[Tools-discuss] Fwd: [rt5.ietf.org #6435] Unable to get mail back from alias expansion - expand-mediaman-chairs
Tero Kivinen <kivinen@iki.fi> Thu, 19 May 2022 14:13 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: tools-discuss@ietfa.amsl.com
Delivered-To: tools-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81FC8C16551E for <tools-discuss@ietfa.amsl.com>; Thu, 19 May 2022 07:13:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhfrRvZEipvl for <tools-discuss@ietfa.amsl.com>; Thu, 19 May 2022 07:13:03 -0700 (PDT)
Received: from meesny.iki.fi (meesny.iki.fi [IPv6:2001:67c:2b0:1c1::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8589C165514 for <tools-discuss@ietf.org>; Thu, 19 May 2022 07:13:02 -0700 (PDT)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by meesny.iki.fi (Postfix) with ESMTPSA id 4E2C920034; Thu, 19 May 2022 17:12:57 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1652969577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gko9iWWtN/tynw5N+Vr/dphYf+8XGONauc54oL8AXTQ=; b=NIGwG6ut2CQ29vWFxO12PftO+A3yRfL+hFQ0l0h8B8XrVAMMJiO/w72+nuV/tdmF6hs5YR Xk8jkxHkCtdm5a6PxHc8FSgfglHhAWnrv+XW+HDnf+25edk8VeVM9xBsMq0UXY9r+dFmgW WAH9lelkh9o6HvvFUocVYyI0rMi6dtg=
Received: by fireball.acr.fi (Postfix, from userid 15204) id 69E6825C1299; Thu, 19 May 2022 17:12:56 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <25222.20584.363434.662292@fireball.acr.fi>
Date: Thu, 19 May 2022 17:12:56 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: tools-discuss@ietf.org
In-Reply-To: <a5e072c6-b370-0134-af78-1fb2f2762b01@alvestrand.no>
References: <rt-5.0.1-61158-1652918204-1888.6435-5-0@rt5.ietf.org> <a5e072c6-b370-0134-af78-1fb2f2762b01@alvestrand.no>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 30 min
X-Total-Time: 30 min
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1652969577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gko9iWWtN/tynw5N+Vr/dphYf+8XGONauc54oL8AXTQ=; b=ARDIiEtag0WNISnypGetvFfaiXOl6rxD90Pc/Ial104h+rWUWoQachUb5TH4XTSPMc4JzN HddSrvAyk54ZvF778uhcxF903RdnJJJ2yb6zfD1vdEcUtqWpNlyyHV2kxXqYPDLRgx3UC2 wFb1SHpx9TjbgoT02Y3MyDCzZ4TykJA=
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Seal: i=1; s=meesny; d=iki.fi; t=1652969577; a=rsa-sha256; cv=none; b=bsj6VVIoLhhOB5XYDohy+IGtT7IzI9cnaL99eiXQnIQtmYW9WzauiahAf4neefN47JZNqw YlF07EKPJE3SxxSA87yhhyrq18HjsV4zKBFsv5E1wUNYRRNPwEc0m8t97oDakjTdTfKZpa tN8uhxlgtEdzGS1kDqwTmIgwtDwxuX8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tools-discuss/bG4-kjK8s9i3d7G-sdE4YRy6Vls>
Subject: [Tools-discuss] Fwd: [rt5.ietf.org #6435] Unable to get mail back from alias expansion - expand-mediaman-chairs
X-BeenThere: tools-discuss@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF Tools Discussion <tools-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-discuss/>
List-Post: <mailto:tools-discuss@ietf.org>
List-Help: <mailto:tools-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2022 14:13:07 -0000
Harald Alvestrand writes: > Who's in charge of the interaction between mailer and -chairs aliases? I am part of team running iki.fi forwarding service in finland. We have bit less than 30000 members using permanent forwarding service, which provides permanent address (for example my kivinen@iki.fi) and forwards that to the address where members want to read their emails. This allows changing universities, companies etc without loosing touch with your friends. So this kind of issues are quite well known to us. The biggist problem is the SPF which should never have been approved by IETF, and especially with the -all policy which some consultant companies suggest you should use. http://www.spfconsideredharmful.org/ To solve these issues we offer few services which makes this workable for most of our users: 1) We use ARC to sign incoming messages before they are forwarded, and this allows end systems to verify the ARC headers, and whitelist our servers. I think that some of those modern mailbox service providers are actually already doing that, i.e., they allow users an ablity to configure the whitelist of trusted ARC senders. 2) We offer read-only web mail box for our members (opt-in), which stores copies for all emails sent to his address for last 7 days. This allows users for quick way of finding the mail even when it was filtered by his email provider. This mail box is read only, and automatically deletes all emails after 7 days, and does not allow any way of sending emails out etc. 3) We also offer outgoing SMTP service which allows DKIM signing emails our members send out with @iki.fi address. Some email services do allow SPF failures if there is proper DKIM headers. And of course we help our members to convince their work email adminstrators to properly configure their SPF records, and this quite often works for companies which actually have adminstrators, as companies usually care whether their emails go through or not. This is quite different to free email services where the user is product sold to the advertisers and those services do not care whether email is reliable or not, they usually do not even have any support you could contact and complain... Anyways as DKIM and ARC do work with forwarded emails so I think we should eat our own dogfood and make sure that: 1) All emails forwarded using draft/xxx-chair etc aliases (i.e., the ones which do not change smtp envelope address) should have ARC headers generated by ietf.org mail server. 2) All emails which do change smtp envelope address (i.e. mailing lists) should have DKIM headers added (and I think they already do that). So I think we should configure ARC to be used for all those email aliases which do not change envelope address. Changing those aliases to be "mailing lists" would break other things, so that is not a good solution. > -------- Forwarded Message -------- > Subject: [rt5.ietf.org #6435] Unable to get mail back from alias > expansion - expand-mediaman-chairs > Date: Wed, 18 May 2022 19:56:44 -0400 > From: Glen Barney via RT <support@ietf.org> > Reply-To: support@ietf.org > To: harald@alvestrand.no > > > > Hi Harald - > > You are correct in every respect. You can, if you wish, make that > change to your SPF settings, but that will of course only solve it for > messages you send. > > The aliases are generated by the Datatracker and the processing methods > are managed by it as well. As such, this is not something that I, as > the operator, can fix, unfortunately. If I may, I'd recommend engaging > with the Tools Team on the tools-discuss list about this. That will at > least let them know that you're being impacted. I would guess that as > more people report these problems to them, they will be able to > prioritize the design of a solution for that problem. > > I'm very sorry that I can't do more here! > > Glen > -- > Glen Barney > IT Director > AMS (IETF Secretariat) > > > On Wed May 18 04:55:21 2022, harald@alvestrand.no wrote: > > It seems that the alias "expand-mediaman-chairs" is expanded at SMTP > > level rather than at RFC 822 level, meaning that it gets a problem > > with SPF. > > > > Do I need to tell my SPF config that 50.223.129.194 is authorized to > > send in my name, or can this be changed to a SPF-friendly method? > > > > Harald > > > > > > -------- Forwarded Message -------- > > Subject: Undelivered Mail Returned to Sender > > Date: Mon, 16 May 2022 22:30:09 -0700 (PDT) > > From: Mail Delivery System <MAILER-DAEMON@ietfa.amsl.com> > > To: harald@alvestrand.no > > > > This is the mail system at host ietfa.amsl.com. > > > > I'm sorry to have to inform you that your message could not > > be delivered to one or more recipients. It's attached below. > > > > For further assistance, please send mail to postmaster. > > > > If you do so, please include this problem report. You can > > delete your own text from the attached returned message. > > > > The mail system > > > > <harald@alvestrand.no> (expanded from > > <expand-mediaman-chairs@virtual.ietf.org>): host > > smtp.alvestrand.no[65.21.189.24] said: 550 5.7.23 > > <harald@alvestrand.no>: > > Recipient address rejected: Message rejected due to: SPF fail - > > not > > authorized. Please see > > > > http://www.openspf.net/Why?s=mfrom;id=harald@alvestrand.no;ip=50.223.129.194;r=<UNKNOWN> > > (in reply to RCPT TO command) > > ___________________________________________________________ > Tools-discuss mailing list - Tools-discuss@ietf.org > This list is for discussion, not for action requests or bug reports. > * Report datatracker and mailarchive bugs to: datatracker-project@ietf.org > * Report tools.ietf.org bugs to: webmaster@tools.ietf.org > * Report all other bugs or issues to: ietf-action@ietf.org > List info (including how to Unsubscribe): https://www.ietf.org/mailman/listinfo/tools-discuss -- kivinen@iki.fi
- [Tools-discuss] Fwd: [rt5.ietf.org #6435] Unable … Harald Alvestrand
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Carsten Bormann
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Harald Alvestrand
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Michael Richardson
- [Tools-discuss] Fwd: [rt5.ietf.org #6435] Unable … Tero Kivinen
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Carsten Bormann
- Re: [Tools-discuss] [rt5.ietf.org #6435] Unable t… Tero Kivinen
- Re: [Tools-discuss] Fwd: [rt5.ietf.org #6435] Una… Michael Richardson
- Re: [Tools-discuss] Fwd: [rt5.ietf.org #6435] Una… Tero Kivinen