On 05/08/21 22:53, jonathan.mailing.li...@gmail.com wrote: > I've had quite a lot of bounces recently. This seems largely to have been > because my hosting company was having difficulty sending to Outlook (and > therefore maybe Microsoft servers generally). But I've been taking more > interest in the bounce messages as well. > > > > These have included "Rejected by header based Anti-Spoofing policy" (an > organisation using Mimecast recognising its own email address in the From: > header), "DMARC Verification Failed" for a domain with p=reject (despite > dmarc_moderation_action being Munge From), "This email has been delivered to > the intended recipient, but our email system has identified that DKIM > Signing is missing or has been misconfigured. Please ask your IT department > to configure DKIM Signing to allow us to confirm the authenticity of your > emails." (despite the hosting company having the right DKIM record) and > more.
I had this problem very badly after moving our server to the cloud (Linode), but not with this particular error message. At the beginning, most of the mail to any hotmail, outlook, live, ... address was rejected. Over a period of weeks, I made many changes, very few (if any) of which correspond to what you have done or what Marc Sapiro recommended, so there may be other solutions to this problem. Although these Microsoft addresses were the worst, I was also having trouble with other addresses because of Spamhaus, Barracuda, etc., these wonderful services that prevent users from deciding what isn't spam. A lot of this trouble came from ipv6, which I don't think is relevant to Microsoft, except that Microsoft seems to count bounces of any sort. The solution to that was to get a proper ipv6 "range" with /64 at the end (and get it to work, no mean feat). As of now, I am able to send email to my list of about 4000 subscribers with zero bounces for most posts (one or two at most). Here are some of the things that I did. I don't know which of them helped, but I make some guesses below. 1. Try to communicate with Microsoft. This provided an overview of the situation, but nobody could intervene on the automatic system they used. See the following sites: https://sendersupport.olc.protection.outlook.com/pm/troubleshooting.aspx https://sendersupport.olc.protection.outlook.com/pm/junkemail.aspx https://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75 (The last address seems to send email to a black hole, although I did get one reply after about 20 attempts.) https://sendersupport.olc.protection.outlook.com/snds/ You need a Microsoft login for this. It helps keep track of your "reputation". 2. Some other sites that provide information that might help reduce bounces: https://www.liquidweb.com/kb/gmail-blacklist/ https://support.google.com/mail/answer/81126?hl=en https://check.spamhaus.org/ https://mxtoolbox.com/blacklists.aspx https://www.barracudacentral.org/ Note that gmail also bounces "spam", although it is not as crazy as many of the others. 3. Set up DKIM and SPF. Dmarc was not necessary. The spf record has a piece especially for gmail. It looks like this: google-site-verification=E7LnfEhlLaYOfjeEzC2K-ylS4gctXNxge2BVz45y0XU v=spf1 +mx +a include:_spf.google.com ~all I'm not sure that the first line has anything to do with email. (We also have a web site.) 4. In /etc/mail/sendmail.mc, define(`confMAX_HOP',`100') The default number of "hops" ("Received") in an email message is too low and must be increased. Some bounces result from "too many hops", meaning that sendmail decides it is a mail loop. (An equivalent setting may exist in other MTAs.) 5. In /etc/mailman/mm_cfg.py: SMTP_MAX_RCPTS = 5 (Some sites decide that mail is spam if too many emails come at the same time.) MAX_AUTORESPONSES_PER_DAY = 50 (I'm not sure what this one does!) SUBSCRIBE_FORM_SECRET = [some string] (I'm not sure that this does anything, but it was recommended in Defaults.py.) SUBSCRIBE_FORM_MIN_TIME = seconds(10) (This is supposed to stop bots. I'm not sure it does anything.) CAPTCHAS = { 'en': [ ('What is two times six?', '(12|twelve)'), ], } This was also recommended in Default.py, which is worth reading in detail. This was soft-linked from /etc/mailman, but the original is in /usr/lib/mailman/Mailman/Defaults.py. Then, to get this to work, edit the equivalent of /var/lib/mailman/lists/jdm-society/en/listinfo.html to add <tr><td><mm-captcha-ui></td></tr> just before the row with "Your name". (jdm-society is the name of the list in question.) This part is hinted at in Defaults.py but not fully explained. This "captcha" prevents bots from trying to subscribe to the list. When they do this, the confirmation email bounces, increasing our "bounce score". The captcha completely eliminated subscriptions from bots. There are fancier forms of captcha, but this one is a lot easier for normal humans that counting street lights or motorcycles. 6. Prevented the use of digest on the list. I noticed that a large proportion of the bounces came from members who had chosen the digest format. I suspect that this had to do with the MIME encoding. This was a fairly radical step. I did not try the alternative encoding. (Most posts to the list in question are time-sensitive, and it is a bad idea to use "digest" anyway, and there were no complaints about this change.) Probably there are ways to avoid having to do this. 7. Last but not least, many bounces resulted from "host not found" errors. This turned out to result from Linode's deficient nameserver. If I enter, for example, host psych.ac.cn from my Linode account, it failed to find a "mail received by" address, but the same query from other servers did yield an address. I thus changed my primary nameserver to one of Google's (8.8.8.8 or 8.8.4.4). There are of course others that work. (I use Fedora Linux, I can provide advice about how to do this on Fedora, but I did not think it would be useful here. It is not trivial.) Jon -- Jonathan Baron, Professor of Psychology, University of Pennsylvania Home page: https://www.sas.upenn.edu/~baron Editor: Judgment and Decision Making (http://journal.sjdm.org) Associate webmaster: sjdm.org ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
