On Thu, 3 Apr 2025 01:08:19 +0200 Marco d'Itri <[email protected]> wrote:
> Package: lists.debian.org
> Severity: important
>
> Please create a record with p=none:
>
>
https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/strengthening-email-ecosystem-outlook%e2%80%99s-new-requirements-for-high%e2%80%90volume-senders/4399730
>
> --
> ciao,
> Marco
Today, I got a "lists.debian.org has received bounces from <email>"
message, because an email from debian-security-announce was bounced by
Microsoft for this reason. It also seems that neither SPF nor DKIM are
set up. There is a DKIM signature from seger.debian.org; however, the
header is renamed to "Old-DKIM-Signature".
Here are links to official pages stating that Microsoft and Google
require all three to pass if they receive 5,000 or more emails per day
from a domain (even with DMARC p=none):
https://support.microsoft.com/en-us/topic/fix-ndr-error-550-5-7-515-in-outlook-com-34cfe8f8-6fbf-457e-9e8b-9e4dbaf4e0ef
https://support.google.com/a/answer/81126?hl=en
Yahoo is similar, though does not specify a particular threshold:
https://senders.yahooinc.com/best-practices/
Can this work be prioritized? Users should not miss important security
announcements because they use one of the largest email providers.
Attached is a copy of the bounce just in case it would be useful.
From MAILER-DAEMON Thu Feb 12 20:03:10 2026
Return-Path: <>
X-Original-To:
bounce-debian-security-announce=pleasestand=live....@lists.debian.org
Delivered-To:
lists-bounce-debian-security-announce=pleasestand=live....@bendel.debian.org
Received: by bendel.debian.org (Postfix)
id 5D47A20890; Thu, 12 Feb 2026 20:03:06 +0000 (UTC)
Date: Thu, 12 Feb 2026 20:03:06 +0000 (UTC)
From: [email protected] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bounce-debian-security-announce=pleasestand=live....@lists.debian.org
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="A8C7E207B9.1770926585/bendel.debian.org"
Message-Id: <[email protected]>
This is a MIME-encapsulated message.
--A8C7E207B9.1770926585/bendel.debian.org
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host bendel.debian.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<[email protected]>: host live-com.olc.protection.outlook.com[52.101.41.181]
said: 550 5.7.515 Access denied, sending domain DEBIAN.ORG doesn't meet the
required authentication level. The sender's domain in the 5322.From address
doesn't meet the authentication requirements defined for the sender. To
learn how to fix this see:
https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Fail , Dkim= Fail ,
DMARC= None [PH7PR84MB1888.NAMPRD84.PROD.OUTLOOK.COM
2026-02-12T19:58:46.082Z 08DE690878CE66F2]
[BYAPR05CA0087.namprd05.prod.outlook.com 2026-02-12T19:58:49.407Z
08DE6930ACC22572] [SJ1PEPF000026C7.namprd04.prod.outlook.com
2026-02-12T19:58:46.089Z 08DE68691286B7D4] (in reply to end of DATA
command)
--A8C7E207B9.1770926585/bendel.debian.org
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; bendel.debian.org
X-Postfix-Queue-ID: A8C7E207B9
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Thu, 12 Feb 2026 19:47:59 +0000 (UTC)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.7.515
Remote-MTA: dns; live-com.olc.protection.outlook.com
Diagnostic-Code: smtp; 550 5.7.515 Access denied, sending domain DEBIAN.ORG
doesn't meet the required authentication level. The sender's domain in the
5322.From address doesn't meet the authentication requirements defined for
the sender. To learn how to fix this see:
https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Fail , Dkim= Fail ,
DMARC= None [PH7PR84MB1888.NAMPRD84.PROD.OUTLOOK.COM
2026-02-12T19:58:46.082Z 08DE690878CE66F2]
[BYAPR05CA0087.namprd05.prod.outlook.com 2026-02-12T19:58:49.407Z
08DE6930ACC22572] [SJ1PEPF000026C7.namprd04.prod.outlook.com
2026-02-12T19:58:46.089Z 08DE68691286B7D4]
--A8C7E207B9.1770926585/bendel.debian.org
Content-Description: Undelivered Message
Content-Type: message/rfc822
Return-Path: <[email protected]>
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id A8C7E207B9; Thu, 12 Feb 2026 19:47:59 +0000 (UTC)
X-Mailbox-Line: From [email protected] Thu Feb
12 19:47:59 2026
Old-Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on bendel.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-10.0 required=4.0 tests=FVGT_m_MULTI_ODD,
LDO_WHITELIST,PGPSIGNATURE,RCVD_IN_DNSWL_NONE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id 51285207BB
for <[email protected]>; Thu, 12 Feb
2026 19:47:46 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Amavis-Spam-Status: No, score=-112.191 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5,
RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_DKIM_WELCOMELIST=-0.01,
USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id f2B1HuczQ7_T
for <[email protected]>;
Thu, 12 Feb 2026 19:47:37 +0000 (UTC)
Received: from muffat.debian.org (muffat.debian.org
[IPv6:2607:f8f0:614:1::1274:33])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits)
server-digest SHA256)
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id 828AE207B9
for <[email protected]>; Thu, 12 Feb 2026
19:47:37 +0000 (UTC)
Received: from seger.debian.org ([2001:41b8:202:deb::311:93]:39566)
from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP
CA,CN=seger.debian.org,[email protected] (verified)
by muffat.debian.org with esmtps
(TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.96)
(envelope-from <[email protected]>)
id 1vqcf0-003DT0-33
for [email protected];
Thu, 12 Feb 2026 19:47:33 +0000
Old-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=debian.org;
s=smtpauto.seger;
h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date
:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
In-Reply-To:References;
bh=iG53my+9lBNKHVrdKOLJAGW+8XgEfiugKTARUrKDHCA=; b=Vn
wVTHEKmQMKbZPubnv0nz+cwFBAF+1E01G2ZBmvqABA7hiUFEuiKNPdbmsRj4mbkVBtiPmpbDLZMBh
Yfdrqxo6iZOhPge7m7GnoQBedXno7VG+8XCNQqE/s1oudXwr2rk9pQ0GZC4fUfRCtlf4iNGdYHAyI
3mnAxZmocm/GyI0EkuzTRdpDg8zNQMhIUyMdQpCG3uuCAuIqzMSCTxG2TYe2F87qIrHhe5ED2WaXl
qjg5snVo/iYHML8E0OE+Y6FfMdgUoi5++W797us/xEir+wgD4YGOoktRnNFPc3OQfToqdEA8/pfgu
iczoK4I8BWeZhTBzalxCRYF8uLHExMXg==;
Received: from jmm by seger.debian.org with local (Exim 4.96)
(envelope-from <[email protected]>)
id 1vqcex-008e6e-2h
for [email protected];
Thu, 12 Feb 2026 19:47:31 +0000
Date: Thu, 12 Feb 2026 19:47:31 +0000
From: Moritz Muehlenhoff <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 6133-1] postgresql-17 security update
Priority: urgent
Reply-To: [email protected]
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <Re4zXpEN3HF.A.oOHM.v5ijpB@bendel>
Resent-From: [email protected]
X-Mailing-List: <[email protected]> archive/latest/5056
X-Loop: [email protected]
List-Id: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Post: <mailto:[email protected]>
List-Help:
<mailto:[email protected]?subject=help>
List-Subscribe:
<mailto:[email protected]?subject=subscribe>
List-Unsubscribe:
<mailto:[email protected]?subject=unsubscribe>
Precedence: list
Resent-Sender: [email protected]
List-Archive:
https://lists.debian.org/msgid-search/[email protected]
Resent-Date: Thu, 12 Feb 2026 19:47:59 +0000 (UTC)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6133-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : postgresql-17
CVE ID : CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006
Multiple security issues were discovered in PostgreSQL, which may result
in memory disclosure or the execution of arbitrary code.
For the stable distribution (trixie), these problems have been fixed in
version 17.8-0+deb13u1.
We recommend that you upgrade your postgresql-17 packages.
For the detailed security status of postgresql-17 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-17
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmOLKYACgkQEMKTtsN8
TjZIew//Xz1V41X4ZtSm5mATMoeHMc9ItHyiHWJUjWwQCs/cS5XhEwgURfly9RK4
XQMIGEntQiPYRzYLPboIo5cf8wSkq8PtwVtoaYzTAIZsaYd5P82VxbanFvd5rjjO
LwrwIyAZ7pFoggkMkaFM5v9fU4htVfNegyuClnPsXeVd38ZKLUpUvrNxNCa0BvmS
upHtyB+fSf3Jnw/b2Pw0Ox5dEx313MnxtwHpdPplUhQIMlIPgEkNeCsD4uc09wWA
JR3zKV3VFbMIqeE/k/HRlsEmnOwN3ea+zfqI2lXTQXv9aYtKpdAxEZk8ShdcusnA
68wkOkYBvI1tyDRNY2wFydC7pZAQZruf991UlA14ricYUK5aSaRhlf0t8p3IeTHY
2zMXin7yKiDBq37vjOjZb5DNeanFBkddPyEARxQTwl7A8jzI9JODfsBDXv6S2B7D
Pjd+lIVhr4H6UwzAetS6ghPAyM8MXG6L+wGgK1hkj+SbTgTPe0hnEgLJlvEE46vS
M3/nFZjgbzQ2ayrIcVvNcqqpXXfU3zA6KwiQAkwE3R5flPxmBSvNO5RJJuOboReU
mTYzjUs9w29JF7HOQDOyFeqjwAVE/GPXRajUjxh3UfQzeZBygFYR7WSewV2jDhYY
Jbk4aGIyJqpt1ABy3mcyQ9Ob+qd9ip907LVDTBzZ7Y65ZkZxsgs=
=Ng+E
-----END PGP SIGNATURE-----
--A8C7E207B9.1770926585/bendel.debian.org--
