On 02-08-17 16:41, Simon Hobson wrote:
Antony Stone <antony.st...@devuan.open.source.it> wrote:
Is it possible to check the mail server logs for delivery failures on the
problematic addresses (which is presumably what the warning email means by
"bounces") to see what reason was given by the receiving server?
That's the important thing to look for - and my money is it's related to SPF
and/or DMARC.
The supporters of SPF knew in advance that "it breaks stuff that's in widespread and valid
use" but simply declared these activities to be "no longer valid"*. Key bits of the
stuff it breaks are mailing lists and email forwarding.
The answer for SPF is SRS - which as far as I can tell means having the mailing
list/forwarder modify the headers - which effectively means you can bypass SPF
checks !
If the sender domain doesn't publish SPF records or the recipient server
doesn't check them then all is fine - but if the sender has an SPF record AND
the recipient server checks it, then it breaks all traditional mailing
list/mail forwarding techniques.
So now almost all mailing list admins are having to deal with the pile of excrement handed down by
"the big guys" who frankly don't give a **** about anyone else as long as they can make
it LOOK like they are dealing with spam for their customers. Unfortunately, MS (Hotmail, Office
365, etc), Google (gmail etc), and Yahoo, between them have enough clout that you can't really do
anything but ask "how high ?" when they ask you to jump :-(
Just one reason why I run my own mail server and neither publish nor check SPF
records.
* Like in the old joke :
Q: how many Microsoft people does it take to change a lightbulb ?
A: none, they just change the industry standard to dark
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
My mailserver does give some warnings about dkim like:
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: tupac2.dyne.org
[178.62.188.7] not internal
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: not authenticated
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: s=20161025 d=gmail.com SSL
Aug 2 16:40:48 mail opendkim[16133]: 5358E209: bad signature data
And two hard errors last two days:
Aug 1 17:25:48 mail opendkim[16133]: E62803F0: key retrieval failed
(s=mail, d=dyne.org): 'mail._domainkey.dyne.org' query timed out
Aug 2 16:29:03 mail opendkim[16133]: DD24A209: key retrieval failed
(s=mail, d=dyne.org): 'mail._domainkey.dyne.org' query timed out
Not sure what get added when sending to a maillist but apparently not
everything needed.
Grtz.
Nick
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
