On Wed, Jul 4, 2018 at 10:30 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 03.07.2018 um 12:29 schrieb Ben Cooksley: >> We've recently completed configuration of a new mail server which will >> be replacing the current system which handles kde.org mail. This >> system will be assuming responsibility for mailing lists as well as >> authenticated mail sending for those who require that service. > > did you also notice and fix the long outstanding bugzilla SPF problems > within your own infrastructure before make checks even sharper? > > https://bugs.kde.org/show_bug.cgi?id=392685 > > there are at leat *three* problems: > * the notify mails have the envelope-sender of the reoprter > * postbox.kde.org don't skip SPF checks from bluemchen.kde.org > * the SPF can not match because bluemchen.kde.org is not > in the reporters SPF > * finally you send backscatter-bounces for each and every > mail back to the reporter that the notify to the others > was rejected by postbox.kde.org and so reports don't get attention > ---------------- > * don't use reporters enevlope sender to begin with > * don't SPF check inbound mail within the own infrastructure > * don't backscatter to the innocent reporter > ---------------- > <kde-bugs-d...@kde.org>: host postbox.kde.org[46.4.96.248] said: 550 > 5.7.23 <kde-bugs-d...@kde.org>: Recipient address rejected: Message > rejected due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=li...@rhsoft.net;ip=208.118.235.41
I'd be curious to know when you observed that, as I can find no trace of such a message being carried by Bluemchen in recent times for that address aside from one which was successfully delivered to you on Jun 29 at 17:14:37 UTC. The behaviour you are describing was at one point provided by a custom patch we had to support legacy behaviour. I'm not sure when it was removed (my mail archives indicate it was sometime in late 2015), but I know it did generate quite a few complaints when we did remove it. In regards to the above points, Bugzilla has been configured to use it's own envelope sender, bugzilla_nore...@kde.org, as evidenced by the following log entry: Jun 29 17:14:23 bluemchen postfix/qmgr[452]: 4EEF2100B8B: from=<bugzilla_nore...@kde.org>, size=2457, nrcpt=1 (queue active) and also confirmed by the following lines from mail headers on a Bugzilla mail I received directly on June 28: Received: from www-data by bugs.kde.org with local (Exim 4.82) (envelope-from <bugzilla_nore...@kde.org>) id 1fYKZ8-00035U-0m for bcooks...@kde.org; Thu, 28 Jun 2018 00:13:38 +0000 From: bugzilla_nore...@kde.org To: bcooks...@kde.org Therefore all 3 points you've mentioned are all resolved, and have been for some time. Regards, Ben Cooksley KDE Sysadmin
