Page MenuHome GnuPG
Create Task
Maniphest T7032

mailserver misconfigured, rejects on non-existing SPF record
Closed, ResolvedPublic
Actions

Description

The mail server running the gnupg development lists is misconfigured, it rejects on missing SPF record.

2024-03-09 05:41:06 1ripS5-00000004JwC-2A9A ** gcrypt-devel@gnupg.org R=dnslookup T=remote_smtp H=ellsberg.gnupg.com [176.9.119.14] X=TLS1.3:ECDHE_SECP256R1ECDSA_SECP384R1_SHA384AES_256_GCM:256 CV=yes DN="CN=ellsberg.gnupg.com": SMTP error from remote mail server after MAIL FROM:<XXXXXXXXX> SIZE=2443: 550 [SPF] 31.15.64.248 is not allowed to send mail from bebt.de.

Event Timeline

ametzler1 created this task.Mar 9 2024, 6:49 AM
ametzler1 created this object in space S1 Public.
werner closed this task as Resolved.Mar 10 2024, 1:05 PM
werner claimed this task.
werner added a subscriber: werner.

That is on purpose. Please add an SPF record to your site. If there is really really a problem for you with that, write me off tracker.

ametzler1 added a comment.Mar 10 2024, 1:29 PM

The mail server is misconfigured. no SPF <> not allowed.

SMTP is bad enough with the big providers ignoring RFFs at will and requiring special workarounds without small players inventing their own rules.

werner reopened this task as Open.Mar 11 2024, 9:05 AM

Your above excerpt for the log is not a bounce. Can you please give me an example from a rejected bounce? Noet that BATV is also in use.

And yes, mail is a big mess these days and I really hate to employ such measures. But w/o them we are rejected at large sites. Still, many private gmail accounts are reject our mail since a couple of weeks. That might be due to a new Gmail policy which views us as large spammer and requires certain newer measures (One-Click Unsubscribe Header and such). The reason might be due to several mailing lists which could in total could eailiy send more than 5000 mails per days to gmail accounts. We have not yet figured out what's going on.

Adding an SPF is such a simple measure that it is easier to add than to complain.

ametzler1 added a comment.Mar 13 2024, 7:03 PM

Hello Werner,
the above is an excerpt from the exim log, I do not think the full bounce is more enlightening, vsrv21575.customer.vlinux.de got 550 from ellsberg.gnupg.com after " MAIL FROM:<ametzler@bebt.de>":

full-bounce.msg.txt3 KBDownload

Iirc the newest latest change on gmail's side was to require ARC for large senders BTW. I do not envy you for trying to keep a mailing list running.

cu Andreas

werner closed this task as Resolved.Mar 18 2024, 8:55 AM

AFAICS the bounce is correctly reported. You get the 550 at the mail from so that there won't be a need for several SPF checks if a sender wants to send to several recipients.

I added an exception for bebt.de.