I'm stuck because he's not interested in learning about SPF.
I have to use the (barf) Web interface to send messages.
I wonder: Am I receiving all SPF failure messages?
Does the recipient
refusing the connection per our own SPF policies take the position that
I'm a forger and there's no way to reach the forger to point out the SPF restriction, and not send the failure notice?
I wonder: Am I receiving all SPF failure messages?
It appears that Adam H. Kerman <ahk@chinet.com> said:
I wonder: Am I receiving all SPF failure messages?
What do you mean by SPF failure messages? SPF is an authentication
scheme, it doesn't send anything. If you mean do all of the SMTP
rejections say "we hate your SPF", nope. Also keep in mind that few >non-hobbyist mail systems reject solely because of SPF failure.
Or do you mean DMARC, where failures do cause a lot of mail rejections?
John Levine <johnl@taugh.com> wrote:
It appears that Adam H. Kerman <ahk@chinet.com> said:
I wonder: Am I receiving all SPF failure messages?
What do you mean by SPF failure messages? SPF is an authentication
scheme, it doesn't send anything. If you mean do all of the SMTP
rejections say "we hate your SPF", nope. Also keep in mind that few
non-hobbyist mail systems reject solely because of SPF failure.
Perhaps if you'd read the rest of what I'd written, or even the entire paragraph, instead of just the one sentence, the meaning would have been entirely clear to you from context.
The domain has an SPF policy. I don't have a shell account on the host
of that domain. I do have various email addresses. Using alpine from my
own host, I am in violation of the SPF policy. If the network receiving
email enforces the domain's SPF policy, it won't receive my messages.
If I'm being treated like a forger, I'm questioning whether the site necessarily sends a notice stating that the message was rejected, given
that it's going to assume ENVELOPE-FROM was forged.
On 2023-01-28 05:36, Adam H. Kerman wrote:
John Levine <johnl@taugh.com> wrote:
It appears that Adam H. Kerman <ahk@chinet.com> said:
I wonder: Am I receiving all SPF failure messages?
What do you mean by SPF failure messages? SPF is an authentication >>>scheme, it doesn't send anything. If you mean do all of the SMTP >>>rejections say "we hate your SPF", nope. Also keep in mind that few >>>non-hobbyist mail systems reject solely because of SPF failure.
Perhaps if you'd read the rest of what I'd written, or even the entire >>paragraph, instead of just the one sentence, the meaning would have been >>entirely clear to you from context.
The domain has an SPF policy. I don't have a shell account on the host
of that domain. I do have various email addresses. Using alpine from my
own host, I am in violation of the SPF policy. If the network receiving >>email enforces the domain's SPF policy, it won't receive my messages.
Well, you have to use the smtp server that is authorized to send email
for the domain, not yours.
If I'm being treated like a forger, I'm questioning whether the site >>necessarily sends a notice stating that the message was rejected, given >>that it's going to assume ENVELOPE-FROM was forged.
If by message you mean an email, no.
The smtp server will reply with a
more or less helpful "text", that the smtp server that is talking on
your behalf will log in the mail log file. It is up to the sending smtp >server to send you a rejection email, or not.
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-28 05:36, Adam H. Kerman wrote:
John Levine <johnl@taugh.com> wrote:
It appears that Adam H. Kerman <ahk@chinet.com> said:
I wonder: Am I receiving all SPF failure messages?
What do you mean by SPF failure messages? SPF is an authentication
scheme, it doesn't send anything. If you mean do all of the SMTP
rejections say "we hate your SPF", nope. Also keep in mind that few
non-hobbyist mail systems reject solely because of SPF failure.
Perhaps if you'd read the rest of what I'd written, or even the entire
paragraph, instead of just the one sentence, the meaning would have been >>> entirely clear to you from context.
The domain has an SPF policy. I don't have a shell account on the host
of that domain. I do have various email addresses. Using alpine from my
own host, I am in violation of the SPF policy. If the network receiving
email enforces the domain's SPF policy, it won't receive my messages.
Well, you have to use the smtp server that is authorized to send email
for the domain, not yours.
This is irrelevant to the issue that I have raised. In fact, if you had
read the root article, I stated that I use roles, which is where SMTP is
set up.
If I'm being treated like a forger, I'm questioning whether the site
necessarily sends a notice stating that the message was rejected, given
that it's going to assume ENVELOPE-FROM was forged.
If by message you mean an email, no.
Oh my gawd
What is it with inability to glean meaning from context? Yes, I've been discussing email messages all along. That's what we discuss in this newsgroup.
The smtp server will reply with a
more or less helpful "text", that the smtp server that is talking on
your behalf will log in the mail log file. It is up to the sending smtp
server to send you a rejection email, or not.
Asking about common practice of sending such a message was the entire
point of this thread!
If the message is rejected, then I'm being treated like a forging
spammer per SPF policy. The receiving site would assume ENVELOPE-FROM
was forged, and for that reason, there's no reason to send any failure
notice to that address.
I don't have access to log files. I've already stated that I don't have access to the DNS zone file, otherwise I'd fix SPF to reflect how we
actually send messages.
On 2023-01-28 17:23, Adam H. Kerman wrote:
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-28 05:36, Adam H. Kerman wrote:
John Levine <johnl@taugh.com> wrote:
It appears that Adam H. Kerman <ahk@chinet.com> said:
I wonder: Am I receiving all SPF failure messages?
What do you mean by SPF failure messages? SPF is an authentication >>>>>scheme, it doesn't send anything. If you mean do all of the SMTP >>>>>rejections say "we hate your SPF", nope. Also keep in mind that few >>>>>non-hobbyist mail systems reject solely because of SPF failure.
Perhaps if you'd read the rest of what I'd written, or even the entire >>>>paragraph, instead of just the one sentence, the meaning would have been >>>>entirely clear to you from context.
The domain has an SPF policy. I don't have a shell account on the host >>>>of that domain. I do have various email addresses. Using alpine from my >>>>own host, I am in violation of the SPF policy. If the network receiving >>>>email enforces the domain's SPF policy, it won't receive my messages.
Well, you have to use the smtp server that is authorized to send email >>>for the domain, not yours.
This is irrelevant to the issue that I have raised. In fact, if you had >>read the root article, I stated that I use roles, which is where SMTP is >>set up.
I know you are using roles.
If I'm being treated like a forger, I'm questioning whether the site >>>>necessarily sends a notice stating that the message was rejected, given >>>>that it's going to assume ENVELOPE-FROM was forged.
If by message you mean an email, no.
Oh my gawd
What is it with inability to glean meaning from context? Yes, I've
been discussing email messages all along. That's what we discuss in
this newsgroup.
The smtp server will reply with a more or less helpful "text", that
the smtp server that is talking on your behalf will log in the mail
log file. It is up to the sending smtp server to send you a rejection >>>email, or not.
Asking about common practice of sending such a message was the entire
point of this thread!
If the message is rejected, then I'm being treated like a forging
spammer per SPF policy. The receiving site would assume ENVELOPE-FROM
was forged, and for that reason, there's no reason to send any failure >>notice to that address.
I don't have access to log files. I've already stated that I don't have >>access to the DNS zone file, otherwise I'd fix SPF to reflect how we >>actually send messages.
And I am telling you that the SMTP server that refuses your email will
NEVER send you an email with the refusal reason. That is not how it works.
It is your own smtp server (usually at your provider or at your domain)
who is responsible to send you an email with the rejection.
If the message is rejected, then I'm being treated like a forging
spammer per SPF policy. The receiving site would assume ENVELOPE-FROM
was forged, and for that reason, there's no reason to send any failure
notice to that address.
I don't have access to log files. I've already stated that I don't have access to the DNS zone file, otherwise I'd fix SPF to reflect how we
actually send messages.
. . .
I do suggest you use the smtp server that the SPF record defines as the
one allowed, if you do not have access to use it, then ask if it would
be possible get an account that can send from that smtp server.
You will need to have different outgoing smtp for each domain.
J.O. Aho <user@example.net> wrote:
. . .
I do suggest you use the smtp server that the SPF record defines as the
one allowed, if you do not have access to use it, then ask if it would
be possible get an account that can send from that smtp server.
You will need to have different outgoing smtp for each domain.
As I have explained since the root article in this thread, I am using
the SMTP server for the domain in question. I use a different SMTP
server for each domain I send messages from. The SMTP server to use
is named in the role. None of this has anything to do with SPF.
No, I am not going to get a shell account on a host that's on the
network in question just so I can use alpine without violating the SPF restriction. That doesn't meet my needs.
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-28 17:23, Adam H. Kerman wrote:
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-28 05:36, Adam H. Kerman wrote:
John Levine <johnl@taugh.com> wrote:
It appears that Adam H. Kerman <ahk@chinet.com> said:
I wonder: Am I receiving all SPF failure messages?
What do you mean by SPF failure messages? SPF is an authentication >>>>>> scheme, it doesn't send anything. If you mean do all of the SMTP
rejections say "we hate your SPF", nope. Also keep in mind that few >>>>>> non-hobbyist mail systems reject solely because of SPF failure.
Perhaps if you'd read the rest of what I'd written, or even the entire >>>>> paragraph, instead of just the one sentence, the meaning would have been >>>>> entirely clear to you from context.
The domain has an SPF policy. I don't have a shell account on the host >>>>> of that domain. I do have various email addresses. Using alpine from my >>>>> own host, I am in violation of the SPF policy. If the network receiving >>>>> email enforces the domain's SPF policy, it won't receive my messages.
Well, you have to use the smtp server that is authorized to send email >>>> for the domain, not yours.
This is irrelevant to the issue that I have raised. In fact, if you had
read the root article, I stated that I use roles, which is where SMTP is >>> set up.
I know you are using roles.
Then what could have possibly been the point of the comment that I have
to use the SMTP server authorized to send email for that domain given that the user creates a role to tell alpine which SMTP server is authorized to send email for that domain?
That's irrelevant to the SPF policy.
I have a shell account on host1.example.net. I use alpine from the
shell. I send messages from user1@example.com. In a role, when I am
sending messages from user1@example.com, alpine is instructed to use the
SMTP server smtp.example.com, the SMTP server that's authorized to send
mail for the domain example.com.
The SPF policy violation is that my email client is on a host that is
in an unlisted foreign network.
If I'm being treated like a forger, I'm questioning whether the site >>>>> necessarily sends a notice stating that the message was rejected, given >>>>> that it's going to assume ENVELOPE-FROM was forged.
If by message you mean an email, no.
Oh my gawd
What is it with inability to glean meaning from context? Yes, I've
been discussing email messages all along. That's what we discuss in
this newsgroup.
The smtp server will reply with a more or less helpful "text", that
the smtp server that is talking on your behalf will log in the mail
log file. It is up to the sending smtp server to send you a rejection
email, or not.
Asking about common practice of sending such a message was the entire
point of this thread!
If the message is rejected, then I'm being treated like a forging
spammer per SPF policy. The receiving site would assume ENVELOPE-FROM
was forged, and for that reason, there's no reason to send any failure
notice to that address.
I don't have access to log files. I've already stated that I don't have
access to the DNS zone file, otherwise I'd fix SPF to reflect how we
actually send messages.
And I am telling you that the SMTP server that refuses your email will
NEVER send you an email with the refusal reason. That is not how it works.
It is your own smtp server (usually at your provider or at your domain)
who is responsible to send you an email with the rejection.
Ok. Thank you. That was helpful. Reviewing the failure notices, none of
them came from the domain that refused the connection. None of them came
from the SMTP server for the domain in question. Instead they came from
the mail server in my own network.
So that truly suggests I'm not missing any failure notices, which is
what I needed to know.
On 28/01/2023 21:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
. . .
I do suggest you use the smtp server that the SPF record defines as the >>>one allowed, if you do not have access to use it, then ask if it would
be possible get an account that can send from that smtp server.
You will need to have different outgoing smtp for each domain.
As I have explained since the root article in this thread, I am using
the SMTP server for the domain in question. I use a different SMTP
server for each domain I send messages from. The SMTP server to use
is named in the role. None of this has anything to do with SPF.
I did not see any mentioning that you hade configured domain specific
smtp servers, . . .
If you are using the correct SMTP server for sending the mail, then SPF
will not affect you, . . .
On 2023-01-28 20:57, Adam H. Kerman wrote:
. . .
That's irrelevant to the SPF policy.
I have a shell account on host1.example.net. I use alpine from the
shell. I send messages from user1@example.com. In a role, when I am
sending messages from user1@example.com, alpine is instructed to use the >>SMTP server smtp.example.com, the SMTP server that's authorized to send >>mail for the domain example.com.
The SPF policy violation is that my email client is on a host that is
in an unlisted foreign network.
No, that is not a violation.
. . .--- Synchronet 3.21d-Linux NewsLink 1.2
As I've explained, the SPF policy has an -all restriction and rejects
the IP address of my host. It's literally in all the failure notices
I've received.
I cannot explain why your -all restriction isn't tripping you up.
J.O. Aho <user@example.net> wrote:
On 28/01/2023 21:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
. . .
I do suggest you use the smtp server that the SPF record defines as the >>>> one allowed, if you do not have access to use it, then ask if it would >>>> be possible get an account that can send from that smtp server.
You will need to have different outgoing smtp for each domain.
As I have explained since the root article in this thread, I am using
the SMTP server for the domain in question. I use a different SMTP
server for each domain I send messages from. The SMTP server to use
is named in the role. None of this has anything to do with SPF.
I did not see any mentioning that you hade configured domain specific
smtp servers, . . .
For business purposes, I send email through a variety of domains,
each specific to a business. I have set up IMAP and roles within
alpine to facilitate this.
I wrote this in the root article. I repeated it in several followups.
This is irrelevant to the problem I'm having.
If you are using the correct SMTP server for sending the mail, then SPF
will not affect you, . . .
There's no point in discussing this with you since you refuse to believe
what I've literally written.
Other people told me what I needed to know.
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-28 20:57, Adam H. Kerman wrote:
. . .
That's irrelevant to the SPF policy.
I have a shell account on host1.example.net. I use alpine from the
shell. I send messages from user1@example.com. In a role, when I am
sending messages from user1@example.com, alpine is instructed to use the >>> SMTP server smtp.example.com, the SMTP server that's authorized to send
mail for the domain example.com.
The SPF policy violation is that my email client is on a host that is
in an unlisted foreign network.
No, that is not a violation.
As I've explained, the SPF policy has an -all restriction and rejects
the IP address of my host. It's literally in all the failure notices
I've received.
I cannot explain why your -all restriction isn't tripping you up.
According to Adam H. Kerman <ahk@chinet.com>:
As I've explained, the SPF policy has an -all restriction and rejects
the IP address of my host. It's literally in all the failure notices
I've received.
I believe it, but I am also guessing that those are from very small systems.
As I said a few messages ago, serious mail systems ignore -all because there >are so many false positives. The place where -all causes trouble in practice >is with DMARC policies which depend on SPF alignment.
I cannot explain why your -all restriction isn't tripping you up.
See above.
In any event, if your mail provider insists on a stupid configuration,
either you live with it, or you take your business elsewhere.
. . .
Still do not specify anything about your smtp setup, so if you have
issues due of SPF then your error is in the smtp-server in your ~/.pinerc
John Levine <johnl@taugh.com> wrote:
According to Adam H. Kerman <ahk@chinet.com>:
As I've explained, the SPF policy has an -all restriction and rejects
the IP address of my host. It's literally in all the failure notices
I've received.
I believe it, but I am also guessing that those are from very small systems.
Gmail?
In any event, if your mail provider insists on a stupid configuration, >>either you live with it, or you take your business elsewhere.
I've explained and I've explained and I've explained. For bizarre
reasons, nearly everyone in this thread decided I was misrepresenting
the situation or flat-out lying. There's no reason to re-interpret what
I've written.
It appears that Adam H. Kerman <ahk@chinet.com> said:
John Levine <johnl@taugh.com> wrote:
According to Adam H. Kerman <ahk@chinet.com>:
As I've explained, the SPF policy has an -all restriction and rejects >>>>the IP address of my host. It's literally in all the failure notices >>>>I've received.
I believe it, but I am also guessing that those are from very small systems.
Gmail?
I know people at Gmail and I would be very surprised if they rejected
solely for SPF failure.
--- Synchronet 3.21d-Linux NewsLink 1.2. . .
This is google receiving it and verifying SPF:
Received: from relayout04-q02.e.movistar.es
(relayout04-q02.e.movistar.es. [86.109.101.172])
-a-a-a-a-a-a-a by mx.google.com with ESMTPS id p19-20020a1c5453000000b003dc1d5ebb1fsi3235601wmi.95.2023.01.28.15.49.00
-a-a-a-a-a-a-a for <...@gmail.com>
-a-a-a-a-a-a-a (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
-a-a-a-a-a-a-a Sat, 28 Jan 2023 15:49:00 -0800 (PST)
Received-SPF: pass (google.com: domain of ...@telefonica.net designates 86.109.101.172 as permitted sender) client-ip=86.109.101.172;
Authentication-Results: mx.google.com;
-a-a-a-a-a-a spf=pass (google.com: domain of ...@telefonica.net designates 86.109.101.172 as permitted sender) smtp.mailfrom=...@telefonica.net;
-a-a-a-a-a-a dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=telefonica.net
As you can see, Google doesn't care that the machine where I run Alpine,
at 79.151.X.Y, is not authorized. It doesn't even look at it. What it
looks is at the SMTP at 86.109.101.172, my ISP relay.
On 29/01/2023 01:04, Carlos E.R. wrote:Right. Lacking the actual report, we can only make guesses based on his interpretation, which may be correct or not.
This is google receiving it and verifying SPF:
Received: from relayout04-q02.e.movistar.es
(relayout04-q02.e.movistar.es. [86.109.101.172])
-a-a-a-a-a-a-a-a by mx.google.com with ESMTPS id p19-20020a1c5453000000b003dc1d5ebb1fsi3235601wmi.95.2023.01.28.15.49.00
-a-a-a-a-a-a-a-a for <...@gmail.com>
-a-a-a-a-a-a-a-a (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
-a-a-a-a-a-a-a-a Sat, 28 Jan 2023 15:49:00 -0800 (PST)
Received-SPF: pass (google.com: domain of ...@telefonica.net
designates 86.109.101.172 as permitted sender) client-ip=86.109.101.172;
Authentication-Results: mx.google.com;
-a-a-a-a-a-a-a spf=pass (google.com: domain of ...@telefonica.net designates 86.109.101.172 as permitted sender) smtp.mailfrom=...@telefonica.net;
-a-a-a-a-a-a-a dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=telefonica.net
As you can see, Google doesn't care that the machine where I run
Alpine, at 79.151.X.Y, is not authorized. It doesn't even look at it.
What it looks is at the SMTP at 86.109.101.172, my ISP relay.
It's about the delivering systems IP, not about what is the origin
senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
- He send it directly from the client to the recipients mx server as
local sendmail
- He uses a mail server which ain't included in the SPF record
Had he provided the bounce mail with header, then I think we could see
the real fault (misconfiguration of DMARC/SPF or alpine/pine).
It's about the delivering systems IP, not about what is the origin
senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
- He send it directly from the client to the recipients mx server as
local sendmail
- He uses a mail server which ain't included in the SPF record
Had he provided the bounce mail with header, then I think we could see
the real fault (misconfiguration of DMARC/SPF or alpine/pine).
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin
senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
On 2023-01-29 18:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin >>>senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
Sorry, no, you did not.
We did not see the reject email.
And no, no one accuses you of lying.
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin
senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
- He send it directly from the client to the recipients mx server as
local sendmail
I did nothing of the kind.
- He uses a mail server which ain't included in the SPF record
I am doing nothing of the kind.
Had he provided the bounce mail with header, then I think we could see
the real fault (misconfiguration of DMARC/SPF or alpine/pine).
There is no DMARC policy, yet several of you chose to accuse me of lying about that as well.
Why the hell did you raise pine? Pine never had a
roles feature. Now I'm also lying about using alpine.
On 29/01/2023 18:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin >>>senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
- He send it directly from the client to the recipients mx server as >>>local sendmail
I did nothing of the kind.
So what is your configuration for outgoing smtp in your alpine?
. . .
We don't know, we have to just trust your word, then I guess there is no >issue as you said it's not the SPF that caused problem and there is no >DMARC. You need to show something or else we just second guess everything.
Why the hell did you raise pine? Pine never had a
roles feature. Now I'm also lying about using alpine.
This is the pine/alpine newsgroup right?
I do see you said you used alpine, but I don't always remember what you
are using and have little interest of going through everything again
when I reply in a general manner.
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-29 18:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin
senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
Sorry, no, you did not.
We did not see the reject email.
And no, no one accuses you of lying.
Several of you, including you, accused me of failing to provide
information. It's quoted right there above. That's an accusion of having committed a lie of omission. Hey, it's unmoderated Usenet. You get to
address me however you wish. But kindly don't deny what you actually
did.
The MAIL FROM domain [redacted] has an SPF record with
a hard 550-5.7.26 fail policy (-all) but it fails to
pass SPF checks with the ip [redacted]: 550-5.7.26.
J.O. Aho <user@example.net> wrote:
This is the pine/alpine newsgroup right?
I do see you said you used alpine, but I don't always remember what you
are using and have little interest of going through everything again
when I reply in a general manner.
Your lack of interest in reading what I've written for comprehension is
your problem, not mine. The key point I made all the way back in the
root article is that I used a role to set the SMTP server for sending messages from mailboxes in the domain with the inappropriate SPF policy.
I repeated that in any number of followups, including followups to your articles.
You just stated that you aren't interested in what I've written
, yet you
ask question after question after question to supposedly obtain
information that was provided way back in the root article of this
thread. No one being conversational would ever do such a thing.
Several of you, including you, accused me of failing to provide
information. It's quoted right there above. That's an accusion of having committed a lie of omission. Hey, it's unmoderated Usenet. You get to
address me however you wish. But kindly don't deny what you actually
did.
The MAIL FROM domain [redacted] has an SPF record with
a hard 550-5.7.26 fail policy (-all) but it fails to
pass SPF checks with the ip [redacted]: 550-5.7.26.
On 2023-01-29 20:55, Adam H. Kerman wrote:
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-29 18:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin >>>>>senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
Sorry, no, you did not.
We did not see the reject email.
And no, no one accuses you of lying.
Several of you, including you, accused me of failing to provide >>information. It's quoted right there above. That's an accusion of having >>committed a lie of omission. Hey, it's unmoderated Usenet. You get to >>address me however you wish. But kindly don't deny what you actually
did.
The MAIL FROM domain [redacted] has an SPF record with
a hard 550-5.7.26 fail policy (-all) but it fails to
pass SPF checks with the ip [redacted]: 550-5.7.26.
That's not enough data... And it is redacted. Fine, you want your
privacy, I understand that, but we can not do an evaluation without the >actual (full) rejection email with full headers and true IPs and names.
You must also understand that.
. . .--- Synchronet 3.21d-Linux NewsLink 1.2
[...]
I wonder: Am I receiving all SPF failure messages? Does the recipient refusing the connection per our own SPF policies take the position that
I'm a forger and there's no way to reach the forger to point out the SPF restriction, and not send the failure notice?
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-29 20:55, Adam H. Kerman wrote:
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2023-01-29 18:13, Adam H. Kerman wrote:
J.O. Aho <user@example.net> wrote:
It's about the delivering systems IP, not about what is the origin >>>>>> senders IP, but OP is skeptical to most told to him.
As OP not posted any real information, there are just a few options:
I posted real information. You simply chose to call me a liar.
Sorry, no, you did not.
We did not see the reject email.
And no, no one accuses you of lying.
Several of you, including you, accused me of failing to provide
information. It's quoted right there above. That's an accusion of having >>> committed a lie of omission. Hey, it's unmoderated Usenet. You get to
address me however you wish. But kindly don't deny what you actually
did.
The MAIL FROM domain [redacted] has an SPF record with
a hard 550-5.7.26 fail policy (-all) but it fails to
pass SPF checks with the ip [redacted]: 550-5.7.26.
That's not enough data... And it is redacted. Fine, you want your
privacy, I understand that, but we can not do an evaluation without the
actual (full) rejection email with full headers and true IPs and names.
You must also understand that.
Did I at any point ask you to do any of that?
Adam H. Kerman <ahk@chinet.com> wrote:
[...]
I wonder: Am I receiving all SPF failure messages? Does the recipient >>refusing the connection per our own SPF policies take the position that
I'm a forger and there's no way to reach the forger to point out the SPF >>restriction, and not send the failure notice?
sorry for answering this posting while having read also most of the later >postings of you and the other discussion participants.
What I understand:
- For business purposes you've got different e-mail addresses and
maildrops in use and you use the the imap servers of these different
mail providers, might it be a hoster with which your business partner
hosts his e-mail stuff, might it be directly the e-mail system of your
business partner, as well as the correcponding smtp servers.
- If you send an e-mail you use the corresponding smtp server against
which you authenticate with the corresponding credentials.
- you send your mail via port smtp (25/tcp) and *not* via port
submission (587/tcp).
Your problem is that you don't get your mails sent further by the mail
system of your business partners and you don't receive - at least not in >every case - what you call an SPF error mail.
If this is a good matching summary of your situation and your problem
state there are several flaws in that.
. . .
You have to ask your bussiness partners to get things done and get the
relevant informations. This is nothing with which anybody else can
help you.
. . .--- Synchronet 3.21d-Linux NewsLink 1.2
[...]
I'm not using a maildrop as the alpine documentation defines it. I have always used IMAP, since I started using the client in the '90s, I think
since Pine 2.3. Glancing at the chronology, that makes sense since IMAP
had become mature at that point.
[...]
I use roles for each address I send messages from to set the SMTP
server associated with the domain.
[...]
A few years ago, Eduardo recommended using implicit TLS/SSL. He stated
that port 465 is the default with the use of the /ssl parameter.
I'm not using port 587 at all. I followed Eduardo's advice.
[...]
I wasn't sure about that, which is why I asked about it. Carlos thinks
that I have been receiving the SPF failure notices.
[...]
Oh, I know. I don't have privileges over the DNS zone file to revise the
SPF record and I haven't persuaded the guy who does to address this.
[...]
[...]I see. But its always a good idea to also make yourself your own
A few years ago, Eduardo recommended using implicit TLS/SSL. He stated
that port 465 is the default with the use of the /ssl parameter.
I'm not using port 587 at all. I followed Eduardo's advice.
thoughts. Especially if it comes to smtp transmissions in contrast to submission transmissions.
In your case its IMHO less the question whether or not you use natively encrypted versions of a service but whether you use smtp or submission. Deliveries of authenticated clients from anywhere shouldn't SPF checked
on the submission service while all and every delivery should be checked in several ways on the smtp service.
In the example I posted, taken from an actual test email, my Alpine
passes over email to my local postfix, which passes email over to my ISP (telefonica.net) using port 25 and authentication, which then "sends" to gmail. And gmail checks the SPF and doesn't complain.
(context: in my country, ISPs do not block port 25, or any other port).
Adam H. Kerman <ahk@chinet.com> wrote:
[...]
I'm not using a maildrop as the alpine documentation defines it. I have >>always used IMAP, since I started using the client in the '90s, I think >>since Pine 2.3. Glancing at the chronology, that makes sense since IMAP
had become mature at that point.
Erm... You *are* using /a maildrop/ since in the end your mails are
stored somewhere so somewhere they are local and in some format in some
file. IMAP is the protocol which you use to access your maildrop(s).
. . .
In your case its IMHO less the question whether or not you use natively >encrypted versions of a service but whether you use smtp or submission. >Deliveries of authenticated clients from anywhere shouldn't SPF checked
on the submission service while all and every delivery should be checked in >several ways on the smtp service.
[...]
I wasn't sure about that, which is why I asked about it. Carlos thinks
that I have been receiving the SPF failure notices.
As I already stated there is no such thing like an SPF failure notice; >especialy if we are talking about a mail about a failure.
What I suppose is that you are talking about a message which alpine
displays . . .
[...]
Oh, I know. I don't have privileges over the DNS zone file to revise the >>SPF record and I haven't persuaded the guy who does to address this.
Erm... I also wouldn't change my SPF records to just enable you to send
mail through my smtp service from anywhere.
Instead I would enable you to send your mail through my submission service >which wouldn't check SPF records but certainly require authentication
to be allowed to use it (from outside of my own network).
. . .
In the example I posted, taken from an actual test email, my Alpine
passes over email to my local postfix, which passes email over to my ISP >(telefonica.net) using port 25 and authentication, which then "sends" to >gmail. And gmail checks the SPF and doesn't complain.
(context: in my country, ISPs do not block port 25, or any other port).
On 31/01/2023 11:54, Carlos E.R. wrote:
In the example I posted, taken from an actual test email, my Alpine
passes over email to my local postfix, which passes email over to my
ISP (telefonica.net) using port 25 and authentication, which then
"sends" to gmail. And gmail checks the SPF and doesn't complain.
(context: in my country, ISPs do not block port 25, or any other port).
Here they do, so you are forced to use submission port, so I don't
really think so much about the issues using port 25, but I have seen a
trend where some administrators recommendation to not allow
authentication on port 25, just have-a it on the submission port.
I don't know how common that is, as I seldom have to use other mail
servers and current employer uses that web based mail system that a big American company in the north west is supplying.
| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 65 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 00:45:39 |
| Calls: | 862 |
| Files: | 1,311 |
| D/L today: |
10 files (20,373K bytes) |
| Messages: | 264,078 |