Re: Mail forwarding issues and SPF
On Mon, Jun 14, 2010 at 6:38 PM, Philip Prindeville wrote: > On 06/14/2010 02:25 PM, Stephen John Smoogen wrote: >> Red Hat IT forwarded an issue to me today about a recipient of >> @fedoraproject.org having an issue with addresses from @redhat.com. >> The issue is that in forwarding email addresses we aren't rewriting >> headers so it looks like we are sending redhat.com addresses from a >> non Red Hat server. The suggested fix is to have procmail rewrite the >> envelope for these to say soemthing like From >> nore...@fedoraproject.org so that SPF and similar filters can work. >> >> I wanted to get some opinions on this >> >> http://www.openspf.org/FAQ/Forwarding >> http://www.irbs.net/internet/postfix/0401/0970.html >> >> https://fedorahosted.org/fedora-infrastructure/ticket/2220 >> >> > > Here was why that bounced: > > Jun 14 14:25:59 mail mimedefang.pl[22579]: o5EKPrwm022834: 5.503 (*) > DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,L_WIN_CHARSET,SPF_NEUTRAL > > > We really don't like windows- encodings. > Well I can't help you much. I supposedly am sending this from a linux system. I think you will need to look at whitelisting fedoraproject.org at the moment as it can not have an SPF record of its own. -- Stephen J Smoogen. “The core skill of innovators is error recovery, not failure avoidance.” Randy Nelson, President of Pixar University. "We have a strategic plan. It's called doing things."" — Herb Kelleher, founder Southwest Airlines ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Mail forwarding issues and SPF
On Mon, Jun 14, 2010 at 17:05:35 -0400, seth vidal wrote: > > I like mdomsch's idea that @redhat.com should change from -all to ~all That solves messages from Redhat, but not all messages to the person who complained. As it is their server doing the rejecting and it will reject other messages from servers that publish spf records. However, solving the problem for redhat.com may cover the vast majority of the problem. ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Mail forwarding issues and SPF
On Mon, 2010-06-14 at 15:57 -0500, Bruno Wolff III wrote: > On Mon, Jun 14, 2010 at 14:25:42 -0600, > Stephen John Smoogen wrote: > > Red Hat IT forwarded an issue to me today about a recipient of > > @fedoraproject.org having an issue with addresses from @redhat.com. > > The issue is that in forwarding email addresses we aren't rewriting > > headers so it looks like we are sending redhat.com addresses from a > > non Red Hat server. The suggested fix is to have procmail rewrite the > > envelope for these to say soemthing like From > > nore...@fedoraproject.org so that SPF and similar filters can work. > > That will break other things. SPF and forwarding don't go well together. > If you really need to do it, there is supposed to a standard for rewriting > the envelope sender address that could be used to forward bounces back > to redhat.com via fedoraproject.org. > The recipient could also relax the checks on their end and accept email > from fedoraproject.org servers. I just read that standard - it could be the single oddest thing I ever read and I'm positive we do not want to implement it. I like mdomsch's idea that @redhat.com should change from -all to ~all -sv ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Mail forwarding issues and SPF
On Mon, Jun 14, 2010 at 14:25:42 -0600, Stephen John Smoogen wrote: > Red Hat IT forwarded an issue to me today about a recipient of > @fedoraproject.org having an issue with addresses from @redhat.com. > The issue is that in forwarding email addresses we aren't rewriting > headers so it looks like we are sending redhat.com addresses from a > non Red Hat server. The suggested fix is to have procmail rewrite the > envelope for these to say soemthing like From > nore...@fedoraproject.org so that SPF and similar filters can work. That will break other things. SPF and forwarding don't go well together. If you really need to do it, there is supposed to a standard for rewriting the envelope sender address that could be used to forward bounces back to redhat.com via fedoraproject.org. The recipient could also relax the checks on their end and accept email from fedoraproject.org servers. ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: *** SECURITY information for people1.fedoraproject.org ***
Sorry, I did not know. I just wanted to test how my package compiles on a secondary test platform. Apology for the attempt made in mistake. > On Mon, Jun 14, 2010 at 1:59 PM, Stephen John Smoogen > wrote: >> On Mon, Jun 14, 2010 at 7:35 AM, wrote: >>> people1.fedoraproject.org : Jun 14 13:35:59 : ebegoli : user NOT in sudoers >>> ; TTY=pts/5 ; PWD=/home/fedora/ebegoli ; USER=root ; COMMAND=/usr/bin/yum >>> install rpmbuild >> >> Hi, the fedora people server is not really intended for building >> packages on it. What were you needing? >> >> >> >> -- >> Stephen J Smoogen. >> “The core skill of innovators is error recovery, not failure avoidance.” >> Randy Nelson, President of Pixar University. >> "We have a strategic plan. It's called doing things."" >> — Herb Kelleher, founder Southwest Airlines >> > ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Mail forwarding issues and SPF
Red Hat IT forwarded an issue to me today about a recipient of @fedoraproject.org having an issue with addresses from @redhat.com. The issue is that in forwarding email addresses we aren't rewriting headers so it looks like we are sending redhat.com addresses from a non Red Hat server. The suggested fix is to have procmail rewrite the envelope for these to say soemthing like From nore...@fedoraproject.org so that SPF and similar filters can work. I wanted to get some opinions on this http://www.openspf.org/FAQ/Forwarding http://www.irbs.net/internet/postfix/0401/0970.html https://fedorahosted.org/fedora-infrastructure/ticket/2220 -- Stephen J Smoogen. “The core skill of innovators is error recovery, not failure avoidance.” Randy Nelson, President of Pixar University. "We have a strategic plan. It's called doing things."" — Herb Kelleher, founder Southwest Airlines ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: *** SECURITY information for people1.fedoraproject.org ***
On Mon, Jun 14, 2010 at 7:35 AM, wrote: > people1.fedoraproject.org : Jun 14 13:35:59 : ebegoli : user NOT in sudoers ; > TTY=pts/5 ; PWD=/home/fedora/ebegoli ; USER=root ; COMMAND=/usr/bin/yum > install rpmbuild Hi, the fedora people server is not really intended for building packages on it. What were you needing? -- Stephen J Smoogen. “The core skill of innovators is error recovery, not failure avoidance.” Randy Nelson, President of Pixar University. "We have a strategic plan. It's called doing things."" — Herb Kelleher, founder Southwest Airlines ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: pubsubhubbub-ifying planet?
On Sun, 2010-06-13 at 13:59 -0500, Matt Domsch wrote: > There's this relatively new protocol, PubSubHubbub, in which a server > publishing an RSS feed pings a server whenever it publishes an update > to the feed's XML file. Feed aggregators, such as Google Reader and > others, are then notified immediately when the updated feed is > available, and can thus refresh it immediately, rather than wait for > some timed cronjob to do so. > > With respect to Planet Fedora, there are 2 things we _could_ do to > make it more timely. Currently, planet.fp.o gets updated every 20 > minutes by cronjob, rescanning all its feeds. > A couple of thoughts: 1. the venus planet people have woken back up and appear to be actively updating venus again. Might be worth querying them about this. 2. The other thing which is done every 20 minutes is building the list of feeds up. That'll have to fit in somewhere, too. -sv ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
