11:44 a.m.
I noticed recently that each time I send an email to the kde(a)lists.fedoraproject.org
mailing list I get up to three failed DMARC reports from other email servers.
The list is sending email "from" me with the source address:
Source-IP: 38.145.60.11 (bastion-iad01.fedoraproject.org)
Which, of course, does not match up with my email server's IP address, so SPF fails,
It also appears that DKIM signature also does not match.
I've had my server's DNS set up to request DMARK failure reports for a few years
and haven't seen any reports lately except via this list. So I am wondering if
something is mis-configured on this list server.
Emmett
12:47 p.m.
On Fri, Aug 27, 2021 at 09:44:07AM -0700, Emmett Culley wrote:
Which, of course, does not match up with my email server's IP
address, so
SPF fails, It also appears that DKIM signature also does not match.
I think we _can't_ make the DKIM signature match, because we add footers
pointing to unsubscribe information and list guidelines.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
1:13 p.m.
On 8/27/21 10:47 AM, Matthew Miller wrote:
On Fri, Aug 27, 2021 at 09:44:07AM -0700, Emmett Culley wrote:
> Which, of course, does not match up with my email server's IP address, so
> SPF fails, It also appears that DKIM signature also does not match.
I think we _can't_ make the DKIM signature match, because we add footers
pointing to unsubscribe information and list guidelines.
I don't think DKIM will be a problam as long as the list server doesn't
alter certain headers, which yu are saying it does. But DKIM failing alone would not
cause the DMARK to fail, as both SPF and DKIM have to fail.
So this is an SPF issue as far as I can tell.
Emmett
1:26 p.m.
On Fri, Aug 27, 2021 at 11:13:28AM -0700, Emmett Culley wrote:
I don't think DKIM will be a problam as long as the list server
doesn't
alter certain headers, which yu are saying it does. But DKIM failing alone
would not cause the DMARK to fail, as both SPF and DKIM have to fail.
It alters the message body. Not sure about the relevant headers offhand.
So this is an SPF issue as far as I can tell.
Yes; that's a problem with mailing lists in general and strict SPF. We could
change it so messages claim to be coming from the list rather than from you,
but that breaks key assumptions about how mailing lists work.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader
1:57 p.m.
On 8/27/21 11:26 AM, Matthew Miller wrote:
On Fri, Aug 27, 2021 at 11:13:28AM -0700, Emmett Culley wrote:
> I don't think DKIM will be a problam as long as the list server doesn't
> alter certain headers, which yu are saying it does. But DKIM failing alone
> would not cause the DMARK to fail, as both SPF and DKIM have to fail.
It alters the message body. Not sure about the relevant headers offhand.
> So this is an SPF issue as far as I can tell.
Yes; that's a problem with mailing lists in general and strict SPF. We could
change it so messages claim to be coming from the list rather than from you,
but that breaks key assumptions about how mailing lists work.
What strikes me is this is the only list that causes this. I suppose it is likely that
there are simply three email servers receiving email from this list that has openDMARC set
up to send failure message to those servers that request them. Like my email DNS is set up
to do. Usually those messages are sent out only once a day, but these I am getting within
seconds of posting a message to this list.
I am aware of the list server issues around SPF, yet some seem to have resolved it. Or at
least it seems that way.
Since this issue is not effecting my access to the list, I will filter those messages to
trash and mark then read.
Emmett
971
days inactive
972
days old
4 comments
2 participants
participants (2)
-
Emmett Culley -
Matthew Miller