Re: [Mailman-Users] What to do about SPF rejection?
On Mon, 2019-06-17 at 12:47 -0400, John Levine wrote: > In article you write: > > Dear all, > > > > I today saw three bounces where the receiving mail server had said: > > > > host mail.gfbv.de[185.199.217.16] said: 550 external MTA > >sending our header From: (in reply to > >end of DATA command) > > > > The SPF record for gfbv.de is > > > > gfbv.de.86400 IN TXT "v=spf1 mx > > a:epicmail1.newsaktuell.net ~all" > > > > I am not sure, whether mailman 2 has any workaround for this like for > > the DMARC issue > > > > Can anyone spot, whether there is something wrong with the SPF record? > > Whose fault is it? > > Theirs. That message says they apparently have a policy of rejecting > any incoming mail with their domain on the From: line. They can do > that if they want, but it means that none of their users can > participate in mailing lists. > > I suppose you could further screw up your list and do DMARC rewrites > even for domains without DMARC policies, but I'd suggest contacting > whoever is subscribed there and encourage him or her to subscribe from > an address that isn't gratuitiously hostile to mailing lists. I've experienced similar before, some people work for large companies that outsource email policies to others^widiots. I wrote the patch below, which was merged into v2.1.29, specifically to address for such idiotic policies. https://code.launchpad.net/~jimpop/mailman/dmarc-moderation-addresses/+merge/359963 -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] What to do about SPF rejection?
In article you write: >Dear all, > >I today saw three bounces where the receiving mail server had said: > >host mail.gfbv.de[185.199.217.16] said: 550 external MTA >sending our header From: (in reply to >end of DATA command) > >The SPF record for gfbv.de is > >gfbv.de. 86400 IN TXT "v=spf1 mx >a:epicmail1.newsaktuell.net ~all" > >I am not sure, whether mailman 2 has any workaround for this like for >the DMARC issue > >Can anyone spot, whether there is something wrong with the SPF record? >Whose fault is it? Theirs. That message says they apparently have a policy of rejecting any incoming mail with their domain on the From: line. They can do that if they want, but it means that none of their users can participate in mailing lists. I suppose you could further screw up your list and do DMARC rewrites even for domains without DMARC policies, but I'd suggest contacting whoever is subscribed there and encourage him or her to subscribe from an address that isn't gratuitiously hostile to mailing lists. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] What to do about SPF rejection?
Dear all, I today saw three bounces where the receiving mail server had said: host mail.gfbv.de[185.199.217.16] said: 550 external MTA sending our header From: (in reply to end of DATA command) The SPF record for gfbv.de is gfbv.de.86400 IN TXT "v=spf1 mx a:epicmail1.newsaktuell.net ~all" I am not sure, whether mailman 2 has any workaround for this like for the DMARC issue Can anyone spot, whether there is something wrong with the SPF record? Whose fault is it? My mailman instance has its own spf record: lists.ilo169.de. 9531 IN TXT "v=spf1 mx a ip4:5.9.62.175 ~all" I am not familiar with the spf syntax, so I can't tell whether it is our fault or theirs. At first glace, it would look to me as if the solution would be similar to the DMARC workaround, that is to swap the original From: address with the list address. But again, mailman offers this option only for DMARC issues. Does anyone have advice for me? Thanks so much in advance, Johannes -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
