Re: Upcoming change to mail infrastructure -> SPF still broken
On Thu, 5 Jul 2018, 02:09 Reindl Harald, wrote: > > Am 04.07.2018 um 15:31 schrieb Luca Beltrame: > > Il giorno Wed, 4 Jul 2018 14:45:00 +0200 Reindl Harald > > ha scritto: > > > >> https://bugs.kde.org/show_bug.cgi?id=392685 2018-04-03 18:45:47 > >> UTC > > > > For the record, Sysadmin tickets should be filed through > > Phabricator (https://go.kde.org/systickets) rather than Bugzilla: > > this makes sure that they won't get lost. > For the record, this subthread should now be considered closed, as the issue has been located and work is underway to correct it. > and how do you imagine that for *users* like me which just reading teh > devel-list and have no access with their bugzilla credentials there? > > and even if i can register at https://identity.kde.org/ please make a > reality check how likely it is that people register here and there and > there too just to report a bug in KDE software in a way it's recognized > You are reporting an issue in our Infrastructure, which is quite different to our software (and also an internal issue) hence why it is managed on Phabricator. > > (Bugzilla is still used for KDE software - this is for > > Sysadmin-related stuff) > > that's why "bugs.kde.org" is in the product dropdown i guess - if > someone would take a look at new bugreports and be it only the > subjects this one would have been seen within 24 hours and internally > handed to the right group > That is a legacy product, dating back to before we had Phabricator (and when we had a dedicated Bugzilla maintainer...) > - > > if this contains one of my own machines i see the mistake not > configure "mynetworks" in /etc/postfix/main.cf proper within 24 hours > because i did "man grep", "man cron" and "man bash" > > 1 Jun 26 09:45:42 mail-gw postfix/smtpd[636481]: NOQUEUE: reject: > RCPT from mailnet.top[5.79.119.167]: 550 5.7.23 > : Recipient address rejected: Message > rejected due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=webmaster@mailnet. > top;ip=5.79.119.167;r=contai...@thelounge.net; > from= to= proto=ESMTP > helo= > In regards to the above, Bluemchen is our transactional mail gateway, responsible for handling all the mail from Bugzilla, Forum and Wiki notifications, Identity account registrations and the like. As such Bluemchen is responsible for its own mail delivery, for both KDE Sysadmin operated and other domains. Due to the nature of its role, it should only ever be sending as @KDE.org (and is authorised to do so in our SPF records). The fact that it isn't is due to a bug in software we use, which we are in the process of fixing. Therefore from my perspective everything is configured correctly, as Bluemchen is external as far as Postbox (and Letterbox) are concerned. Regards, Ben Cooksley KDE Sysadmin >
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 15:31 schrieb Luca Beltrame: > Il giorno Wed, 4 Jul 2018 14:45:00 +0200 Reindl Harald > ha scritto: > >> https://bugs.kde.org/show_bug.cgi?id=392685 2018-04-03 18:45:47 >> UTC > > For the record, Sysadmin tickets should be filed through > Phabricator (https://go.kde.org/systickets) rather than Bugzilla: > this makes sure that they won't get lost. and how do you imagine that for *users* like me which just reading teh devel-list and have no access with their bugzilla credentials there? and even if i can register at https://identity.kde.org/ please make a reality check how likely it is that people register here and there and there too just to report a bug in KDE software in a way it's recognized > (Bugzilla is still used for KDE software - this is for > Sysadmin-related stuff) that's why "bugs.kde.org" is in the product dropdown i guess - if someone would take a look at new bugreports and be it only the subjects this one would have been seen within 24 hours and internally handed to the right group - if this contains one of my own machines i see the mistake not configure "mynetworks" in /etc/postfix/main.cf proper within 24 hours because i did "man grep", "man cron" and "man bash" 1 Jun 26 09:45:42 mail-gw postfix/smtpd[636481]: NOQUEUE: reject: RCPT from mailnet.top[5.79.119.167]: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=webmas...@mailnet.top;ip=5.79.119.167;r=contai...@thelounge.net; from= to= proto=ESMTP helo=
Re: Upcoming change to mail infrastructure -> SPF still broken
Il giorno Wed, 4 Jul 2018 14:45:00 +0200 Reindl Harald ha scritto: > https://bugs.kde.org/show_bug.cgi?id=392685 > 2018-04-03 18:45:47 UTC For the record, Sysadmin tickets should be filed through Phabricator (https://go.kde.org/systickets) rather than Bugzilla: this makes sure that they won't get lost. (Bugzilla is still used for KDE software - this is for Sysadmin-related stuff). pgpQx5dbmHCoo.pgp Description: Firma digitale OpenPGP
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 14:45 schrieb Reindl Harald: > Am 04.07.2018 um 13:58 schrieb Ben Cooksley: I'd be curious to know when you observed that, as I can find no trace of such a message being carried by Bluemchen in recent times for that address aside from one which was successfully delivered to you on Jun 29 at 17:14:37 UTC >>> >>> NOW! >>> >>> https://bugs.kde.org/show_bug.cgi?id=392685#c1 >> >> Please refrain from further use of exclamation marks, as it isn't >> helping matters. >> >> Also, note that you've never reported this issue in the past, so from >> my perspective this is entirely new, regardless of how it may be known >> from your side (and your bug report was posted less than 24 hours ago) > > https://bugs.kde.org/show_bug.cgi?id=392685 > 2018-04-03 18:45:47 UTC > 3 months are not less than 24 hours "a bug in Bugzilla which is responsible for this issue" as mailadmin i tell you what: bug in bugzilla or not, when you enforce SPF/DKIM/DMARC between your own servers you are asking for trouble, that's what http://www.postfix.org/postconf.5.html#mynetworks is for "by postbox.kde.org (Postfix)"
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 13:58 schrieb Ben Cooksley: > On Wed, Jul 4, 2018 at 10:52 PM, Reindl Harald wrote: >> Am 04.07.2018 um 12:38 schrieb Ben Cooksley: >>> On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald >>> wrote: did you also notice and fix the long outstanding bugzilla SPF problems within your own infrastructure before make checks even sharper? https://bugs.kde.org/show_bug.cgi?id=392685 there are at leat *three* problems: * the notify mails have the envelope-sender of the reoprter * postbox.kde.org don't skip SPF checks from bluemchen.kde.org * the SPF can not match because bluemchen.kde.org is not in the reporters SPF * finally you send backscatter-bounces for each and every mail back to the reporter that the notify to the others was rejected by postbox.kde.org and so reports don't get attention * don't use reporters enevlope sender to begin with * don't SPF check inbound mail within the own infrastructure * don't backscatter to the innocent reporter : host postbox.kde.org[46.4.96.248] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 >>> >>> I'd be curious to know when you observed that, as I can find no trace >>> of such a message being carried by Bluemchen in recent times for that >>> address aside from one which was successfully delivered to you on Jun >>> 29 at 17:14:37 UTC >> >> NOW! >> >> https://bugs.kde.org/show_bug.cgi?id=392685#c1 > > Please refrain from further use of exclamation marks, as it isn't > helping matters. > > Also, note that you've never reported this issue in the past, so from > my perspective this is entirely new, regardless of how it may be known > from your side (and your bug report was posted less than 24 hours ago) https://bugs.kde.org/show_bug.cgi?id=392685 2018-04-03 18:45:47 UTC 3 months are not less than 24 hours
Re: Upcoming change to mail infrastructure -> SPF still broken
On Wed, Jul 4, 2018 at 10:52 PM, Reindl Harald wrote: > > > Am 04.07.2018 um 12:38 schrieb Ben Cooksley: >> On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald >> wrote: >>> did you also notice and fix the long outstanding bugzilla SPF problems >>> within your own infrastructure before make checks even sharper? >>> >>> https://bugs.kde.org/show_bug.cgi?id=392685 >>> >>> there are at leat *three* problems: >>> * the notify mails have the envelope-sender of the reoprter >>> * postbox.kde.org don't skip SPF checks from bluemchen.kde.org >>> * the SPF can not match because bluemchen.kde.org is not >>> in the reporters SPF >>> * finally you send backscatter-bounces for each and every >>> mail back to the reporter that the notify to the others >>> was rejected by postbox.kde.org and so reports don't get attention >>> >>> * don't use reporters enevlope sender to begin with >>> * don't SPF check inbound mail within the own infrastructure >>> * don't backscatter to the innocent reporter >>> >>> : host postbox.kde.org[46.4.96.248] said: 550 >>> 5.7.23 : Recipient address rejected: Message >>> rejected due to: SPF fail - not authorized. Please see >>> http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 >> >> I'd be curious to know when you observed that, as I can find no trace >> of such a message being carried by Bluemchen in recent times for that >> address aside from one which was successfully delivered to you on Jun >> 29 at 17:14:37 UTC > > NOW! > > https://bugs.kde.org/show_bug.cgi?id=392685#c1 Please refrain from further use of exclamation marks, as it isn't helping matters. Also, note that you've never reported this issue in the past, so from my perspective this is entirely new, regardless of how it may be known from your side (and your bug report was posted less than 24 hours ago) > > "such a message being carried by Bluemchen in recent times for that > address aside from one which was successfully delivered to you on Jun 29 > at 17:14:37 UTC" - yeah - when somebody *else* makes a comment i get > that notify but when i write a brugreport or comment a get that damned > backscatters below I've checked our logs and have identified a bug in Bugzilla which is responsible for this issue, and believe I now have the appropriate information now to reproduce and resolve the issue. Due to the nature of the issue it may take a few days before we can deploy a fix for this problem. This bug only affects a very limited number of users on our installation of Bugzilla. As this issue already exists, and won't be changed by the switch to Letterbox this issue will be treated separately and won't prevent us from initiating the switchover to Letterbox. Regards, Ben Cooksley KDE Sysadmin > > Weitergeleitete Nachricht > Betreff: Undelivered Mail Returned to Sender > Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) > Von: Mail Delivery System > An: li...@rhsoft.net > > This is the mail system at host bluemchen.kde.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > >The mail system > > : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 > 5.7.23 : Recipient address rejected: Message rejected > due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net > ip=2001:4830:134:8::100;r= (in reply to RCPT TO command) > > > Weitergeleitete Nachricht > Betreff: Undelivered Mail Returned to Sender > Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) > Von: Mail Delivery System > An: li...@rhsoft.net > > This is the mail system at host bluemchen.kde.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > >The mail system > > : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 > 5.7.23 : Recipient address rejected: Message rejected > due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=2001:4830:134:8::100;r= > (in reply to RCPT TO command) > > > Weitergeleitete Nachricht > Betreff: Undelivered Mail Returned to Sender > Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) > Von: Mail Delivery System > An: li...@rhsoft.net > > This is the mail system at host bluemchen.kde.org. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please
Re: Upcoming change to mail infrastructure -> SPF still broken
Am 04.07.2018 um 12:38 schrieb Ben Cooksley: > On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald wrote: >> did you also notice and fix the long outstanding bugzilla SPF problems >> within your own infrastructure before make checks even sharper? >> >> https://bugs.kde.org/show_bug.cgi?id=392685 >> >> there are at leat *three* problems: >> * the notify mails have the envelope-sender of the reoprter >> * postbox.kde.org don't skip SPF checks from bluemchen.kde.org >> * the SPF can not match because bluemchen.kde.org is not >> in the reporters SPF >> * finally you send backscatter-bounces for each and every >> mail back to the reporter that the notify to the others >> was rejected by postbox.kde.org and so reports don't get attention >> >> * don't use reporters enevlope sender to begin with >> * don't SPF check inbound mail within the own infrastructure >> * don't backscatter to the innocent reporter >> >> : host postbox.kde.org[46.4.96.248] said: 550 >> 5.7.23 : Recipient address rejected: Message >> rejected due to: SPF fail - not authorized. Please see >> http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41 > > I'd be curious to know when you observed that, as I can find no trace > of such a message being carried by Bluemchen in recent times for that > address aside from one which was successfully delivered to you on Jun > 29 at 17:14:37 UTC NOW! https://bugs.kde.org/show_bug.cgi?id=392685#c1 "such a message being carried by Bluemchen in recent times for that address aside from one which was successfully delivered to you on Jun 29 at 17:14:37 UTC" - yeah - when somebody *else* makes a comment i get that notify but when i write a brugreport or comment a get that damned backscatters below Weitergeleitete Nachricht Betreff: Undelivered Mail Returned to Sender Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) Von: Mail Delivery System An: li...@rhsoft.net This is the mail system at host bluemchen.kde.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net ip=2001:4830:134:8::100;r= (in reply to RCPT TO command) Weitergeleitete Nachricht Betreff: Undelivered Mail Returned to Sender Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) Von: Mail Delivery System An: li...@rhsoft.net This is the mail system at host bluemchen.kde.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=2001:4830:134:8::100;r= (in reply to RCPT TO command) Weitergeleitete Nachricht Betreff: Undelivered Mail Returned to Sender Datum: Wed, 4 Jul 2018 06:47:52 -0400 (EDT) Von: Mail Delivery System An: li...@rhsoft.net This is the mail system at host bluemchen.kde.org. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host postbox.kde.org[2a01:4f8:140:8302::4] said: 550 5.7.23 : Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=2001:4830:134:8::100;r= (in reply to RCPT TO command)