On Tue, Mar 31, 2026 at 2:16 PM Patrick Ben Koetter via mailop < [email protected]> wrote:
> * Washington Odhiambo via mailop <[email protected]>: > > As a mailing list administrator, I am facing a challenge that has pushed > me > > to my /etc. > > I manage a mail server which handles emails for users accounts and public > > mailing lists. > > One of my mailing lists is subject to a special problem: The first post > > would get delivered to all list subscribers. Subsequent responses to that > > post would fail to get delivered to almost ALL the subscribers with gmail > > servers saying: > > ``` > > A message that you sent could not be delivered to one or more of its > > recipients. This is a permanent error. The following address(es) failed: > > > > [email protected] > > host alt1.gmail-smtp-in.l.google.com [192.178.213.26] > > SMTP error from remote mail server after end of data: > > 550-5.7.1 [62.169.28.150 12] Gmail has detected that this > message > > is likely > > 550-5.7.1 unsolicited mail. To reduce the amount of spam sent to > Gmail, > > this > > 550-5.7.1 message has been blocked. For more information, go to > > 550 5.7.1 > https://support.google.com/mail/?p=UnsolicitedMessageError > > a640c23a62f3a-b9b20250abbsi318855766b.53 > > - gsmtp > > ``` > > What comes to mind? > > gmail (and exchange online) enforce a "no auth, no entry" policy that > rejects > messages from a sender if that sender doesn't implement email > authentication > (SPF, DKIM, DMARC) *and* sends more than 5k messages /day. > > But you seem to have done your homework: > > % dig +short TXT lists.kictanet.or.ke > "v=spf1 a:eu.kictanet.or.ke mx:eu.kictanet.or.ke ip4:62.169.28.150 -all" > > # NOTE and Off-Topic: a:eu.kictanet.or.ke and mx:eu.kictanet.or.ke repeat > your > # final ip4:62.169.28.150 statement. Unless you really need them for other > # purposes I'd get rid of a:eu.kictanet.or.ke and mx:eu.kictanet.or.ke and > # leave only ip4:62.169.28.150. Having the DNS names in there causes extra > DNS > # lookups. > > % dig +short TXT _dmarc.lists.kictanet.or.ke > "v=DMARC1;p=reject;sp=none;pct=100;rua=mailto:[email protected] > ;ruf=mailto:[email protected];ri=86400;fo=1;"; > > # NOTE: If I am correct, then the last semikolon is not required and you > can > # end "... fo=1". IIRC pct=100 has been deprecated and - at least in EU - > # asking for ruf-reports is privacy-invasive and forbidden. > I will make those DNS changes you've suggested, although I think they are cosmetic, right? > What else? > > DKIM signing errors? Do you DKIM sign messages? Do the lists behave > DMARC-compliant, i.e. do not break existing DKIM signatures, do not modify > Subject:-Header and the message body? > All list posts are DKIM signed. Mailman3 does DMARC mitigation unconditionally. Nothing get's modified that is unbecoming. Also, if that listserver sends mail out periodically only it will loose it's > (good) reputation and the IP will have to build up a good reputation again. > During that time messages from the server are subject to strict rate > limits. > The ML is relatively active. And even when not, I do send two automated emails to the list - on 15th of every month and at the end of every month. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
