Web lists-archives.com

Re: Upcoming change to mail infrastructure




On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>
>
> Am 03.07.2018 um 12:29 schrieb Ben Cooksley:
>> We've recently completed configuration of a new mail server which will
>> be replacing the current system which handles kde.org mail. This
>> system will be assuming responsibility for mailing lists as well as
>> authenticated mail sending for those who require that service.
>
> did you also notice and fix the long outstanding bugzilla SPF problems
> within your own infrastructure before make checks even sharper?
>
> https://bugs.kde.org/show_bug.cgi?id=392685
>
> there are at leat *three* problems:
> * the notify mails have the envelope-sender of the reoprter
> * postbox.kde.org don't skip SPF checks from bluemchen.kde.org
> * the SPF can not match because bluemchen.kde.org is not
>   in the reporters SPF
> * finally you send backscatter-bounces for each and every
>   mail back to the reporter that the notify to the others
>   was rejected by postbox.kde.org and so reports don't get attention
> ----------------
> * don't use reporters enevlope sender to begin with
> * don't SPF check inbound mail within the own infrastructure
> * don't backscatter to the innocent reporter
> ----------------
> <kde-bugs-dist@xxxxxxx>: host postbox.kde.org[46.4.96.248] said: 550
> 5.7.23 <kde-bugs-dist@xxxxxxx>: Recipient address rejected: Message
> rejected due to: SPF fail - not authorized. Please see
> http://www.openspf.net/Why?s=mfrom;id=lists@xxxxxxxxxx;ip=208.118.235.41

I'd be curious to know when you observed that, as I can find no trace
of such a message being carried by Bluemchen in recent times for that
address aside from one which was successfully delivered to you on Jun
29 at 17:14:37 UTC.

The behaviour you are describing was at one point provided by a custom
patch we had to support legacy behaviour. I'm not sure when it was
removed (my mail archives indicate it was sometime in late 2015), but
I know it did generate quite a few complaints when we did remove it.

In regards to the above points, Bugzilla has been configured to use
it's own envelope sender, bugzilla_noreply@xxxxxxx, as evidenced by
the following log entry:

Jun 29 17:14:23 bluemchen postfix/qmgr[452]: 4EEF2100B8B:
from=<bugzilla_noreply@xxxxxxx>, size=2457, nrcpt=1 (queue active)

and also confirmed by the following lines from mail headers on a
Bugzilla mail I received directly on June 28:

Received: from www-data by bugs.kde.org with local (Exim 4.82)
(envelope-from <bugzilla_noreply@xxxxxxx>) id 1fYKZ8-00035U-0m for
bcooksley@xxxxxxx; Thu, 28 Jun 2018 00:13:38 +0000
From: bugzilla_noreply@xxxxxxx
To: bcooksley@xxxxxxx

Therefore all 3 points you've mentioned are all resolved, and have
been for some time.

Regards,
Ben Cooksley
KDE Sysadmin