists.dyne.org to my SPF record, which should have resulted in an > SPF result of Neutral, so either the mailing list needs an SPF record, > or google & co. are wrongly reporting a None result instead of a > Neutral one. Let's be careful about what we're speaking about, here. By definition, a posting that transits a mailing list goes through two phases, where to the best of my understanding a different SPF RR is relevant for each. In the first phase, mail arrives at (say) the lists.dyne.org MTA purporting to be from your domain. If the receiving MTA is checking SPF on arriving mail, then it seeks to validate the envelope header of arrived mail against the published SPF RR of the claimed sender domain as reflected in the envelope. A forged mail at this point would have an envelope claiming it's from danielabrecht.ch, but the IP would fail vetting against your A and MX records (declared as authorised senders in your domain's SPF RR). If it's genuine, otherwise. The accepted posting gets handed by the receiving MTA to the MLM software. The MLM software now remails, or to put it another way, creates fresh mails (thus, second phase), with an entirely different SMTP envelope reflecting the MLM's host identity. The internal 'From: ' header is (ideally) left intact, the internal 'To: ' header is customised for each subscriber, and some number of other additions and changes get made by the MLM software prior to handing it off to the outbound MTA. If subscribers' receiving MTAs now attempt, during this second phase, to validate the SMTP envelope, they will do so based on the MLM host's domain, not the original sender's. > When a mail is sent, there are the envelope-to and the envelope-from > (which aren't mail headers), but also To and From headers.[...] Yes, I'm extremely well aware of this. The latter 'From header' is traditionally called the internal 'From:' header to distinguish it from the envelope 'From ' header. I was on NANAE during the incident in which envelope forgery was invented and demonstrated in the famous revenge-spam attack against Joe Doll of Joe's Cyberpost. > Normally when an SPF check is made, the envelope from address is used. > If the mail server doesn't have an SPF header, the SPF result is None > and the receiving mail server should accept the mail. To my knowledge, there is no such thing as an 'SPF header' (except see below). No extra headers get used to implement SPF. It's just a DNS RR that declares what authorised sending MTA hosts exist, and gets used by supporting (receiving) MTAs to vet the envelope sender. (There's also an optional 'Authentication-Results' header that's similar, except for recording border MTAs' results.) My understanding is that some MTAs add a Received-SPF header to all emails arriving via SMTP that test to any result other than 'fail'. This is added _after_ SPF evaluation to record the results of that check. It's advisory, and merely a place to record the result. > There is no point in getting notified if nothing happens or everything > works as expected, but if something didn't work or someone tried to > send a mail in my name and failed, I certainly want to know about > that. Certainly your prerogative, but I personally don't care to get notified when someone tries to forge my domain and fails, because that amounts to getting spam about spam. There's a reason why I've finely tuned logcheck to stop notifying me of pointless and futile attempts to use generic username/password pairs on my sshd, and a thousand other bits of basically meaningless noise that's just part of the routine of having a 24x7 Internet server. > >> 3) The recipient can check if the message content was changed > > > > gpg signing alone can do that. > > gpg and DKIM have a bit different scope. Yes, but both can authenticate and attest to the integrity of whatever dataset was signed. And that thus matches 'can check if the message content was changed'. Just crypto-sign the message contents. Anything extraneous inserted into the signed bloc will cause validation failure. Anything outside it will be obviously _not_ attested to, and recipients should accordingly understand that. You might have more reasonably made the objection 'Ordinary folks won't check PGP attestation.' Maybe not. Personally, I regard this as Not My Problem. If I say something where text integrity really matters, like the body of a CVE, I will PGP-sign it.
Re: [DNG] Excessive bounces
Quoting Simon Hobson (li...@thehobsons.co.uk): > SPF breaks mailing lists and mail forwarders - and this is NOT (IMO) > fixable without introducing a wide open front gate for spammers to > ride through and completely bypass SPF. No. it does not break mailing lists. It _does_ break other common types of forwarders unless they adopt SRS-wrapping. The reason it does not adversely affect mailing lists is that SPF validates only the envelope header: The receving MTA verifies that the delivering MTA's IP address is mentioned in the claimed sending domain's SPF RR (if there is one in that domain's DNS). Consider the envelope header of your own Dng posting, as received by linuxmafia.com's MTA when it received my subscription's copy. Here's the way your post arrived: From dng-boun...@lists.dyne.org Thu Aug 03 05: 8:39 2017 Return-path:Envelope-to: r...@linuxmafia.com So, the envelope sender's domain was dyne.org, not thehobsons.co.uk, and my receiving MTA will perform a DNS check against the former. :r! dig -t txt dyne.org +short "google-site-verification=6FghqJroXIvBY8cutq6ouO0RC-a8qynFu6sJR3S-IbA" "v=spf1 mx ip4:178.62.188.7/32 ip4:188.226.191.63/32 ip4:213.127.180.241/32 -all" "google-site-verification=2XoWrMMTQ7jmgcB_76Y_TQSnWDGhR4e-y_KLqoKOK1Q" :r! dig lists.dyne.org +short 178.62.188.7 And, lo! The envelope sender does validate. You are probably confusing mailing lists, which provide new envelope headers during forwarding citing the forwarding domain, with other forwarders like /etc/alias entries and ~/.forward files. It's the _latter_ that SPF author Meng Wong invented that goofy Sender Rewriting System. Mailing lists, by contrast, don't have the problem he invented that kludge to fix. And, again, Simon, my mail domain linuxmafia.com has had an SPF hardfail directive in its DNS since around 2003, and the specifier is extremely narrow: :r! dig -t txt linuxmafia.com +short "v=spf1 a mx -all" That says 'If a mail's envelope header claims it's from linuxmafia.com, but the delivering MTA doesn't match either linuxmafia.com's DNS A record or its MX record, please consider it definitively a forgery.' I'm on _many_ mailing lists on many hosts. If my mailing list mail had a deliverability problem caused by hardfailing forgeries of my envelope header, I'd have figured that out, some time over hte past 14 years. It does not happen, because mailing lists work better than /etc/alias entries and ~/.forward files by design. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
For what it's worth, SPF, DKIM and DMARC were developed by largely different sets of people, who disagreed without each other about what was acceptable tradeoffs, what was doable and more. The "they" you mention act senselessly because it is not one set of people. Patching up email against spam is a hard problem and you cannot expect wide agreement about the best tradeoffs. IMO the right solution to the problem at hand is to delete dkim signatures during list processing and to tell dmarc supporters to either have their cake or eat it. Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Narcis Garciawrote: > 1. SPF is a friendlier solution and enough for this. SPF breaks mailing lists and mail forwarders - and this is NOT (IMO) fixable without introducing a wide open front gate for spammers to ride through and completely bypass SPF. So consider that *I* publish an SPF record for my domain(s). If I post on a mailing list then I need to include the IP address of the list server in my SPF record - if I don't, then any MX that checks SPF will reject the message. I need to keep the SPF record up to date whenever ANY of the mailers used by ANY of the lists I'm subscribed to changes. Now, with my own mail server, it might just be practical to do that. If you use a hosted service such as hotmail, Gmail, ... then it isn't going to happen. To work around that, the mail list must either be configured to munge the sender address - ugly and breaks traditional usage - or they must use SRS. SRS is the wide open gate I referred to. It basically (AIUI) tells a downstream MX "I am relaying this on behalf of X, but for SPF purposes treat it as having come from me". So all a spammer has to do is send out his spam with the right "looks like SRS" from address and you've bypassed SPF - AFAICS for ANY sender domain ! AFAICS, with SPF/DKIM/DMARC/whatever they come up with tomorrow they seem to be laying gaffer tape on gaffer tape trying to fix something that's fundamentally broken and which they keep breaking even worse with each layer of gaffer tape. And what's more, it seems that most outfits using all this gaffer tape are taping over problems in their own systems - if they didn't accept message they know they won't be delivering, then half the problem would disappear ! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
1. SPF is a friendlier solution and enough for this. 3. GPG signatures is more standard and friendlier solution for this. This kind of tricky solutions (as DKIM) only make people to move to other easier but non-neutral technologies, hosted services such as WhatsApp or web-based. El 03/08/17 a les 00:44, Daniel Abrecht ha escrit: > I'm sorry, I'm using DMARC, and I didn't get the DMARC report about the > bounced mails, probably because I forgot a DMARC DNS entry for the > report receiving mail address. I have changed my DMARC policy from > reject to quarantine for now. > > That said, I won't remove the DMARC record completely, and I plan to > switch my DMARC policy back to reject after this issue has been > resolved. A lot of people claim that DMARC won't work with mailing > lists, but this isn't correct, it's just that most mailing lists aren't > configured in a way that makes DMARC usable, (and no, changing the from > address isn't the correct solution.) > > I use DMARC and believe it to be necessary because it allows me to: > 1) Make sure nobody can use my E-Mail address to impersonate me or send > spam > 2) I will be notified if anyone attempts to do so > 3) The recipient can check if the message content was changed > > That said, the correct way to deal with DKIM, SPF and DMARC protected > mails is to: > 1) Provide an SPF record. This mailing list doesn't seam to have one > 2) Don't change anything from the message below the DKIM headers, add > the other headers before the DKIM signature instead. This will also > solve the problem that some mail clients like the android mail client > don't display text-only mails correctly. > > In think the email body, subject and from header shouldn't be altered > anyway. Of course, changing the from header and removing the DKIM header > would avoid the problem as well, but I'm against that solution since it > obscures who wrote the mail. > > I haven't done much with mailman yet, so I don't know how it needs to be > configured or if it can even be configured that way. I'll take a look at > mailman in a few weeks. > > I've attached two versions of an email I've sent to the list earlier. > The first one contains the message as I received it again from the list. > The second one is edited in such a way that the added headers and the > original message body are preserved and the DKIM check succeeds, only > the added mailing list signature was removed. > > Daniel Abrecht > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Quoting Daniel Abrecht (d...@danielabrecht.ch): > I'm sorry, I'm using DMARC, and I didn't get the DMARC report about the > bounced mails, probably because I forgot a DMARC DNS entry for the > report receiving mail address. I have changed my DMARC policy from > reject to quarantine for now. It would be excellent if you could provide any DMARC reports you get to the Dng listadmins. Thank you. Your point is well taken that DMARC and mailing lists can coexist (I've always concurred with that). It's just difficult, and creates adverse consequences. (As background for this, it's useful to know that DMARC is a composite and extension of SPF and DKIM.) As part of the process, the domain's outgoing mail gets certain headers and body text cryptographically signed and attested to (the DKIM = DomainKeys Identified Mail part of the standard). For such mail to successfully transit a mailing list without breaking validation, the signed text and headers must be completely unchanged. This is a very difficult constraint for MLM software to meet, as occasionally something gets inserted or changed in a header or elsewhere during normal MLM processing, and in particular the To: header by design is supposed to be set upon posting retransmission to the address of each subscriber. To the best of my recollection (and I'm presently busy and cannot double-check all of this), some subset of the full SMTP headers are included in the DKIM attestation. I can't remember which, nor whether the DKIM-issuing operator can decide which. I vaguely recall that the extra headers MLMs intentionally add, the MLM footer, the MLM modification to the Subject header (like adding [DNG]), and more are all somewhat problematic for DKIM validation. There are a maddeningly large and diverse number of ways to deal with the problem, and one can spend a lot of time reading about it. E.g.: https://dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html http://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F Just a point: > I use DMARC and believe it to be necessary because it allows me to: > 1) Make sure nobody can use my E-Mail address to impersonate me or send > spam SPF alone _can_ do exactly that without also needing DKIM/DMARC. (So, sufficient is correct, but necessary is not quite correct.) > 2) I will be notified if anyone attempts to do so SPF alone can prevent it from being possible, hence you don't need to be notified. (This of course assumes that receiving domains check SPF for received mail. Not all do, but more do than check DMARC.) > 3) The recipient can check if the message content was changed gpg signing alone can do that. If your SMTP message content is being changed, though, you actually have a lot bigger problems. > 1) Provide an SPF record. This mailing list doesn't seam to have one The mailing list isn't an orignator. It's the originating domains that ought (to the extent they wish to do so) to have SPF records. > 2) Don't change anything from the message below the DKIM headers, add > the other headers before the DKIM signature instead. To the best of my recollection (I could be misremembering), this is easier said than done. Anyway, thank you for your substantive help to the Devuan Project. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
I'm sorry, I'm using DMARC, and I didn't get the DMARC report about the bounced mails, probably because I forgot a DMARC DNS entry for the report receiving mail address. I have changed my DMARC policy from reject to quarantine for now. That said, I won't remove the DMARC record completely, and I plan to switch my DMARC policy back to reject after this issue has been resolved. A lot of people claim that DMARC won't work with mailing lists, but this isn't correct, it's just that most mailing lists aren't configured in a way that makes DMARC usable, (and no, changing the from address isn't the correct solution.) I use DMARC and believe it to be necessary because it allows me to: 1) Make sure nobody can use my E-Mail address to impersonate me or send spam 2) I will be notified if anyone attempts to do so 3) The recipient can check if the message content was changed That said, the correct way to deal with DKIM, SPF and DMARC protected mails is to: 1) Provide an SPF record. This mailing list doesn't seam to have one 2) Don't change anything from the message below the DKIM headers, add the other headers before the DKIM signature instead. This will also solve the problem that some mail clients like the android mail client don't display text-only mails correctly. In think the email body, subject and from header shouldn't be altered anyway. Of course, changing the from header and removing the DKIM header would avoid the problem as well, but I'm against that solution since it obscures who wrote the mail. I haven't done much with mailman yet, so I don't know how it needs to be configured or if it can even be configured that way. I'll take a look at mailman in a few weeks. I've attached two versions of an email I've sent to the list earlier. The first one contains the message as I received it again from the list. The second one is edited in such a way that the added headers and the original message body are preserved and the DKIM check succeeds, only the added mailing list signature was removed. Daniel Abrecht mails.tar Description: Unix tar archive signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Oh, follow-up (and this, too, is for Devuan's listadmins' attention in particular): > There is an (IMO unhappy but least-bad-available) kludge setting in > Mailman's admin WebUI to make the MLM compensate for DMARC brain-damage: > You go to Privacy Options, Sender Filters, item 'Action to take when > anyone posts to the list from a domain with a DMARC Reject/Quarantine > Policy' aka dmarc_moderation_action. Change the radio button from > Accept (default) to Munge from. I am specifically _not not not_ recommending the similar-looking setting 'Replace the From: header address with the list's posting address to mitigate issues stemming from the original From: domain's DMARC or similar policies' aka from_is_list on General Options. My understanding is that opting for _that_ version of the kludge unconditionally applies it to all postings whether they are from DMARC-encumbered domains or not. My recommendations: On Privacy options, Sender filters: dmarc_moderation_action: Munge from dmarc_quarantine_moderation_action): Yes dmarc_none_moderation_action: no On General options: change nothing. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Quoting Simon Hobson (li...@thehobsons.co.uk): > That's the important thing to look for - and my money is it's related to SPF > and/or DMARC. It won't be SPF. My domain has a strong SPF policy: :r! dig -t txt linuxmafia.com +short "v=spf1 a mx -all" ...and no mailing list post from me or my users violates it. It'll be DMARC. (Long experience says.) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Quoting Jaromil (jaro...@dyne.org): > I am a bit puzzled about this one, we had some reports of the problem > so far, which hasn't occurred before on any other dyne list and is not > really reproducible. > > what we notice is that our mail server is under some quite heavy load > and we are working to move it to a bigger infrastructure by september > > however it is highly available already and seems to process > everything, so I'm not really sure what is happening... any insight is > welcome. Might be DMARC validation failure. (Gods, do I ever detest that stuff.) DMARC is proving to be an utter nightmare for mailing lists, in as much as they are mail forwarders, and DMARC was IMO botched in its ability to accomodate the way they work. From memory, and so I'm probably dropping a bunch of detail: Because MLMs such as Mailman (appropriately) change the internal SMTP headers upon retransmitting the poster's mail to subscribers (notably the To: header), it no longer validates against the sender's domain if it is a DMARC-using one with a strict policy. Yahoo and Gmail are examples of sending domains with strict DMARC policies. There is an (IMO unhappy but least-bad-available) kludge setting in Mailman's admin WebUI to make the MLM compensate for DMARC brain-damage: You go to Privacy Options, Sender Filters, item 'Action to take when anyone posts to the list from a domain with a DMARC Reject/Quarantine Policy' aka dmarc_moderation_action. Change the radio button from Accept (default) to Munge from. To quote the help text: from_is_list (general): Replace the From: header address with the list's posting address to mitigate issues stemming from the original From: domain's DMARC or similar policies. Several protocols now in wide use attempt to ensure that use of the domain in the author's address (ie, in the From: header field) is authorized by that domain. These protocols may be incompatible with common list features such as footers, causing participating email services to bounce list traffic merely because of the address in the From: field. This has resulted in members being unsubscribed despite being perfectly able to receive mail. The following actions are applied to all list messages when selected here. To apply these actions only to messages where the domain in the From: header is determined to use such a protocol, see the dmarc_moderation_action settings under Privacy options... -> Sender filters. Settings: [...] Munge From This action replaces the poster's address in the From: header with the list's posting address and adds the poster's address to the addresses in the original Reply-To: header. So, for example, _if_ my sending domain linuxmafia.com had a strong DMARC policy (which it doesn't, because I hate DMARC with a passion), then the 'Munge from' setting would cause my post to Dng to get this 'From: ' header upon retransmission to subscribers: From: Rick Moen via Dnginstead of the normal From: Rick Moen The reason this helps sidestep DMARC validation is that it's now no longer considered needing validation against linuxmafia.com's (hypothetical) DMARC policy, but rather dyne.org's. I personally detest this solution because, when I send out my sending address on a mailing list, it is deliberately there so that people can, if necessary, contact me offlist. The kludge complicates this, albeit, if I remember correctly, it tries to compensate for the brain-damage by inserting a Reply-To as well. It should be noted that the Munge from kludge thus alters -only- the postings of subscribers from DMARC-damaged^H^H^H^W^W^W^Wusing domains, so only _some_ postings will get disfigured in this manner. Sadly, I recommend opting for this kludge, because otherwise deliverability suffers. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
On Wed, 2 Aug 2017 16:21:34 +0200, Jaromil wrote in message <20170802142134.vlfhg5z4ccbrueb7@reflex>: > On Wed, 02 Aug 2017, Emiliano Marini wrote: > > >Sorry to bother, but it's the second time this happens to me: ..I have this happening all the time, 3 times in July now, on the 4th, 10'th and the 29'th. > > > >"Your membership in the mailing list Dng has been disabled due to > >excessive bounces The last bounce received from you was dated > >23-Jul-2017." > > > >I have a Gmail account, it's Google's fault? or maybe some issue > > with Mailman? > > I am a bit puzzled about this one, we had some reports of the problem > so far, which hasn't occurred before on any other dyne list and is not > really reproducible. > > what we notice is that our mail server is under some quite heavy load > and we are working to move it to a bigger infrastructure by september > > however it is highly available already and seems to process > everything, so I'm not really sure what is happening... any insight is > welcome. ..I also see these bounce warnings coming from debian.org, but those are warnings, not unsubscribes, usually whining along the lines of "I bounce 8% and will get unsubcribed at 80%", to paraphrase. ..maybe we should just set an higher bounce tolerance? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
On 02-08-17 16:41, Simon Hobson wrote: Antony Stonewrote: Is it possible to check the mail server logs for delivery failures on the problematic addresses (which is presumably what the warning email means by "bounces") to see what reason was given by the receiving server? That's the important thing to look for - and my money is it's related to SPF and/or DMARC. The supporters of SPF knew in advance that "it breaks stuff that's in widespread and valid use" but simply declared these activities to be "no longer valid"*. Key bits of the stuff it breaks are mailing lists and email forwarding. The answer for SPF is SRS - which as far as I can tell means having the mailing list/forwarder modify the headers - which effectively means you can bypass SPF checks ! If the sender domain doesn't publish SPF records or the recipient server doesn't check them then all is fine - but if the sender has an SPF record AND the recipient server checks it, then it breaks all traditional mailing list/mail forwarding techniques. So now almost all mailing list admins are having to deal with the pile of excrement handed down by "the big guys" who frankly don't give a about anyone else as long as they can make it LOOK like they are dealing with spam for their customers. Unfortunately, MS (Hotmail, Office 365, etc), Google (gmail etc), and Yahoo, between them have enough clout that you can't really do anything but ask "how high ?" when they ask you to jump :-( Just one reason why I run my own mail server and neither publish nor check SPF records. * Like in the old joke : Q: how many Microsoft people does it take to change a lightbulb ? A: none, they just change the industry standard to dark ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng My mailserver does give some warnings about dkim like: Aug 2 16:40:48 mail opendkim[16133]: 5358E209: tupac2.dyne.org [178.62.188.7] not internal Aug 2 16:40:48 mail opendkim[16133]: 5358E209: not authenticated Aug 2 16:40:48 mail opendkim[16133]: 5358E209: s=20161025 d=gmail.com SSL Aug 2 16:40:48 mail opendkim[16133]: 5358E209: bad signature data And two hard errors last two days: Aug 1 17:25:48 mail opendkim[16133]: E62803F0: key retrieval failed (s=mail, d=dyne.org): 'mail._domainkey.dyne.org' query timed out Aug 2 16:29:03 mail opendkim[16133]: DD24A209: key retrieval failed (s=mail, d=dyne.org): 'mail._domainkey.dyne.org' query timed out Not sure what get added when sending to a maillist but apparently not everything needed. Grtz. Nick ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Antony Stonewrote: > Is it possible to check the mail server logs for delivery failures on the > problematic addresses (which is presumably what the warning email means by > "bounces") to see what reason was given by the receiving server? That's the important thing to look for - and my money is it's related to SPF and/or DMARC. The supporters of SPF knew in advance that "it breaks stuff that's in widespread and valid use" but simply declared these activities to be "no longer valid"*. Key bits of the stuff it breaks are mailing lists and email forwarding. The answer for SPF is SRS - which as far as I can tell means having the mailing list/forwarder modify the headers - which effectively means you can bypass SPF checks ! If the sender domain doesn't publish SPF records or the recipient server doesn't check them then all is fine - but if the sender has an SPF record AND the recipient server checks it, then it breaks all traditional mailing list/mail forwarding techniques. So now almost all mailing list admins are having to deal with the pile of excrement handed down by "the big guys" who frankly don't give a about anyone else as long as they can make it LOOK like they are dealing with spam for their customers. Unfortunately, MS (Hotmail, Office 365, etc), Google (gmail etc), and Yahoo, between them have enough clout that you can't really do anything but ask "how high ?" when they ask you to jump :-( Just one reason why I run my own mail server and neither publish nor check SPF records. * Like in the old joke : Q: how many Microsoft people does it take to change a lightbulb ? A: none, they just change the industry standard to dark ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
Thanks Jaromil, This time happened while I was out, but next time I will report it right away. Cheers, Emiliano. On Wed, Aug 2, 2017 at 11:21 AM, Jaromilwrote: > On Wed, 02 Aug 2017, Emiliano Marini wrote: > > >Sorry to bother, but it's the second time this happens to me: > > > >"Your membership in the mailing list Dng has been disabled due to > >excessive bounces The last bounce received from you was dated > >23-Jul-2017." > > > >I have a Gmail account, it's Google's fault? or maybe some issue with > >Mailman? > > I am a bit puzzled about this one, we had some reports of the problem > so far, which hasn't occurred before on any other dyne list and is not > really reproducible. > > what we notice is that our mail server is under some quite heavy load > and we are working to move it to a bigger infrastructure by september > > however it is highly available already and seems to process > everything, so I'm not really sure what is happening... any insight is > welcome. > > ciao! > > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
On Wednesday 02 August 2017 at 16:21:34, Jaromil wrote: > On Wed, 02 Aug 2017, Emiliano Marini wrote: > >Sorry to bother, but it's the second time this happens to me: > > > >"Your membership in the mailing list Dng has been disabled due to > >excessive bounces The last bounce received from you was dated > >23-Jul-2017." > > > >I have a Gmail account, it's Google's fault? or maybe some issue with > >Mailman? > > I am a bit puzzled about this one, we had some reports of the problem > so far, which hasn't occurred before on any other dyne list and is not > really reproducible. > > what we notice is that our mail server is under some quite heavy load > and we are working to move it to a bigger infrastructure by september > > however it is highly available already and seems to process > everything, so I'm not really sure what is happening... any insight is > welcome. Is it possible to check the mail server logs for delivery failures on the problematic addresses (which is presumably what the warning email means by "bounces") to see what reason was given by the receiving server? Antony. -- Schrödinger's rule of data integrity: the condition of any backup is unknown until a restore is attempted. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
On Wed, 02 Aug 2017, Emiliano Marini wrote: >Sorry to bother, but it's the second time this happens to me: > >"Your membership in the mailing list Dng has been disabled due to >excessive bounces The last bounce received from you was dated >23-Jul-2017." > >I have a Gmail account, it's Google's fault? or maybe some issue with >Mailman? I am a bit puzzled about this one, we had some reports of the problem so far, which hasn't occurred before on any other dyne list and is not really reproducible. what we notice is that our mail server is under some quite heavy load and we are working to move it to a bigger infrastructure by september however it is highly available already and seems to process everything, so I'm not really sure what is happening... any insight is welcome. ciao! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Excessive bounces
On Wed, 2017-08-02 at 10:20 -0300, Emiliano Marini wrote: > Sorry to bother, but it's the second time this happens to me: > > "Your membership in the mailing list Dng has been disabled due to > excessive bounces The last bounce received from you was dated > 23-Jul-2017." > > I have a Gmail account, it's Google's fault? or maybe some issue with > Mailman? I do also have a gmail account, and got the same message as you for the second time. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng