Double-Bounce

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Double-Bounce

Robert Wolfe
Hi all!  I am getting messages in my logs where postfix is doing its
double-bounce email thing.  I am trying to send email to an email server
sitting behind my mail filter appliance (eFA) which routes emails to my
main mail server on my network after scanning inbound messages.

It seems messages get through to one of the users on my mail server,
just not to me, which generates the double-bounce@ email which is
totally annoying.

Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Benny Pedersen-2
Robert Wolfe (Ubuntu) skrev den 2018-09-14 00:43:

> It seems messages get through to one of the users on my mail server,
> just not to me, which generates the double-bounce@ email which is
> totally annoying.

more info is needed to help more
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Julian Opificius-3
Why is it that my system marks everything from you as spam, Benny? Is it
your tld? I've added you to my address book, but my server keeps
spitting you out.

I'm not using Postfix, I'm running SME9.

Any clues?


On 9/13/2018 6:13 PM, Benny Pedersen wrote:
> Robert Wolfe (Ubuntu) skrev den 2018-09-14 00:43:
>
>> It seems messages get through to one of the users on my mail server,
>> just not to me, which generates the double-bounce@ email which is
>> totally annoying.
>
> more info is needed to help more

Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Wietse Venema
In reply to this post by Robert Wolfe
Robert Wolfe (Ubuntu):
> Hi all!? I am getting messages in my logs where postfix is doing its
> double-bounce email thing.

Are there any telepathic people on the list?

        Wietse

> ? I am trying to send email to an email server
> sitting behind my mail filter appliance (eFA) which routes emails to my
> main mail server on my network after scanning inbound messages.
>
> It seems messages get through to one of the users on my mail server,
> just not to me, which generates the double-bounce@ email which is
> totally annoying.
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Benny Pedersen-2
In reply to this post by Julian Opificius-3
Julian Opificius skrev den 2018-09-14 01:28:

> I'm not using Postfix, I'm running SME9.

ask on another maillist then
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Dominic Raferd
In reply to this post by Julian Opificius-3
On Fri, 14 Sep 2018 at 00:29, Julian Opificius <[hidden email]> wrote:
>
> Why is it that my system marks everything from you as spam, Benny? Is it
> your tld? I've added you to my address book, but my server keeps
> spitting you out.

Because the domain that he uses to send emails through this mailing
list has DMARC p=quarantine setting:
# dig +short _dmarc.junc.eu TXT
"v=DMARC1; p=quarantine; rua=mailto:[hidden email]; fo=d;
adkim=r; aspf=r; sp=none"
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Benny Pedersen-2
Dominic Raferd skrev den 2018-09-14 07:33:

> On Fri, 14 Sep 2018 at 00:29, Julian Opificius <[hidden email]>
> wrote:
>>
>> Why is it that my system marks everything from you as spam, Benny? Is
>> it
>> your tld? I've added you to my address book, but my server keeps
>> spitting you out.
>
> Because the domain that he uses to send emails through this mailing
> list has DMARC p=quarantine setting:
> # dig +short _dmarc.junc.eu TXT
> "v=DMARC1; p=quarantine; rua=mailto:[hidden email]; fo=d;
> adkim=r; aspf=r; sp=none"

postfix maillist is dkim safe, so if it breaks, show the link that
breaks it, whitelist postfix maillist so it does not go into quarantine

can i help more ?

i get dmarc pass back on my post here
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Benny Pedersen-2
Benny Pedersen skrev den 2018-09-14 08:08:

> Dominic Raferd skrev den 2018-09-14 07:33:
>> On Fri, 14 Sep 2018 at 00:29, Julian Opificius <[hidden email]>
>> wrote:
>>>
>>> Why is it that my system marks everything from you as spam, Benny? Is
>>> it
>>> your tld? I've added you to my address book, but my server keeps
>>> spitting you out.
>>
>> Because the domain that he uses to send emails through this mailing
>> list has DMARC p=quarantine setting:
>> # dig +short _dmarc.junc.eu TXT
>> "v=DMARC1; p=quarantine; rua=mailto:[hidden email]; fo=d;
>> adkim=r; aspf=r; sp=none"
>
> postfix maillist is dkim safe, so if it breaks, show the link that
> breaks it, whitelist postfix maillist so it does not go into
> quarantine
>
> can i help more ?
>
> i get dmarc pass back on my post here

DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 2C5B31BE06F
Authentication-Results: linode.junc.eu; dmarc=pass (p=quarantine
dis=none) header.from=junc.eu
Authentication-Results: linode.junc.eu;
        dkim=pass (1024-bit key) header.d=junc.eu header.i=@junc.eu
header.b=Aedk3uHj;
        dkim-atps=neutral
Received-SPF: none (postfix.org: No applicable sender policy available)
receiver=localhost.junc.eu; identity=mailfrom;
envelope-from="[hidden email]";
helo=russian-caravan.cloud9.net; client-ip="2604:8d00:0:1::4"
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Dominic Raferd


On Fri, 14 Sep 2018 at 07:14, Benny Pedersen <[hidden email]> wrote:
Benny Pedersen skrev den 2018-09-14 08:08:
> Dominic Raferd skrev den 2018-09-14 07:33:
>> On Fri, 14 Sep 2018 at 00:29, Julian Opificius <[hidden email]>
>> wrote:
>>>
>>> Why is it that my system marks everything from you as spam, Benny? Is
>>> it
>>> your tld? I've added you to my address book, but my server keeps
>>> spitting you out.
>>
>> Because the domain that he uses to send emails through this mailing
>> list has DMARC p=quarantine setting:
>> # dig +short _dmarc.junc.eu TXT
>> "v=DMARC1; p=quarantine; rua=mailto:[hidden email]; fo=d;
>> adkim=r; aspf=r; sp=none"
>
> postfix maillist is dkim safe, so if it breaks, show the link that
> breaks it, whitelist postfix maillist so it does not go into
> quarantine
>
> can i help more ?
>
> i get dmarc pass back on my post here

DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 2C5B31BE06F
Authentication-Results: linode.junc.eu; dmarc=pass (p=quarantine
dis=none) header.from=junc.eu
Authentication-Results: linode.junc.eu;
        dkim=pass (1024-bit key) header.d=junc.eu header.i=@junc.eu
header.b=Aedk3uHj;
        dkim-atps=neutral
Received-SPF: none (postfix.org: No applicable sender policy available)
receiver=localhost.junc.eu; identity=mailfrom;
envelope-from="[hidden email]";
helo=russian-caravan.cloud9.net; client-ip="2604:8d00:0:1::4"

Sorry you are right: your emails pass DKIM and also, when going through postfix mailing list (but not all others), pass DKIM alignment, so they pass DMARC. However, when sent through mailing lists, they fail SPF, and (for DMARC) SPF alignment, so servers that make decisions based only on this (which is not the DMARC way) may choose to treat them as spam. Mine don't, but I have seen your emails quarantined (or, previously, blocked) on other mailing lists, hence my original comment.
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

B. Reino
On 2018-09-14 10:36, Dominic Raferd wrote:

> On Fri, 14 Sep 2018 at 07:14, Benny Pedersen <[hidden email]> wrote:
>
>> Benny Pedersen skrev den 2018-09-14 08:08:
>>> Dominic Raferd skrev den 2018-09-14 07:33:
>>>> On Fri, 14 Sep 2018 at 00:29, Julian Opificius
>>>> <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Why is it that my system marks everything from you as spam, Benny?
>>>>> Is
>>>>> it
>>>>> your tld? I've added you to my address book, but my server keeps
>>>>> spitting you out.
>>>>
>>>> Because the domain that he uses to send emails through this mailing
>>>> list has DMARC p=quarantine setting:
>>>> # dig +short _dmarc.junc.eu TXT
>>>> "v=DMARC1; p=quarantine; rua=mailto:[hidden email]; fo=d;
>>>> adkim=r; aspf=r; sp=none"
>>>
>>> postfix maillist is dkim safe, so if it breaks, show the link that
>>> breaks it, whitelist postfix maillist so it does not go into
>>> quarantine
>>>
>>> can i help more ?
>>>
>>> i get dmarc pass back on my post here
>>
>> DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 2C5B31BE06F
>> Authentication-Results: linode.junc.eu; dmarc=pass (p=quarantine
>> dis=none) header.from=junc.eu
>> Authentication-Results: linode.junc.eu;
>> dkim=pass (1024-bit key) header.d=junc.eu header.i=@junc.eu
>> header.b=Aedk3uHj;
>> dkim-atps=neutral
>> Received-SPF: none (postfix.org: No applicable sender policy
>> available)
>> receiver=localhost.junc.eu; identity=mailfrom;
>> envelope-from="[hidden email]";
>> helo=russian-caravan.cloud9.net; client-ip="2604:8d00:0:1::4"
>
> Sorry you are right: your emails pass DKIM and also, when going through
> postfix mailing list (but not all others), pass DKIM alignment, so they
> pass DMARC. However, when sent through mailing lists, they fail SPF,
> and (for DMARC) SPF alignment, so servers that make decisions based
> only on this (which is not the DMARC way) may choose to treat them as
> spam. Mine don't, but I have seen your emails quarantined (or,
> previously, blocked) on other mailing lists, hence my original comment.

I think the postfix ML is not so "DKIM safe". In my case, it causes my
DKIM signature to fail. I have now compared a message sent by me against
other messages sent e.g. by Benny Pedersen, and concluded that my
configuration (using rspamd) was signing way too many fields. I have now
reduced the number of fields and hopefully this message should now come
back from the postfix ML with a valid DKIM signature.

So in a way this message is just a test, but hopefully also a
clarification :)

Cheers,
Bernardo Reino.
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

B. Reino

On 2018-09-14 10:52, B. Reino wrote:

>
> I think the postfix ML is not so "DKIM safe". In my case, it causes my
> DKIM signature to fail. I have now compared a message sent by me
> against other messages sent e.g. by Benny Pedersen, and concluded that
> my configuration (using rspamd) was signing way too many fields. I
> have now reduced the number of fields and hopefully this message
> should now come back from the postfix ML with a valid DKIM signature.
>
> So in a way this message is just a test, but hopefully also a
> clarification :)
>
> Cheers,
> Bernardo Reino.

Well I guess the above test failed :(
I forgot to exclude the "Sender:" header as well.
This is however my last test. I don't want to spam the list.

Sorry and cheers,

--
Bernardo Reino.
Reply | Threaded
Open this post in threaded view
|

RE: Double-Bounce

L.P.H. van Belle
In reply to this post by B. Reino
I had a simular things.
.. Waiting for the bounce...

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: [hidden email] [mailto:[hidden email]]
> Namens B. Reino
> Verzonden: vrijdag 14 september 2018 10:52
> Aan: [hidden email]
> Onderwerp: Re: Double-Bounce
>
> On 2018-09-14 10:36, Dominic Raferd wrote:
>
> > On Fri, 14 Sep 2018 at 07:14, Benny Pedersen <[hidden email]> wrote:
> >
> >> Benny Pedersen skrev den 2018-09-14 08:08:
> >>> Dominic Raferd skrev den 2018-09-14 07:33:
> >>>> On Fri, 14 Sep 2018 at 00:29, Julian Opificius
> >>>> <[hidden email]>
> >>>> wrote:
> >>>>>
> >>>>> Why is it that my system marks everything from you as
> spam, Benny?
> >>>>> Is
> >>>>> it
> >>>>> your tld? I've added you to my address book, but my server keeps
> >>>>> spitting you out.
> >>>>
> >>>> Because the domain that he uses to send emails through
> this mailing
> >>>> list has DMARC p=quarantine setting:
> >>>> # dig +short _dmarc.junc.eu TXT
> >>>> "v=DMARC1; p=quarantine;
> rua=mailto:[hidden email]; fo=d;
> >>>> adkim=r; aspf=r; sp=none"
> >>>
> >>> postfix maillist is dkim safe, so if it breaks, show the link that
> >>> breaks it, whitelist postfix maillist so it does not go into
> >>> quarantine
> >>>
> >>> can i help more ?
> >>>
> >>> i get dmarc pass back on my post here
> >>
> >> DMARC-Filter: OpenDMARC Filter v1.3.2 linode.junc.eu 2C5B31BE06F
> >> Authentication-Results: linode.junc.eu; dmarc=pass (p=quarantine
> >> dis=none) header.from=junc.eu
> >> Authentication-Results: linode.junc.eu;
> >> dkim=pass (1024-bit key) header.d=junc.eu header.i=@junc.eu
> >> header.b=Aedk3uHj;
> >> dkim-atps=neutral
> >> Received-SPF: none (postfix.org: No applicable sender policy
> >> available)
> >> receiver=localhost.junc.eu; identity=mailfrom;
> >> envelope-from="[hidden email]";
> >> helo=russian-caravan.cloud9.net; client-ip="2604:8d00:0:1::4"
> >
> > Sorry you are right: your emails pass DKIM and also, when
> going through
> > postfix mailing list (but not all others), pass DKIM
> alignment, so they
> > pass DMARC. However, when sent through mailing lists, they
> fail SPF,
> > and (for DMARC) SPF alignment, so servers that make decisions based
> > only on this (which is not the DMARC way) may choose to
> treat them as
> > spam. Mine don't, but I have seen your emails quarantined (or,
> > previously, blocked) on other mailing lists, hence my
> original comment.
>
> I think the postfix ML is not so "DKIM safe". In my case, it
> causes my
> DKIM signature to fail. I have now compared a message sent by
> me against
> other messages sent e.g. by Benny Pedersen, and concluded that my
> configuration (using rspamd) was signing way too many fields.
> I have now
> reduced the number of fields and hopefully this message
> should now come
> back from the postfix ML with a valid DKIM signature.
>
> So in a way this message is just a test, but hopefully also a
> clarification :)
>
> Cheers,
> Bernardo Reino.
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Benny Pedersen-2
In reply to this post by B. Reino
B. Reino skrev den 2018-09-14 10:52:

> So in a way this message is just a test, but hopefully also a
> clarification :)

Authentication-Results: linode.junc.eu;
        dkim=fail reason="signature verification failed" (1024-bit key)
header.d=bbmk.org header.i=@bbmk.org header.b=I6ED3eZq;

do not sign all headers :)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbmk.org;
s=default;
        t=1536915126; h=from:from:sender:subject:subject:date:date:to:to:cc:
         in-reply-to:in-reply-to:references:references;

2 header lines with from ?

2 header lines with subject ?

2 header lines with references ?

bugs
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

Benny Pedersen-2
In reply to this post by B. Reino
B. Reino skrev den 2018-09-14 11:02:

> Well I guess the above test failed :(

Authentication-Results: linode.junc.eu; dmarc=pass (p=none dis=none)
header.from=bbmk.org
Authentication-Results: linode.junc.eu;
        dkim=pass (1024-bit key) header.d=bbmk.org header.i=@bbmk.org
header.b=sOJs04Hw;
        dkim-atps=neutral

> I forgot to exclude the "Sender:" header as well.

+1

> This is however my last test. I don't want to spam the list.

no need to sorry, dont fix it now :=)
Reply | Threaded
Open this post in threaded view
|

Re: Double-Bounce

B. Reino
In reply to this post by Benny Pedersen-2
On 2018-09-14 11:11, Benny Pedersen wrote:

> B. Reino skrev den 2018-09-14 10:52:
>
>> So in a way this message is just a test, but hopefully also a
>> clarification :)
>
> Authentication-Results: linode.junc.eu;
> dkim=fail reason="signature verification failed" (1024-bit key)
> header.d=bbmk.org header.i=@bbmk.org header.b=I6ED3eZq;
>
> do not sign all headers :)

I was just using the default in rspamd. After failing this time and
removing the Sender header I think my messages to the list are now being
validated OK.

> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbmk.org;
> s=default;
> t=1536915126; h=from:from:sender:subject:subject:date:date:to:to:cc:
> in-reply-to:in-reply-to:references:references;
>
> 2 header lines with from ?
>
> 2 header lines with subject ?
>
> 2 header lines with references ?

DKIM Oversigning (https://tools.ietf.org/html/rfc6376#section-5.4.2)
Should not hurt, but I might remove that as well..

Cheers and thanks a lot.