[Mailman-Users] Re: lots of bounces after server move
On 6/25/24 15:32, Dmitri Maziuk wrote: On 6/25/24 12:51, Jim Dory wrote: 2. SMTP: Reverse DNS doesn't match SMTP Banner (The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.) #2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem? DNS is Evil. A host should not have more than one PTR because if it does, it's not clear which PTR will be returned by the nameserver. Ditto for A record, becasue teh one PTR can only match one of those -- but with something like unbound that doesn't support CNAMEs, you won't have much choice. And if you do have CNAMEs, the client has to do extra work to find the A and match it to the PTR -- if it cares. I'm guessing they are flagging it because it *should* be playing nice and sending its A hostname that has a corresp. (one) PTR record, in the SMTP banner. Dima Thanks Dima, I think our records are a mess, and I don't quite feel qualified to fix it. This mailing list started sometime mid 2000's and has gone thru changes that have followed us without being cleaned. We used to host the website nomekennelclub.com but they have since moved to a squarespace or somesuch server and we simply redirect to that page. I assume they get their mail services through that host, but in our records we have A records for things like webmail.nomekennelclub.com (nkc for short), mail.nkc.com, ftp.nkc.com, webdisk.nkc.com, whm.nkc.com, cpanel.nkc.com, autoconfig, autodiscover, cpcalendars, nomekennelclub.com, server, compute.nomekennelclub.com (an actual one), plus we have A records for I think nameservers ns1 and ns2 which I don't think are being used.. in the message headers I see SE005.arandomserver.com and under mx lookups. A couple of those A records, like cpanel may be used, not sure about the webmail one. I don't want to screw up the kennelclub if they are using it. I'll have to check, but I would like to start deleting some. Like the server one, from an older time. As for PTR records, I'm still confused. We have 2, one for our new hostname: compute.nomekennelclub.com and for just the domain nomekennelclub.com . When I look at a header from mailing list post, I see both. Not sure what this all tells me, I've removed some of it for a bit of brevity: Return-Path: Delivered-To: ja...@dorydesign.com Received: from lax003.hawkhost.com by lax003.hawkhost.com with LMTP id YGXEJcpGfGYPMQAAva6gig (envelope-from ) for ; Wed, 26 Jun 2024 09:50:18 -0700 Return-path: Envelope-to: ja...@dorydesign.com Delivery-date: Wed, 26 Jun 2024 09:50:18 -0700 Received: from se006.arandomserver.com ([198.252.99.2]:35800) by lax003.hawkhost.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from ) id 1sMVqd-0005de-1Z for ja...@dorydesign.com; Wed, 26 Jun 2024 09:50:18 -0700 X-DKIM-Failure: bodyhash_mismatch Received: from compute.nomekennelclub.com ([198.252.100.6]) by se006.arandomserver.com with esmtps (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sMVqb-0004Dp-0l for ja...@dorydesign.com; Wed, 26 Jun 2024 11:50:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nomekennelclub.com; s=default; [etc] Received: from [127.0.0.1] (port=33026 helo=compute.nomekennelclub.com) by compute.nomekennelclub.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sMVq9-bK5-4A0o; Wed, 26 Jun 2024 16:49:49 + Received: from mail-pl1-f177.google.com ([209.85.214.177]:52372) by compute.nomekennelclub.com with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1sMVpP-bHi-0XWS for nome-annou...@nomekennelclub.com; Wed, 26 Jun 2024 16:49:06 + Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1f6fabe9da3so56661465ad.0 for ; Wed, 26 Jun 2024 09:48:42 -0700 (PDT) To: nome-annou...@nomekennelclub.com X-Spam-Status: No, score=-94.2 X-Spam-Score: -941 X-Spam-Bar: --- X-Ham-Report: Spam detection software, running on the system "compute.nomekennelclub.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Join us via ZOOM for the next presentation in our Strait Science series… US COAST GUARD COMMAND CENTER: SAVING LIVES AT SEA Content analysis details: (-94.2 points, 8.0 required) pts rule name description -- -- -0.0 USER_IN_WELCOMELISTUser is listed in 'welcomelist_from' -100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST 5.0
[Mailman-Users] Re: lots of bounces after server move
On 6/25/2024 10:51 AM, Jim Dory wrote: 2. SMTP: Reverse DNS doesn't match SMTP Banner (The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.) That itself is suspicious (to a receiving MTA). And as Dmitri pointed out, multiple PTR records is also a problem. Remember that many email systems look for "circular resolution" where eventually an A's address matches a PTR's name. Example: lists.x.com -> smtp.x.com (CNAME) smtp.x.com -> 1.2.3.4 (A) 1.2.3.4 -> mail.p.com (PTR) mail.p.com -> 1.2.3.4 (A) ("equilibrium has been reached") If 1.2.3.4 resolves to both mail.x.com and maybe mailhost.x.com (which might not have a matching A record), sometimes the magic smoke will come out :). z! -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Re: lots of bounces after server move
On 6/25/24 12:51, Jim Dory wrote: 2. SMTP: Reverse DNS doesn't match SMTP Banner (The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.) #2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem? DNS is Evil. A host should not have more than one PTR because if it does, it's not clear which PTR will be returned by the nameserver. Ditto for A record, becasue teh one PTR can only match one of those -- but with something like unbound that doesn't support CNAMEs, you won't have much choice. And if you do have CNAMEs, the client has to do extra work to find the A and match it to the PTR -- if it cares. I'm guessing they are flagging it because it *should* be playing nice and sending its A hostname that has a corresp. (one) PTR record, in the SMTP banner. Dima -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Re: lots of bounces after server move
On 6/25/24 09:13, Carl Zwanzig wrote: Just to be sure, I would try your host's name in one of the DNS/email test pages, such as https://mxtoolbox.com/emailhealth/ (there are others). Thanks Carl, a very good resource. I put in compute.nomekennelclub.com and it shows nomekennelclub.com in the results. I gave me several warnings. Zero Errors 1. DNS: Names servers on the same subnet 2. SMTP: Reverse DNS doesn't match SMTP Banner (The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address.) 3. SMTP: Does not support TLS 4. SMTP: 15.209 seconds - Not good! on Transaction Time Reading up on this, the transaction time can cause warnings for reverse DNS and or TLS support. I did add TLSv1.3 into the Apache global config and rebuilt/restarted Apache, but still get that same warning. As for #1 - name servers.. I don't think that is contributing to the mail rejections. #2 - Reverse DNS - I have PTR records set for both compute.nkc.com (abbreviated) and nkc.com. So that could be a problem? #3 - TLS - not sure what more I can do there #4 - transaction time.. ? Not sure I have control over that.. but one thing I googled reported that one could "Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam" in Exim. Don't know about that. /jd -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: lots of bounces after server move
Just to be sure, I would try your host's name in one of the DNS/email test pages, such as https://mxtoolbox.com/emailhealth/ (there are others). z! -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Re: lots of bounces after server move
On 6/24/24 17:16, Jim Dory wrote: I have not done anything yet. Under Privacy Options/Sender Filters, I have for dmarc_moderation_action : Munge, dmarc_quarantine_moderation_action as Yes, dmarc_none_moderation_action is No, and the rest is blank. I don't really understand any of that but I think I set them so on advice. Looks like there are no SPF records. I see this.. I'll install it per recommended by WHM, but let me know if it needs to be different. What I don't know is if it should be just for nomekennelclub.com rather than with the host name compute. On the old server, it didn't have the hostname. Under Zone Management in WHM, there are a couple DKIM strings for various hosts like default._domainkey.nomekennelclub.com, default._domainkey.compute.nomekennelclub.com and there's some dmarc statements there. You are probably on to something there. I just got 45 bounces saying because of "spam content" with someone trying to sell their pickup on our community annoucements/trade list, mostly from Alaska's GCI email provider this time. So adding the SPF record hopefully will help. spf-NA.jpg -- This was supposed to have an image attached. One more try.. In my "sent" folder it shows the image attached. Perhaps something is blocking it. What it shows is that no SPF records exist. So it suggests as the name: compute.nomekennelclub.com. (with a period) and a value of: v=spf1 +mx +a +ip4:198.252.100.6 ~all So that is what I installed. I was wondering if it should be instead just for nomekennelclub.com rather than with the compute. hostname so I also added that record. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Re: lots of bounces after server move
I have not done anything yet. Under Privacy Options/Sender Filters, I have for dmarc_moderation_action : Munge, dmarc_quarantine_moderation_action as Yes, dmarc_none_moderation_action is No, and the rest is blank. I don't really understand any of that but I think I set them so on advice. Looks like there are no SPF records. I see this.. I'll install it per recommended by WHM, but let me know if it needs to be different. What I don't know is if it should be just for nomekennelclub.com rather than with the host name compute. On the old server, it didn't have the hostname. Under Zone Management in WHM, there are a couple DKIM strings for various hosts like default._domainkey.nomekennelclub.com, default._domainkey.compute.nomekennelclub.com and there's some dmarc statements there. You are probably on to something there. I just got 45 bounces saying because of "spam content" with someone trying to sell their pickup on our community annoucements/trade list, mostly from Alaska's GCI email provider this time. So adding the SPF record hopefully will help. spf-NA.jpg -- This was supposed to have an image attached. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: lots of bounces after server move
On 6/24/24 15:40, Steven D'Aprano wrote: Hi Jim, Not an expert here, but a thought comes to mind. When you moved to a new domain name, did you update your DMARC, DKIM, and SPF records? (Whichever you use, if any.) Maybe the recipients think the new server is not authorized to send on your behalf. On Mon, Jun 24, 2024 at 01:42:52PM -0800, Jim Dory wrote: We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company. On 6/24/24 15:40, Steven D'Aprano wrote: Hi Jim, Not an expert here, but a thought comes to mind. When you moved to a new domain name, did you update your DMARC, DKIM, and SPF records? (Whichever you use, if any.) Maybe the recipients think the new server is not authorized to send on your behalf. On Mon, Jun 24, 2024 at 01:42:52PM -0800, Jim Dory wrote: We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company. Thanks Steven, I have not done anything yet. Under Privacy Options/Sender Filters, I have for dmarc_moderation_action : Munge, dmarc_quarantine_moderation_action as Yes, dmarc_none_moderation_action is No, and the rest is blank. I don't really understand any of that but I think I set them so on advice. Looks like there are no SPF records. I see this.. I'll install it per recommended by WHM, but let me know if it needs to be different. What I don't know is if it should be just for nomekennelclub.com rather than with the host name compute. On the old server, it didn't have the hostname. Under Zone Management in WHM, there are a couple DKIM strings for various hosts like default._domainkey.nomekennelclub.com, default._domainkey.compute.nomekennelclub.com and there's some dmarc statements there. You are probably on to something there. I just got 45 bounces saying because of "spam content" with someone trying to sell their pickup on our community annoucements/trade list, mostly from Alaska's GCI email provider this time. So adding the SPF record hopefully will help. spf-NA.jpg -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: lots of bounces after server move
On 6/24/24 16:42, Jim Dory wrote: 550 5.4.1 Recipient address rejected: Access denied This one could be because the recipient server doesn't like the new server IP. We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company. That shouldn't cause a 550/5.1.4, but check where your new server is sending to (vs. old), port in particular: recipient server can have different ACLs on 25, 465, and 587. Dima -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: lots of bounces after server move
Hi Jim, Not an expert here, but a thought comes to mind. When you moved to a new domain name, did you update your DMARC, DKIM, and SPF records? (Whichever you use, if any.) Maybe the recipients think the new server is not authorized to send on your behalf. On Mon, Jun 24, 2024 at 01:42:52PM -0800, Jim Dory wrote: > We kept the same IP address, but the hostname of the domain did change. I > just moved to a different server in the same hosting company. -- Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@mail-archive.com
[Mailman-Users] Re: lots of bounces after server move
Thank you Mark and Dmitri, On 6/24/24 13:08, Mark Sapiro wrote: On 6/24/24 12:13, Jim Dory wrote: I just had my hosting company move our mailing list to an updated server. Now I'm suddenly getting a lot of bounces of the sort: 550 5.4.1 Recipient address rejected: Access denied This one could be because the recipient server doesn't like the new server IP. We kept the same IP address, but the hostname of the domain did change. I just moved to a different server in the same hosting company. and 552-5.2.2 The recipient's inbox is out of storage space and inactive. and 550-5.1.1 The email account that you tried to reach does not exist. etc. These look like legitimate bounces, although if they weren't bouncing before the move, it's unclear why they'd be bouncing now. This all has me baffled - because it wasn't happening before and started on first post to the mailing list directly after the move. But it is what it is.. I'll deal with it. Before I start removing those user's email accounts.. what might I be missing? Perhaps something in the new server is triggering the "550 5.4.1 recipient address rejected" (a local company's employees mostly) If these are all from one recipient server, it would be worth contacting that server's admin to see if they will whitelist you. Also, setting VERP_PROBES = Yes in mm_cfg.py may keep these members from having delivery disabled and being removed if the probes don't bounce. I just set this, so thanks for that. I'm contacting the organizations to see about having them whitelist. I suppose that is all I can do at this point. There's also a couple rejections from att.net and bellsouth.net (ff-ip4-mx-vip1.prodigy.net), but I'll contact those accounts as well. regards, jim -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: lots of bounces after server move
On 6/24/24 12:13, Jim Dory wrote: I just had my hosting company move our mailing list to an updated server. Now I'm suddenly getting a lot of bounces of the sort: 550 5.4.1 Recipient address rejected: Access denied This one could be because the recipient server doesn't like the new server IP. and 552-5.2.2 The recipient's inbox is out of storage space and inactive. and 550-5.1.1 The email account that you tried to reach does not exist. etc. These look like legitimate bounces, although if they weren't bouncing before the move, it's unclear why they'd be bouncing now. Before I start removing those user's email accounts.. what might I be missing? Perhaps something in the new server is triggering the "550 5.4.1 recipient address rejected" (a local company's employees mostly) If these are all from one recipient server, it would be worth contacting that server's admin to see if they will whitelist you. Also, setting VERP_PROBES = Yes in mm_cfg.py may keep these members from having delivery disabled and being removed if the probes don't bounce. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: lots of bounces after server move
On 6/24/24 14:13, Jim Dory wrote: 550 5.4.1 Recipient address rejected: Access denied and 552-5.2.2 The recipient's inbox is out of storage space and inactive. and 550-5.1.1 The email account that you tried to reach does not exist. That's the recipient mail server. You'd want to look at its logs and/or talk to their postmaster. Dima -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org