23 Sep
2017
23 Sep
'17
12:02 p.m.
Ever since I moved the 44net mailing list from 'hamradio' to 'mailman'
it's been running into spam filters.
This is caused in part by the fact that 'mailman' is actually an
alternate (duplicate A record) name for 44.0.0.1. The machine serving
as 'mailman' is itself dual-homed to both 169.228.34.84 and 44.0.0.1
but uses 169.228.34.84 as its outgoing email IP address, and I can't
change that. And UCSD blocks inbound SMTP to 169.228.34.84 as part of
THEIR spam filtering.
Another part of it was that the mailer on amprgw was identifying itself
as 'gw.ampr.org' instead of 'amprgw.ucsd.edu' which is its name when
looked up by the outgoing mail IP address of 169.228.34.84. This was
tripping spam filters which believed that the mail was coming from a
forged address.
Among other people, Marius wasn't getting 44net mail because of his site's
spam filtering objecting to the misidentification of amprgw's mailer.
I've corrected the mailer name issue; it now identifies itself on
incoming and outgoing mail as 'amprgw.ucsd.edu' which is its primary
name in the DNS. Mail to it as 'amprgw.ucsd.edu', 'amprgw.ampr.org',
'gw.ampr.org', or 'mailman.ampr.org' will all be accepted. (Although
mail
to amprgw.ucsd.edu will be processed by UCSD's spam filters. Arrgh.) Mail
from it will come from a connection from 'amprgw.ucsd.edu'. This may
result in the need to adjust a few spam filters but will make other spam
filters happy.
The mailing list sender address will still be 'mailman.ampr.org'. I have
updated the SPF record for that hostname to include all the MXs for it,
and both addresses of it (169.228.34.84 and 44.0.0.1):
"v=spf1 +mx +a ip4:169.228.34.84/32 ip4:44.0.0.0/24 ?all"
With any sort of luck, this will appease the other spam filters.
The reason for all this complication is that I've had to condense two
machines, hamradio and amprgw, into one because hamradio is going away.
The reason for using 'mailman' as the hostname in the mailing list headers
is that we may someday move the mailing lists to their own machine with
that name (and it's own IP address!) and I don't want to go through the
pain of renaming the mailing list once again and having everybody have
to change their filters and address books again.
So if you encounter difficulties with the mailing list I apologize for
the confusion. If this is the first message you've received since the
list moved, then I've fixed your problem. If you find this message in
your spam mailbox, then I've broken it for you.
The basic problem is that there is no good solution for getting rid
of spam. SPF is incomplete and DKIM is just broken itself because it breaks
years-old tradition of mailing list formats. (It checks the Author address
['From:'] instead of the sender ['Sender:'] or error-return address
['MAIL FROM:' or 'From '] address.)
So people, including myself, resort to kludges of various kinds, all
of which are not fully satisfactory, and some mail just doesn't get
delivered.
It's a mess. Sorry.
- Brian
23 Sep
23 Sep
3:23 p.m.
-----Original Message-----
"v=spf1 +mx +a ip4:169.228.34.84/32 ip4:44.0.0.0/24 ?all"
Mails coming through fine here. A couple of points:
"?all" means anything else is neutral. I think you want "-all".
It's my understanding that some spam-filters view other than "-all" as if
the rest doesn't really matter.
I don't see an SPF record for amprgw.ucsd.edu. If that is the machine
actually sending the mail, then I think you want that. See RFC-7208 section
2.3.
Michael
N6MEF
3:49 p.m.
While I have had issues with ?all in the past (neutral), I'd avoid -all
(hard fail) if you can. Hard fail can mess up mail forwarders if
subscribers use them on their end.
Instead, I'd suggest using ~all (softfail), which most mail providers seem
to be OK with.
Jacob Slater
KM6LDX
On Sat, Sep 23, 2017 at 10:23 AM, Michael Fox - N6MEF <n6mef(a)mefox.org>
wrote:
-----Original
Message-----
"v=spf1 +mx +a ip4:169.228.34.84/32 ip4:44.0.0.0/24 ?all"
Mails coming through fine here. A couple of points:
"?all" means anything else is neutral. I think you want "-all".
It's my understanding that some spam-filters view other than "-all" as if
the rest doesn't really matter.
I don't see an SPF record for amprgw.ucsd.edu. If that is the machine
actually sending the mail, then I think you want that. See RFC-7208
section
2.3.
Michael
N6MEF
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
4:50 p.m.
Yes, I was debating between ? and ~ and went with ? as it seemed the
least likely to cause problems, but in fact UCSD's SPF record
that I set many years ago uses ~ and there have been no complaints,
so I may well change to it. We'll see as the bounce/reject messages
come back in from daily traffic.
The elephant in the room is Google - gmail's spam filtering is a
secret and nobody will talk about it who knows, so we have to guess
and see what works and what gets rejected by simple trial and error.
But the immediate problem is going to be solved; we have a new mailman
machine on the horizon and it will have its own unique IP address so
much of the current issue will be solved, and I can give it an SPF
record that will work.
We'll still have problems with mail originating from DMARC sites like
yahoo, but the Mailman program has a workaround for that - if it sees
that the posting is coming from a domain with a DKIM record, it rewrites
the From: address to the list, which will allow posters from that site
to participate. People can still reply to them individually since
their original address is in the courtesy-copy (Cc:) header line.
Thanks for your advice, we'll watch the bounces and see what to do.
- Brian
On Sat, Sep 23, 2017 at 10:49:24AM -0400, Jacob Slater wrote:
While I have had issues with ?all in the past
(neutral), I'd avoid -all
(hard fail) if you can. Hard fail can mess up mail forwarders if
subscribers use them on their end.
Instead, I'd suggest using ~all (softfail), which most mail providers seem
to be OK with.
Jacob Slater
KM6LDX
2416
days inactive
2416
days old
3 comments
3 participants
participants (3)
-
Brian Kantor -
Jacob Slater -
Michael Fox - N6MEF