User mailing list emails blocked SPF

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

User mailing list emails blocked SPF

MichaelAtOz
Hi,

I have a forum user with an email address at gmx.net who had difficulty registering to the
nabble associated mailing-list (lists.openscad.org).
i.e. his forum posts were flagged 'This post has NOT been accepted by the mailing list yet'

I ended up sending an invite, and he got registered. His mailing-list setting seem OK.
He is getting the general posts (ie others posting on the forum) as emails from the list, but whenever he posts
the email to him gets rejected with the post-office message below. So his forum posts are still flagged as above.

Hence not many see his posts - somewhat frustrating.

The error is a SPF rejection. Does openscad.org need a SPF record? I'm no email specialist.

Thanks,
Michael,
newly minted admin for forum.openscad.org

==========================================================
This is the mail system at host mbob.nabble.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<discuss@lists.openscad.org>: host lists.openscad.org[192.151.138.16] said: 550
    SPF: 162.253.133.15 is not allowed to send mail from gmx.net (in reply to
    RCPT TO command)

Reporting-MTA: dns; mbob.nabble.com
X-Postfix-Queue-ID: 256831D8CAD1
X-Postfix-Sender: rfc822; <users name>@gmx.net
Arrival-Date: Wed,  6 Jan 2016 10:23:02 -0800 (PST)

Final-Recipient: rfc822; discuss@lists.openscad.org
Original-Recipient: rfc822;discuss@lists.openscad.org
Action: failed
Status: 5.0.0
Remote-MTA: dns; lists.openscad.org
Diagnostic-Code: smtp; 550 SPF: 162.253.133.15 is not allowed to send mail from
    gmx.net

Reply | Threaded
Open this post in threaded view
|

Re: User mailing list emails blocked SPF

GregChapman
MichaelAtOz wrote
I have a forum user with an email address at gmx.net who had difficulty registering to the nabble associated mailing-list (lists.openscad.org).  i.e. his forum posts were flagged 'This post has NOT been accepted by the mailing list yet'
This sounds as if your forum user has not subscribed to the main list for which Nabble provides an archive.

You need to be aware that, in essence, Nabble is just another subscriber to the main mail list. The messages that it receives via its subscription are then automatically posted to the Nabble forum.

People who subscribe at the Nabble forum are simply asking to receive all the posts that Nabble receives, but that does nothing to subscribe them at the mail list itself.

People who register and post at Nabble, simply post to the Nabble forum. Nabble does forward those posts to the mail list, spoofing the original posters address - if it didn't spoof the address then every Nabble poster's post would become a post by Nabble itself and the original author's email address would get lost). However, 99.9% of mail list servers will only accept posts from its own subscribers.

If Nabble receives a rejection message from the mail list server, it then adds the "Pending" warning on the message in its forum that you describe. The Nabble subscriber MUST also subscribe to the mail list itself.

Unfortunately, the text that Nabble supplies by default at the top of any mail list archive page is a little confusing, if you are not aware of the difference between the archive and the list itself.

At http://forum.openscad.org/ it says:

========================
OpenSCAD
This forum is an archive for the mailing list discuss@lists.openscad.org (more options) Messages posted here will be sent to this mailing list.
Messages posted here will be sent to this mailing list if you have subscribed. This mailing list is a discussion forum for OpenSCAD users.
========================

The links take you to a page that allows you to subscribe to the mail list itself and perform other options. For example, it allows you to suspend your subscription to the mail list itself which is useful if you plan always to read and post via the archive.

I will suggest to Nabble that they change the standard wording to something like this:

This forum is an archive of messages posted to the mailing list discuss@lists.openscad.org.
Messages posted at this forum will be forwarded to the mailing list, however, they are likely to be rejected if the poster has not subscribed to the list itself and will show here as "pending".
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: User mailing list emails blocked SPF

MichaelAtOz
Thanks Greg.

But the user IS subscribed to the mailing-list, I'm an admin there, I checked. He had similar issues when registering via email, had to register via HTML.
He is also getting the mailing-list emails nabble sends to the list for everyone else's posts on the nabble forum.
But when he posts on the forum, his message is rejected.

It is rejected due to SPF. What is unclear is whether the SPF DNS records need to be added to mbob.nabble.com, or lists.openscad.org.

The error:
""<discuss@lists.openscad.org>: host lists.openscad.org[192.151.138.16] said: 550
    SPF: 162.253.133.15 is not allowed to send mail from gmx.net (in reply to
    RCPT TO command)"
(162.253.133.15 is mbob.nabble.com) says mbob is not allowed to spoof gmx.net so I'm guessing it may need to be nabble's DNS.

There is a similar support entry on SPF about apache.org here which also highlights past issues with gmx.
It says apache said "Now what Nabble needs to do for us is to rewrite those addresses using SRS, which ezmlm supports."

My, in-expert, view is that nabble needs SPF/SRS.

Michael
Reply | Threaded
Open this post in threaded view
|

Re: User mailing list emails blocked SPF

GregChapman
Your additional info is helpful. I am also inexpert in this area but suspect it does require a fix from Nabble.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: User mailing list emails blocked SPF

MichaelAtOz
See SRS. A simple explanation.

To me it says when nabble forwards the email to the mailing list, using <a_name@gmx.net> as the sender (ie spoofing) it needs to do  SRS which changes the from envelope  to <SRS0+hash=timwstamp=a_name=gmx.net=nabble_user_number_or_name?@nabble.com>   <<=something to tie back to the originator.

Given user=nnnn is used elsewhere, like;
forum.openscad.org/template/NamlServlet.jtp?macro=user_nodes&user=nnnn

More to it for handling bounced mails, but it seems pretty simple, and there appear to be directions for setting it up for the various MTAs.

So no SPF DNS required for nabble.com or openscad.org, that is only for sites who want to stop other spoofing, so possibly something to do, but not part of fixing this issue.
Reply | Threaded
Open this post in threaded view
|

Re: User mailing list emails blocked SPF

GregChapman
Apologies Michael,

It seems my intervention in this topic may have subverted Nabble's response towards a more general issue than the one you are concerned about.

Please see the topic at:
http://support.nabble.com/Improving-Wording-On-Mail-List-Archives-td7596460.html

My view would be that the revised wording would be helpful to Nabble mail list archives in general, but does now make your present description of the  discuss@lists.openscad.org archive somewhat redundant.

I will post to that effect on the other topic and point out the main focus of this topic.
Volunteer Helper - but recommending that users move off the platform!
Once the admin for GregHelp now deleted.
Reply | Threaded
Open this post in threaded view
|

Re: User mailing list emails blocked SPF

MichaelAtOz
Another domain, w3br.com, also has the problem.
As email admins start to tighten the rules it will be come more common.
I tell the users to get a gmail account as a work around.