Re: [qmailtoaster] forwarding to gmail address fails because of hard spf check

[あいざわひろし]

Hi Peter,

What kind of malformed header cause it?

I wonder whether I can drop such mail in /var/qmail/alias/.qmail-srs-default .
--
AIZAWA Hiroshi

2023年2月23日(木) 20:32 Peter Peltonen :
>
> Ok good.
>
> I actually ran into a SRS related problem yesterday: i think a malformed 
> headers in spam msg caused to SRS to fail which put my qmail send process in 
> a loop with error
>
> No user in SRS0 address
>
> Qmail spawned more and more processes until my server got unresponsive and I 
> had to reboot the server. After qmail had started, the same thing happened 
> again.
>
> I had to disable SRS to get everything working.
>
> Very unfortunate, everything had worked so well until now.
>
> Peter
>
> to 23. helmik. 2023 klo 11.38 あいざわひろし  kirjoitti:
>>
>> Hi guys
>>
>> Thanks to this thread, gmail.com now receives forwarded message from
>> my mailserver .
>>
>> I noticed that mx.google.com says 'spf=neutral' in the header
>> ARC-Authentication-Results
>> I created  SPF record for domain srs (in this example, srs.xyz.com) and now
>> mx.google.com says 'spf=pass'.
>>
>> I think it is better to make the spf record for srs domain.
>>
>> --
>> AIZAWA Hiroshi
>>
>> 2023年1月3日(火) 18:23 Peter Peltonen :
>> >
>> > Googling "srs qmailtoaster" gave me this link:
>> >
>> > http://wiki.qmailtoaster.net/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>> >
>> > which does not work, it seems qmailtoaster.com should be used instead of 
>> > .net
>> >
>> > Okay now we have the instructions I guess I could try to test it, I have a 
>> > spare registered domain I could test with. Does this sound ok procedure:
>> >
>> > setup domain xyz.com with SPF with hard fail (-all) and the toaster as the 
>> > MX
>> > send email from xyz.com to GMail through our toaster: should pass ok
>> > setup forwarding from xyz.com to GMail
>> > send email to xyz.com: should fail because GMail does not accept
>> > setup SRS at toaster:
>> >
>> > create NS record for domain srs.xyz.com with MX pointing to our toaster
>> > echo srs.xyz.com > /var/qmail/control/srs_domain
>> > mkpasswd -l 32 > /var/qmail/control/srs_secrets
>> > mkpasswd -l 32 >> /var/qmail/control/srs_secrets
>> > (repeat mkpasswd as many times you need, not sure how many is really 
>> > needed?)
>> > echo 7 > /var/qmail/control/srs_maxage
>> > echo 8 > /var/qmail/control/srs_hashlength
>> > qmailctl restart
>> > echo srs.xyz.com >> /var/qmail/control/rcpthosts
>> > echo srs.xyz.com:srs >> /var/qmail/control/virtualdomains
>> > echo "| /var/qmail/bin/srsfilter" > /var/qmail/alias/.qmail-srs-default
>> > (ownershp of other alias files on my server are user alias group nofiles, 
>> > so probably this should be changed to the same?)
>> >
>> > send email to xyz.com: should pass ok
>> >
>> >
>> > What do you think Angus?
>> >
>> > Best,
>> > Peter
>> >
>> >
>> > On Mon, Jan 2, 2023 at 7:52 PM Angus McIntyre  wrote:
>> >>
>> >>
>> >>
>> >> Peter Peltonen wrote on 1/2/23 11:57 AM:
>> >> > Some of my toaster users have their email forwarded to Gmail ... Some
>> >> > googling around tells me that SRS could be the solution for this
>> >> > problem.
>> >> >
>> >> > There is info on this at Qmailtoaster Wiki, but the site seems to be
>> >> > somehow broken.
>> >>
>> >> Which page are you looking at, and in what way does it seem broken?
>> >>
>> >>
>> >> http://wiki.qmailtoaster.com/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>> >>
>> >> currently loads fine for me, and looks as if it has good information.
>> >>
>> >> I should stress that I haven't tried this yet. I didn't know about SRS
>> >> until you posted this (thank you!) but I'm having the same issue as you
>> >> and it sounds as if this might be just what I need.
>> >>
>> >> Would anyone who's actually implemented this care to comment?
>> >>
>> >> Angus
>> >>
>> >>
>> >> -
>> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> >>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] forwarding to gmail address fails because of hard spf check

[Philip Nix Guru]

Hello Peter

The issue you had yesterday is something that never got fixed

I ran into that already in 2013


I d suggest monitoring /var/log/qmail/send/current

(make a cron script) and if you trigger the error just rename 
/var/qmail/control/srs_domain to /var/qmail/control/srs_domain.alert or 
whatever


so you wont break your server ..


Regards

-Philip



On 2/23/23 12:02, Peter Peltonen wrote:

Ok good.

I actually ran into a SRS related problem yesterday: i think a 
malformed headers in spam msg caused to SRS to fail which put my qmail 
send process in a loop with error


No user in SRS0 address

Qmail spawned more and more processes until my server got unresponsive 
and I had to reboot the server. After qmail had started, the same 
thing happened again.


I had to disable SRS to get everything working.

Very unfortunate, everything had worked so well until now.

Peter

to 23. helmik. 2023 klo 11.38 あいざわひろし  
kirjoitti:


Hi guys

Thanks to this thread, gmail.com  now receives
forwarded message from
my mailserver .

I noticed that mx.google.com  says
'spf=neutral' in the header
ARC-Authentication-Results
I created  SPF record for domain srs (in this example, srs.xyz.com
) and now
mx.google.com  says 'spf=pass'.

I think it is better to make the spf record for srs domain.

--
AIZAWA Hiroshi

2023年1月3日(火) 18:23 Peter Peltonen :
>
> Googling "srs qmailtoaster" gave me this link:
>
>

http://wiki.qmailtoaster.net/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>
> which does not work, it seems qmailtoaster.com
 should be used instead of .net
>
> Okay now we have the instructions I guess I could try to test
it, I have a spare registered domain I could test with. Does this
sound ok procedure:
>
> setup domain xyz.com  with SPF with hard fail
(-all) and the toaster as the MX
> send email from xyz.com  to GMail through our
toaster: should pass ok
> setup forwarding from xyz.com  to GMail
> send email to xyz.com : should fail because
GMail does not accept
> setup SRS at toaster:
>
> create NS record for domain srs.xyz.com 
with MX pointing to our toaster
> echo srs.xyz.com  >
/var/qmail/control/srs_domain
> mkpasswd -l 32 > /var/qmail/control/srs_secrets
> mkpasswd -l 32 >> /var/qmail/control/srs_secrets
> (repeat mkpasswd as many times you need, not sure how many is
really needed?)
> echo 7 > /var/qmail/control/srs_maxage
> echo 8 > /var/qmail/control/srs_hashlength
> qmailctl restart
> echo srs.xyz.com  >>
/var/qmail/control/rcpthosts
> echo srs.xyz.com:srs >> /var/qmail/control/virtualdomains
> echo "| /var/qmail/bin/srsfilter" >
/var/qmail/alias/.qmail-srs-default
> (ownershp of other alias files on my server are user alias group
nofiles, so probably this should be changed to the same?)
>
> send email to xyz.com : should pass ok
>
>
> What do you think Angus?
>
> Best,
> Peter
>
>
> On Mon, Jan 2, 2023 at 7:52 PM Angus McIntyre 
wrote:
>>
>>
>>
>> Peter Peltonen wrote on 1/2/23 11:57 AM:
>> > Some of my toaster users have their email forwarded to Gmail
... Some
>> > googling around tells me that SRS could be the solution for this
>> > problem.
>> >
>> > There is info on this at Qmailtoaster Wiki, but the site
seems to be
>> > somehow broken.
>>
>> Which page are you looking at, and in what way does it seem broken?
>>
>>
>>

http://wiki.qmailtoaster.com/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>>
>> currently loads fine for me, and looks as if it has good
information.
>>
>> I should stress that I haven't tried this yet. I didn't know
about SRS
>> until you posted this (thank you!) but I'm having the same
issue as you
>> and it sounds as if this might be just what I need.
>>
>> Would anyone who's actually implemented this care to comment?
>>
>> Angus
>>
>>
>>
-
>> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
>>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] forwarding to gmail address fails because of hard spf check

[Peter Peltonen]

Ok good.

I actually ran into a SRS related problem yesterday: i think a malformed
headers in spam msg caused to SRS to fail which put my qmail send process
in a loop with error

No user in SRS0 address

Qmail spawned more and more processes until my server got unresponsive and
I had to reboot the server. After qmail had started, the same thing
happened again.

I had to disable SRS to get everything working.

Very unfortunate, everything had worked so well until now.

Peter

to 23. helmik. 2023 klo 11.38 あいざわひろし  kirjoitti:

> Hi guys
>
> Thanks to this thread, gmail.com now receives forwarded message from
> my mailserver .
>
> I noticed that mx.google.com says 'spf=neutral' in the header
> ARC-Authentication-Results
> I created  SPF record for domain srs (in this example, srs.xyz.com) and
> now
> mx.google.com says 'spf=pass'.
>
> I think it is better to make the spf record for srs domain.
>
> --
> AIZAWA Hiroshi
>
> 2023年1月3日(火) 18:23 Peter Peltonen :
> >
> > Googling "srs qmailtoaster" gave me this link:
> >
> >
> http://wiki.qmailtoaster.net/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
> >
> > which does not work, it seems qmailtoaster.com should be used instead
> of .net
> >
> > Okay now we have the instructions I guess I could try to test it, I have
> a spare registered domain I could test with. Does this sound ok procedure:
> >
> > setup domain xyz.com with SPF with hard fail (-all) and the toaster as
> the MX
> > send email from xyz.com to GMail through our toaster: should pass ok
> > setup forwarding from xyz.com to GMail
> > send email to xyz.com: should fail because GMail does not accept
> > setup SRS at toaster:
> >
> > create NS record for domain srs.xyz.com with MX pointing to our toaster
> > echo srs.xyz.com > /var/qmail/control/srs_domain
> > mkpasswd -l 32 > /var/qmail/control/srs_secrets
> > mkpasswd -l 32 >> /var/qmail/control/srs_secrets
> > (repeat mkpasswd as many times you need, not sure how many is really
> needed?)
> > echo 7 > /var/qmail/control/srs_maxage
> > echo 8 > /var/qmail/control/srs_hashlength
> > qmailctl restart
> > echo srs.xyz.com >> /var/qmail/control/rcpthosts
> > echo srs.xyz.com:srs >> /var/qmail/control/virtualdomains
> > echo "| /var/qmail/bin/srsfilter" > /var/qmail/alias/.qmail-srs-default
> > (ownershp of other alias files on my server are user alias group
> nofiles, so probably this should be changed to the same?)
> >
> > send email to xyz.com: should pass ok
> >
> >
> > What do you think Angus?
> >
> > Best,
> > Peter
> >
> >
> > On Mon, Jan 2, 2023 at 7:52 PM Angus McIntyre  wrote:
> >>
> >>
> >>
> >> Peter Peltonen wrote on 1/2/23 11:57 AM:
> >> > Some of my toaster users have their email forwarded to Gmail ... Some
> >> > googling around tells me that SRS could be the solution for this
> >> > problem.
> >> >
> >> > There is info on this at Qmailtoaster Wiki, but the site seems to be
> >> > somehow broken.
> >>
> >> Which page are you looking at, and in what way does it seem broken?
> >>
> >>
> >>
> http://wiki.qmailtoaster.com/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
> >>
> >> currently loads fine for me, and looks as if it has good information.
> >>
> >> I should stress that I haven't tried this yet. I didn't know about SRS
> >> until you posted this (thank you!) but I'm having the same issue as you
> >> and it sounds as if this might be just what I need.
> >>
> >> Would anyone who's actually implemented this care to comment?
> >>
> >> Angus
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> >> For additional commands, e-mail:
> qmailtoaster-list-h...@qmailtoaster.com
> >>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>

Re: [qmailtoaster] forwarding to gmail address fails because of hard spf check

[あいざわひろし]

Hi guys

Thanks to this thread, gmail.com now receives forwarded message from
my mailserver .

I noticed that mx.google.com says 'spf=neutral' in the header
ARC-Authentication-Results
I created  SPF record for domain srs (in this example, srs.xyz.com) and now
mx.google.com says 'spf=pass'.

I think it is better to make the spf record for srs domain.

--
AIZAWA Hiroshi

2023年1月3日(火) 18:23 Peter Peltonen :
>
> Googling "srs qmailtoaster" gave me this link:
>
> http://wiki.qmailtoaster.net/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>
> which does not work, it seems qmailtoaster.com should be used instead of .net
>
> Okay now we have the instructions I guess I could try to test it, I have a 
> spare registered domain I could test with. Does this sound ok procedure:
>
> setup domain xyz.com with SPF with hard fail (-all) and the toaster as the MX
> send email from xyz.com to GMail through our toaster: should pass ok
> setup forwarding from xyz.com to GMail
> send email to xyz.com: should fail because GMail does not accept
> setup SRS at toaster:
>
> create NS record for domain srs.xyz.com with MX pointing to our toaster
> echo srs.xyz.com > /var/qmail/control/srs_domain
> mkpasswd -l 32 > /var/qmail/control/srs_secrets
> mkpasswd -l 32 >> /var/qmail/control/srs_secrets
> (repeat mkpasswd as many times you need, not sure how many is really needed?)
> echo 7 > /var/qmail/control/srs_maxage
> echo 8 > /var/qmail/control/srs_hashlength
> qmailctl restart
> echo srs.xyz.com >> /var/qmail/control/rcpthosts
> echo srs.xyz.com:srs >> /var/qmail/control/virtualdomains
> echo "| /var/qmail/bin/srsfilter" > /var/qmail/alias/.qmail-srs-default
> (ownershp of other alias files on my server are user alias group nofiles, so 
> probably this should be changed to the same?)
>
> send email to xyz.com: should pass ok
>
>
> What do you think Angus?
>
> Best,
> Peter
>
>
> On Mon, Jan 2, 2023 at 7:52 PM Angus McIntyre  wrote:
>>
>>
>>
>> Peter Peltonen wrote on 1/2/23 11:57 AM:
>> > Some of my toaster users have their email forwarded to Gmail ... Some
>> > googling around tells me that SRS could be the solution for this
>> > problem.
>> >
>> > There is info on this at Qmailtoaster Wiki, but the site seems to be
>> > somehow broken.
>>
>> Which page are you looking at, and in what way does it seem broken?
>>
>>
>> http://wiki.qmailtoaster.com/index.php/Configuring_SRS_on_Toaster_1.03-1.3.13%2B
>>
>> currently loads fine for me, and looks as if it has good information.
>>
>> I should stress that I haven't tried this yet. I didn't know about SRS
>> until you posted this (thank you!) but I'm having the same issue as you
>> and it sounds as if this might be just what I need.
>>
>> Would anyone who's actually implemented this care to comment?
>>
>> Angus
>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com