That is the apricot conference AS and netblock - used only for
the apricot conference and not random IP space provided by a local ISP in
Kathmandu where you currently are.
Quite clean but it won’t get used at all between conferences.
On Mon, Feb 26, 2018 at 10:48 PM -0800, "Philip Paeps" <phi...@trouble.is>
wrote:
I'm at a conference this week, sending email from very untrustworthy IP space.
Of course I'm relaying through my usual servers.
Sending mail to a GSuites mailing list (or do they call them "groups"?) gets
250 accepted but does not actually arrive on the list. I don't get a copy (I'm
subscribed to the list) and other subscribers confirm out of band that they
don't see my email either (they looked in their spam folders too).
I did a couple of experiments.
A message with the first Received: header as follows does not arrive on a
GSuites-hosted mailing list (despite being 250 accepted):
Received: from twoflower.trouble.is (254.158.dhcp.conference.apricot.net
[220.247.158.254])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
(Authenticated sender: philip)
by rincewind.trouble.is (Postfix) with ESMTPSA id 3zr7nV5QjfzttZ
for <redacted>; Tue, 27 Feb 2018 06:19:10 +0000 (UTC)
An identical message with the first Received like this does arrive:
Received: from twoflower.trouble.is (localhost [127.0.0.1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
(Authenticated sender: philip)
by rincewind.trouble.is (Postfix) with ESMTPSA id 3zr7xw1W8xztth
for <redacted>; Tue, 27 Feb 2018 06:26:28 +0000 (UTC)
The intermediate relays (between my laptop - twoflower.trouble.is) and the
Google machine reporting 250 are identical. IPv4 or IPv6 makes no difference.
Content and other headers also substantially identical (modulo timestamps,
queue ids and Message-ID). Domain does SPF and DKIM (but not DMARC).
Simply rewriting the mumble-mumble-dhcp-mumble and the dodgy origin address
with localhost gets the email delivered.
Note that as far as I can tell this is only true for GSuites (and I've only
tried one list). Mail to GMail seems to be working fine.
Of course relays do get compromised from time to time, so peeking at the first
hop is not a completely crazy thing for GSuites to do. But silently dropping
the email after accepting feels a little disproportionate. Perhaps a 451 would
be more appropriate?
I have no way of knowing if GSuites is actually looking too closely at my
first-hop Received: headers but that's the only theory I can come up with for
my emails not arriving on that GSuites list.
Has anyone else seen this? Brandon, can you comment if this is something to
beware of?
Thanks.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
