subject:"\[users@httpd\] Fwd\: Warning from users@httpd.apache.org"

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-11-07 Thread sebb

Top-posting

FTR, DMARC handling has now been updated.
The filter no longer removes DKIM headers (it renames them if necessary).

Also the DKIM and From headers are handled independently.
This should avoid problems previously caused if there were two DKIM
Sigs or the Sig appeared after the From header.

If you see any problems going forward, please raise a JIRA with the details.
Thanks!

On Tue, 29 Oct 2019 at 22:03, sebb  wrote:
>
> On Mon, 28 Oct 2019 at 09:19, sebb  wrote:
> >
> > On Sun, 27 Oct 2019 at 14:21, Richard
> >  wrote:
> > >
> > >
> > >
> > > > Date: Sunday, October 27, 2019 12:17:36 +
> > > > From: sebb 
> > > >
> > > >> On Sun, 27 Oct 2019 at 09:32, Richard
> > > >>  wrote:
> > > >>
> > > >> I agree, there are a range of reasons that a receiving host might
> > > >> reject a message. When you add in DMARC - because the headers
> > > >> aren't rewritten - the chances of rejects, and because of that
> > > >> that someone will get kicked off a list, increase dramatically (at
> > > >> least for those of us whose ESPs enforce DMARC).
> > > >>
> > > >> Indeed, the headers on that message don't include any DMARC
> > > >> references, and that's the problem. The sender's host/domain
> > > >> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
> > > >>
> > > >>   dig txt _dmarc.helios.jpl.nasa.gov
> > > >>
> > > >>   ;; ANSWER SECTION:
> > > >>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
> > > >>
> > > >> which means that messages that purport to be from that host/domain
> > > >> can't be seen to be being sent from "just anywhere". Because the
> > > >> sender's message was (re-)sent from an "apache.org" domain/IP it
> > > >> failed DMARC which got it rejected from DMARC-enforcing ESPs.
> > > >>
> > > >> For anyone using a DMARC-enforcing ESP (of which gmail is one),
> > > >> it's fairly routine to get kicked off (or threatened with removal
> > > >> from) lists that don't do the necessary rewriting -- which seems
> > > >> to include most (all?) of the "apache.org" hosted lists.
> > > >
> > > > I see, thanks for the clear explanation.
> > > >
> > > > I've just checked the DMARC filter, and whilst it removes the DKIM
> > > > signature, it is also supposed to munge the From line to append
> > > > '.INVALID'.
> > > >
> > > > This does not appear to have happened.
> > > >
> > > > The script assumes that the DKIM header comes before the From line;
> > > > maybe that was not the case here.
> > > >
> > > > I assume the From rewriting is intended to disable the DMARC check
> > > > at the receiving end.
> > > >
> > > > There are several examples of the From munging on the list, e.g.
> > > >
> > > > http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mbox/%3
> > > > c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
> > > >
> > >
> > > The '.INVALID' "From" rewrite works, at least with my DMARC-enforcing
> > > ESP, when it's invoked. I got the message you referenced above, as
> > > well as about 20 others, from this list over the course of the last
> > > ~4 months that were munged that way.
> >
> > Good to know.
> >
> > > The filter is missing enough, however, that I have been threatened
> > > with expulsion from this list at least once over that same period
> > > (plus 5 times from another ".apache.org" hosted one).
> >
> > It does look like the filter does not always work correctly.
> >
> > It would be useful to know which messages and lists are involved.
> > Note that about half apache.org lists use the dmarc filter; the others do 
> > not.
> >
> > I have raised https://issues.apache.org/jira/browse/INFRA-19347.
> >
> > If you could add any relevant details to the issue, that would be great.
>
> FTR: the email from helios.jpl.nasa.gov does not have an
> Authentication-Results: header in it.
> AFAICT all the other emails with DKIM-Sigs or munged From: headers
> (i.e. they originally had a DKIM header) have an
> Authentication-Results header from one of the spamd MTAs.
>
> Since the email was definitely seen by spamd3-us-west.apache.org this
> is a bit odd.
> Also the X-Spam-Status header does not mention any DKIM tests.
>
> This suggests to me that the original email probably did not have a
> DKIM signature in it.
>
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-29 Thread Richard




> Date: Tuesday, October 29, 2019 22:03:58 +
> From: sebb 
>
> On Mon, 28 Oct 2019 at 09:19, sebb  wrote:
>> 
>> On Sun, 27 Oct 2019 at 14:21, Richard
>>  wrote:
>> > 
>> > 
>> > 
>> > > Date: Sunday, October 27, 2019 12:17:36 +
>> > > From: sebb 
>> > > 
>> > >> On Sun, 27 Oct 2019 at 09:32, Richard
>> > >>  wrote:
>> > >> 
>> > >> I agree, there are a range of reasons that a receiving host
>> > >> might reject a message. When you add in DMARC - because the
>> > >> headers aren't rewritten - the chances of rejects, and
>> > >> because of that that someone will get kicked off a list,
>> > >> increase dramatically (at least for those of us whose ESPs
>> > >> enforce DMARC).
>> > >> 
>> > >> Indeed, the headers on that message don't include any DMARC
>> > >> references, and that's the problem. The sender's host/domain
>> > >> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
>> > >> 
>> > >>   dig txt _dmarc.helios.jpl.nasa.gov
>> > >> 
>> > >>   ;; ANSWER SECTION:
>> > >>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
>> > >> 
>> > >> which means that messages that purport to be from that
>> > >> host/domain can't be seen to be being sent from "just
>> > >> anywhere". Because the sender's message was (re-)sent from an
>> > >> "apache.org" domain/IP it failed DMARC which got it rejected
>> > >> from DMARC-enforcing ESPs.
>> > >> 
>> > >> For anyone using a DMARC-enforcing ESP (of which gmail is
>> > >> one), it's fairly routine to get kicked off (or threatened
>> > >> with removal from) lists that don't do the necessary
>> > >> rewriting -- which seems to include most (all?) of the
>> > >> "apache.org" hosted lists.
>> > > 
>> > > I see, thanks for the clear explanation.
>> > > 
>> > > I've just checked the DMARC filter, and whilst it removes the
>> > > DKIM signature, it is also supposed to munge the From line to
>> > > append '.INVALID'.
>> > > 
>> > > This does not appear to have happened.
>> > > 
>> > > The script assumes that the DKIM header comes before the From
>> > > line; maybe that was not the case here.
>> > > 
>> > > I assume the From rewriting is intended to disable the DMARC
>> > > check at the receiving end.
>> > > 
>> > > There are several examples of the From munging on the list,
>> > > e.g.
>> > > 
>> > > http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mb
>> > > ox/%3
>> > > c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
>> > > 
>> > 
>> > The '.INVALID' "From" rewrite works, at least with my
>> > DMARC-enforcing ESP, when it's invoked. I got the message you
>> > referenced above, as well as about 20 others, from this list
>> > over the course of the last ~4 months that were munged that way.
>> 
>> Good to know.
>> 
>> > The filter is missing enough, however, that I have been
>> > threatened with expulsion from this list at least once over that
>> > same period (plus 5 times from another ".apache.org" hosted one).
>> 
>> It does look like the filter does not always work correctly.
>> 
>> It would be useful to know which messages and lists are involved.
>> Note that about half apache.org lists use the dmarc filter; the
>> others do not.
>> 
>> I have raised https://issues.apache.org/jira/browse/INFRA-19347.
>> 
>> If you could add any relevant details to the issue, that would be
>> great.
> 
> FTR: the email from helios.jpl.nasa.gov does not have an
> Authentication-Results: header in it.
> AFAICT all the other emails with DKIM-Sigs or munged From: headers
> (i.e. they originally had a DKIM header) have an
> Authentication-Results header from one of the spamd MTAs.
> 
> Since the email was definitely seen by spamd3-us-west.apache.org
> this is a bit odd.
> Also the X-Spam-Status header does not mention any DKIM tests.
> 
> This suggests to me that the original email probably did not have a
> DKIM signature in it.
> 

The intent of DMARC is to give domain owners a way to keep people
from spoofing their domain. People who are spoofing an address aren't
likely to sign or otherwise add markers to the message headers
(except to try to get their spoofing through) so I don't believe that
you can count on anything within the message header (including the
lack of a DKIM signature) as definitive that DMARC is or isn't set on
the From: host/domain. I think that the only real test is to do a DNS
query to look up the DMARC settings on the RFC5322 From address:

   

   1. Domain Owners publish policy assertions about domains
  via the DNS.

   2. Receivers compare the RFC5322.From address in the mail
  to the SPF and DKIM results, if present, and the DMARC
  policy in DNS.

You might want to look at the document at:



to see the way Mailman appears to be handling this.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-29 Thread sebb

On Mon, 28 Oct 2019 at 09:19, sebb  wrote:
>
> On Sun, 27 Oct 2019 at 14:21, Richard
>  wrote:
> >
> >
> >
> > > Date: Sunday, October 27, 2019 12:17:36 +
> > > From: sebb 
> > >
> > >> On Sun, 27 Oct 2019 at 09:32, Richard
> > >>  wrote:
> > >>
> > >> I agree, there are a range of reasons that a receiving host might
> > >> reject a message. When you add in DMARC - because the headers
> > >> aren't rewritten - the chances of rejects, and because of that
> > >> that someone will get kicked off a list, increase dramatically (at
> > >> least for those of us whose ESPs enforce DMARC).
> > >>
> > >> Indeed, the headers on that message don't include any DMARC
> > >> references, and that's the problem. The sender's host/domain
> > >> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
> > >>
> > >>   dig txt _dmarc.helios.jpl.nasa.gov
> > >>
> > >>   ;; ANSWER SECTION:
> > >>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
> > >>
> > >> which means that messages that purport to be from that host/domain
> > >> can't be seen to be being sent from "just anywhere". Because the
> > >> sender's message was (re-)sent from an "apache.org" domain/IP it
> > >> failed DMARC which got it rejected from DMARC-enforcing ESPs.
> > >>
> > >> For anyone using a DMARC-enforcing ESP (of which gmail is one),
> > >> it's fairly routine to get kicked off (or threatened with removal
> > >> from) lists that don't do the necessary rewriting -- which seems
> > >> to include most (all?) of the "apache.org" hosted lists.
> > >
> > > I see, thanks for the clear explanation.
> > >
> > > I've just checked the DMARC filter, and whilst it removes the DKIM
> > > signature, it is also supposed to munge the From line to append
> > > '.INVALID'.
> > >
> > > This does not appear to have happened.
> > >
> > > The script assumes that the DKIM header comes before the From line;
> > > maybe that was not the case here.
> > >
> > > I assume the From rewriting is intended to disable the DMARC check
> > > at the receiving end.
> > >
> > > There are several examples of the From munging on the list, e.g.
> > >
> > > http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mbox/%3
> > > c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
> > >
> >
> > The '.INVALID' "From" rewrite works, at least with my DMARC-enforcing
> > ESP, when it's invoked. I got the message you referenced above, as
> > well as about 20 others, from this list over the course of the last
> > ~4 months that were munged that way.
>
> Good to know.
>
> > The filter is missing enough, however, that I have been threatened
> > with expulsion from this list at least once over that same period
> > (plus 5 times from another ".apache.org" hosted one).
>
> It does look like the filter does not always work correctly.
>
> It would be useful to know which messages and lists are involved.
> Note that about half apache.org lists use the dmarc filter; the others do not.
>
> I have raised https://issues.apache.org/jira/browse/INFRA-19347.
>
> If you could add any relevant details to the issue, that would be great.

FTR: the email from helios.jpl.nasa.gov does not have an
Authentication-Results: header in it.
AFAICT all the other emails with DKIM-Sigs or munged From: headers
(i.e. they originally had a DKIM header) have an
Authentication-Results header from one of the spamd MTAs.

Since the email was definitely seen by spamd3-us-west.apache.org this
is a bit odd.
Also the X-Spam-Status header does not mention any DKIM tests.

This suggests to me that the original email probably did not have a
DKIM signature in it.

> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-28 Thread sebb

On Sun, 27 Oct 2019 at 14:21, Richard
 wrote:
>
>
>
> > Date: Sunday, October 27, 2019 12:17:36 +
> > From: sebb 
> >
> >> On Sun, 27 Oct 2019 at 09:32, Richard
> >>  wrote:
> >>
> >> I agree, there are a range of reasons that a receiving host might
> >> reject a message. When you add in DMARC - because the headers
> >> aren't rewritten - the chances of rejects, and because of that
> >> that someone will get kicked off a list, increase dramatically (at
> >> least for those of us whose ESPs enforce DMARC).
> >>
> >> Indeed, the headers on that message don't include any DMARC
> >> references, and that's the problem. The sender's host/domain
> >> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
> >>
> >>   dig txt _dmarc.helios.jpl.nasa.gov
> >>
> >>   ;; ANSWER SECTION:
> >>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
> >>
> >> which means that messages that purport to be from that host/domain
> >> can't be seen to be being sent from "just anywhere". Because the
> >> sender's message was (re-)sent from an "apache.org" domain/IP it
> >> failed DMARC which got it rejected from DMARC-enforcing ESPs.
> >>
> >> For anyone using a DMARC-enforcing ESP (of which gmail is one),
> >> it's fairly routine to get kicked off (or threatened with removal
> >> from) lists that don't do the necessary rewriting -- which seems
> >> to include most (all?) of the "apache.org" hosted lists.
> >
> > I see, thanks for the clear explanation.
> >
> > I've just checked the DMARC filter, and whilst it removes the DKIM
> > signature, it is also supposed to munge the From line to append
> > '.INVALID'.
> >
> > This does not appear to have happened.
> >
> > The script assumes that the DKIM header comes before the From line;
> > maybe that was not the case here.
> >
> > I assume the From rewriting is intended to disable the DMARC check
> > at the receiving end.
> >
> > There are several examples of the From munging on the list, e.g.
> >
> > http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mbox/%3
> > c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
> >
>
> The '.INVALID' "From" rewrite works, at least with my DMARC-enforcing
> ESP, when it's invoked. I got the message you referenced above, as
> well as about 20 others, from this list over the course of the last
> ~4 months that were munged that way.

Good to know.

> The filter is missing enough, however, that I have been threatened
> with expulsion from this list at least once over that same period
> (plus 5 times from another ".apache.org" hosted one).

It does look like the filter does not always work correctly.

It would be useful to know which messages and lists are involved.
Note that about half apache.org lists use the dmarc filter; the others do not.

I have raised https://issues.apache.org/jira/browse/INFRA-19347.

If you could add any relevant details to the issue, that would be great.

>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-27 Thread Richard




> Date: Sunday, October 27, 2019 12:17:36 +
> From: sebb 
>
>> On Sun, 27 Oct 2019 at 09:32, Richard
>>  wrote:
>> 
>> I agree, there are a range of reasons that a receiving host might
>> reject a message. When you add in DMARC - because the headers
>> aren't rewritten - the chances of rejects, and because of that
>> that someone will get kicked off a list, increase dramatically (at
>> least for those of us whose ESPs enforce DMARC).
>> 
>> Indeed, the headers on that message don't include any DMARC
>> references, and that's the problem. The sender's host/domain
>> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
>> 
>>   dig txt _dmarc.helios.jpl.nasa.gov
>> 
>>   ;; ANSWER SECTION:
>>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
>> 
>> which means that messages that purport to be from that host/domain
>> can't be seen to be being sent from "just anywhere". Because the
>> sender's message was (re-)sent from an "apache.org" domain/IP it
>> failed DMARC which got it rejected from DMARC-enforcing ESPs.
>> 
>> For anyone using a DMARC-enforcing ESP (of which gmail is one),
>> it's fairly routine to get kicked off (or threatened with removal
>> from) lists that don't do the necessary rewriting -- which seems
>> to include most (all?) of the "apache.org" hosted lists.
> 
> I see, thanks for the clear explanation.
> 
> I've just checked the DMARC filter, and whilst it removes the DKIM
> signature, it is also supposed to munge the From line to append
> '.INVALID'.
>
> This does not appear to have happened.
>
> The script assumes that the DKIM header comes before the From line;
> maybe that was not the case here.
> 
> I assume the From rewriting is intended to disable the DMARC check
> at the receiving end.
>
> There are several examples of the From munging on the list, e.g.
> 
> http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mbox/%3
> c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
> 

The '.INVALID' "From" rewrite works, at least with my DMARC-enforcing
ESP, when it's invoked. I got the message you referenced above, as
well as about 20 others, from this list over the course of the last
~4 months that were munged that way.

The filter is missing enough, however, that I have been threatened
with expulsion from this list at least once over that same period
(plus 5 times from another ".apache.org" hosted one).



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-27 Thread sebb

On Sun, 27 Oct 2019 at 09:32, Richard
 wrote:
>
>
>
> > Date: Saturday, October 26, 2019 13:16:36 +0100
> > From: sebb 
> >
> > On Fri, 25 Oct 2019 at 16:20, Richard
> >  wrote:
> >>
> >> > Date: Friday, October 25, 2019 20:37:49 +0530
> >> > From: Tapas Mishra 
> >> >
> >> > Hello,
> >> > I am getting bounce message , what should I do?.
> >> > 
> >> > Thanks
> >> >
> >> >
> >> > -- Forwarded message -
> >> > From: 
> >> > Date: Wed, Sep 25, 2019 at 11:24 AM
> >> > Subject: Warning from users@httpd.apache.org
> >> > To: 
> >> >
> >> > Hi! This is the ezmlm program. I'm managing the
> >> > users@httpd.apache.org mailing list.
> >> >
> >> > Messages to you from the users mailing list seem to
> >> > have been bouncing. I've attached a copy of the first bounce
> >> > message I received.
> >>
> >>
> >> This is a list configuration issue over which you have no control.
> >>
> >> This list needs to be configured to handle DMARC properly.
> >>
> >> Because the list doesn't do DMARC rewriting you may miss list
> >> messages from people sending from p=reject domains, but won't
> >> actually get kicked off the list because these bounce-check
> >> messages will get delivered to you.
> >
> > Not all bounces are due to DMARC issues.
> >
> > The receiving mail system may detect another issue, such as SPAM,
> > and reject the mail.
> >
> > There are bound to be differences in the rules that different
> > systems apply, so there will be occasions when the ASF system
> > forwards a mail which is later rejected by one or more receivers.
> >
> > There are lots of other reasons why the receiver may bounce the
> > email.
> >
> > In this case, the email does not appear to have any DMARC headers:
> > http://mail-archives.apache.org/mod_mbox/httpd-users/201909.mbox/ra
> > w/%3cd09ee182-8902-90b8-1081-a8a956ff4...@helios.jpl.nasa.gov%3e
> >
> > You can ask for a copy of the email to be sent to you by emailing:
> >
> > users-get.118...@httpd.apache.org
> >
> > Of course this may fail if the receiver detects a problem again.
> >
>
> I agree, there are a range of reasons that a receiving host might
> reject a message. When you add in DMARC - because the headers aren't
> rewritten - the chances of rejects, and because of that that someone
> will get kicked off a list, increase dramatically (at least for those
> of us whose ESPs enforce DMARC).
>
> Indeed, the headers on that message don't include any DMARC
> references, and that's the problem. The sender's host/domain
> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
>
>   dig txt _dmarc.helios.jpl.nasa.gov
>
>   ;; ANSWER SECTION:
>   _dmarc.helios.jpl.nasa.gov. 569   IN  TXT "v=DMARC1; p=reject;
>
> which means that messages that purport to be from that host/domain
> can't be seen to be being sent from "just anywhere". Because the
> sender's message was (re-)sent from an "apache.org" domain/IP it
> failed DMARC which got it rejected from DMARC-enforcing ESPs.
>
> For anyone using a DMARC-enforcing ESP (of which gmail is one), it's
> fairly routine to get kicked off (or threatened with removal from)
> lists that don't do the necessary rewriting -- which seems to include
> most (all?) of the "apache.org" hosted lists.

I see, thanks for the clear explanation.

I've just checked the DMARC filter, and whilst it removes the DKIM
signature, it is also supposed to munge the From line to append
'.INVALID'.
This does not appear to have happened.
The script assumes that the DKIM header comes before the From line;
maybe that was not the case here.

I assume the From rewriting is intended to disable the DMARC check at
the receiving end.
There are several examples of the From munging on the list, e.g.

http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mbox/%3c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e

>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-27 Thread Richard

> Date: Saturday, October 26, 2019 13:16:36 +0100
> From: sebb 
>
> On Fri, 25 Oct 2019 at 16:20, Richard
>  wrote:
>> 
>> > Date: Friday, October 25, 2019 20:37:49 +0530
>> > From: Tapas Mishra 
>> > 
>> > Hello,
>> > I am getting bounce message , what should I do?.
>> > 
>> > Thanks
>> > 
>> > 
>> > -- Forwarded message -
>> > From: 
>> > Date: Wed, Sep 25, 2019 at 11:24 AM
>> > Subject: Warning from users@httpd.apache.org
>> > To: 
>> > 
>> > Hi! This is the ezmlm program. I'm managing the
>> > users@httpd.apache.org mailing list.
>> > 
>> > Messages to you from the users mailing list seem to
>> > have been bouncing. I've attached a copy of the first bounce
>> > message I received.
>> 
>> 
>> This is a list configuration issue over which you have no control.
>> 
>> This list needs to be configured to handle DMARC properly.
>> 
>> Because the list doesn't do DMARC rewriting you may miss list
>> messages from people sending from p=reject domains, but won't
>> actually get kicked off the list because these bounce-check
>> messages will get delivered to you.
> 
> Not all bounces are due to DMARC issues.
> 
> The receiving mail system may detect another issue, such as SPAM,
> and reject the mail.
>
> There are bound to be differences in the rules that different
> systems apply, so there will be occasions when the ASF system
> forwards a mail which is later rejected by one or more receivers.
> 
> There are lots of other reasons why the receiver may bounce the
> email.
> 
> In this case, the email does not appear to have any DMARC headers:
> http://mail-archives.apache.org/mod_mbox/httpd-users/201909.mbox/ra
> w/%3cd09ee182-8902-90b8-1081-a8a956ff4...@helios.jpl.nasa.gov%3e
> 
> You can ask for a copy of the email to be sent to you by emailing:
> 
> users-get.118...@httpd.apache.org
> 
> Of course this may fail if the receiver detects a problem again.
> 

I agree, there are a range of reasons that a receiving host might
reject a message. When you add in DMARC - because the headers aren't
rewritten - the chances of rejects, and because of that that someone
will get kicked off a list, increase dramatically (at least for those
of us whose ESPs enforce DMARC).

Indeed, the headers on that message don't include any DMARC
references, and that's the problem. The sender's host/domain
(helios.jpl.nasa.gov) has DMARC set to "p=reject":

  dig txt _dmarc.helios.jpl.nasa.gov

  ;; ANSWER SECTION:
  _dmarc.helios.jpl.nasa.gov. 569   IN  TXT "v=DMARC1; p=reject; 

which means that messages that purport to be from that host/domain
can't be seen to be being sent from "just anywhere". Because the
sender's message was (re-)sent from an "apache.org" domain/IP it
failed DMARC which got it rejected from DMARC-enforcing ESPs.

For anyone using a DMARC-enforcing ESP (of which gmail is one), it's
fairly routine to get kicked off (or threatened with removal from)
lists that don't do the necessary rewriting -- which seems to include
most (all?) of the "apache.org" hosted lists.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-26 Thread sebb

On Fri, 25 Oct 2019 at 16:20, Richard
 wrote:
>
>
>
> > Date: Friday, October 25, 2019 20:37:49 +0530
> > From: Tapas Mishra 
> >
> > Hello,
> > I am getting bounce message , what should I do?.
> > 
> > Thanks
> >
> >
> > -- Forwarded message -
> > From: 
> > Date: Wed, Sep 25, 2019 at 11:24 AM
> > Subject: Warning from users@httpd.apache.org
> > To: 
> >
> > Hi! This is the ezmlm program. I'm managing the
> > users@httpd.apache.org mailing list.
> >
> > Messages to you from the users mailing list seem to
> > have been bouncing. I've attached a copy of the first bounce
> > message I received.
>
>
> This is a list configuration issue over which you have no control.
>
> This list needs to be configured to handle DMARC properly.
>
> Because the list doesn't do DMARC rewriting you may miss list
> messages from people sending from p=reject domains, but won't
> actually get kicked off the list because these bounce-check messages
> will get delivered to you.

Not all bounces are due to DMARC issues.

The receiving mail system may detect another issue, such as SPAM, and
reject the mail.
There are bound to be differences in the rules that different systems
apply, so there will be occasions when the ASF system forwards a mail
which is later rejected by one or more receivers.

There are lots of other reasons why the receiver may bounce the email.

In this case, the email does not appear to have any DMARC headers:
http://mail-archives.apache.org/mod_mbox/httpd-users/201909.mbox/raw/%3cd09ee182-8902-90b8-1081-a8a956ff4...@helios.jpl.nasa.gov%3e

You can ask for a copy of the email to be sent to you by emailing:

users-get.118...@httpd.apache.org

Of course this may fail if the receiver detects a problem again.

>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-25 Thread Richard




> Date: Friday, October 25, 2019 20:37:49 +0530
> From: Tapas Mishra 
>
> Hello,
> I am getting bounce message , what should I do?.
> 
> Thanks
> 
> 
> -- Forwarded message -
> From: 
> Date: Wed, Sep 25, 2019 at 11:24 AM
> Subject: Warning from users@httpd.apache.org
> To: 
> 
> Hi! This is the ezmlm program. I'm managing the
> users@httpd.apache.org mailing list.
> 
> Messages to you from the users mailing list seem to
> have been bouncing. I've attached a copy of the first bounce
> message I received.


This is a list configuration issue over which you have no control. 

This list needs to be configured to handle DMARC properly.

Because the list doesn't do DMARC rewriting you may miss list
messages from people sending from p=reject domains, but won't
actually get kicked off the list because these bounce-check messages
will get delivered to you.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Fwd: Warning from users@httpd.apache.org

2019-10-25 Thread Tapas Mishra

Hello,
I am getting bounce message , what should I do?.

Thanks

-- Forwarded message -
From: 
Date: Wed, Sep 25, 2019 at 11:24 AM
Subject: Warning from users@httpd.apache.org
To: 

Hi! This is the ezmlm program. I'm managing the
users@httpd.apache.org mailing list.

Messages to you from the users mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the users mailing list,
without further notice.

I've kept a list of which messages from the users mailing list have
bounced from your address.

Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send a short message to:

To receive a subject and author list for the last 100 or so messages,
send a short message to:

Here are the message numbers:

   118921

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>
Received: (qmail 369 invoked for bounce); 15 Sep 2019 00:02:49 -
Date: 15 Sep 2019 00:02:49 -
From: mailer-dae...@apache.org
To: users-return-1189...@httpd.apache.org
Subject: failure notice

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

[users@httpd] Fwd: Warning from users@httpd.apache.org

10 matches

Site Navigation

Mail list logo

Footer information