On Tue, Dec 31, 2019 at 9:37 PM Gaelan Steele via agora-discussion
<agora-discussion@agoranomic.org> wrote:
> Thanks for the very informative message! Out of curiosity, is there any
> reason From munging needs to be off for non-Gmail hosts, specifically
> Fastmail (who probably shows up in your log as messagingengine.com)? I saw
> you mention that they bounced messages from the EC2 server, but it’s unclear
> if any of the original issues apply.
Do you mean 'needs to be on'? To clarify, 'From munging' in this case
means changing the From header to the list address, and it should
currently be on for everyone, since I enabled it using an existing
Mailman option ('from_is_list') which isn't recipient-specific.
Indeed, problems delivering to non-Gmail servers seem to be limited to
ec2.qoid.us, probably because the IP address didn't get a chance to
build up a reputation; I don't see any similar rejections in
vps.qoid.us's logs. Thus it probably would have sufficed to enable
>From munging only for Gmail recipients. However, I didn't bother
writing the few lines of code necessary for that, since this is meant
to be a temporary measure anyway. :) Also, the IP was listed on
backscatterer.org, which I was concerned other servers might take into
account, even if none apparently saw fit to reject list mail because
of it. ("Was" listed, because I just checked backscatterer.org again,
and the entry has expired already! That's nice. But I'll give Gmail
more time.)
Incidentally, I wonder why vps.qoid.us didn't get similar failures
when I first started running the list. Perhaps it did, but nobody
noticed at the time. Perhaps anti-spam systems have gotten more
trigger-happy since then. One factor might be that ec2.qoid.us, as
the name suggests, is hosted on EC2, and that IP block might be
treated as more suspicious – although I believe the individual IP has
been assigned to me for some time, and I hadn't previously used it for
mail.
...Also, I just realized that when switching to the 'notqmail' fork of
qmail, I dropped the qmail-verify patch, meaning that I unknowingly
broke backscatter protection hours after enabling it. Getting off
backscatterer.org was mere luck! As of right now, verification is
really, truly on. I should probably switch to a modern mail server
rather than juggling qmail patches – but I'm unenthusiastic about the
risk of breaking things yet again.
