[aprssig] List email problems

Andrew Pavlin spam8mybrain at yahoo.com
Fri Feb 18 22:57:44 EST 2022 

 One additional note (from my own experience with email issues at a major cloud service provider) is that the "-all" directive in the SPF record must be last. The tokens in the SPF records are evaluated in order from left to right (with recursion at the point where an "include:" is found), and stop being evaluated when a match occurs. Since "all" matches everything, mail servers implementing SPF checks would never proceed to the "include:" directive that provides recursion to another list.
Re: adding lists.tapr.org to the list: that should be a "ip:lists.tapr.org", not an "mx:", because "mx:" means to check the mail exchangers records for the specified domain name rather than the IP address records.
Andrew Pavlin, KA2DDO

    On Friday, February 18, 2022, 05:22:13 PM EST, Bob Poortinga <aprssig at k9sql.us> wrote:  
 
 I believe that I have found an issue that may be causing, or at least contributing, to the rejected email problem.
The Sender Policy Framework (SPF) DNS TXT record for TAPR.ORG does not contain a reference to the IP address or hostname of 'lists.tapr.org [173.230.155.76]".
Here is the record:
"v=spf1 a mx -all include:_spf.z2systems.com"
Let me break this down."v=spf1" is the  SPF identifier and version number."a" means accept email from the IP address of the A record for TAPR.ORG (which is 35.196.172.173.)"mx" means accept email from the host listed as the MX (mail exchanger) for TAPR.ORG (which is "mail.tapr.org [45.79.201.63],"-all" (and this is important) means reject email with a sender address of TAPR.ORG from any other hostname or IP address,"include:_spf.z2systems.com" means lookup and include the SPF policies of "_spf.z2systems.com." I have examined that record and it does not include "lists.tar.org" or it's IP address.
There are several approaches to fixing this SPF record. Here is my recommendation: add "mx:lists.tapr.org" to the TAPR.ORG SPF DNS TXT record. You could instead add "ip4:173.230.155.76" to the SPF record as well, but that would have to be updated everytime the IP address of 'lists.tapr.org' changes. I would also change the hard reject in the SPF record from "-all" to a soft reject "~all". Additionally, the "all" specifier should be the last item listed in the SPF record and any "include" policies ahould precede it.
Before I retired, I ran the email systems for a large corporation and have had to deal with these types of issues many times in the past. I won't guarantee that this will fix all the problems, but it is something that needs be corrected in order for email to flow smoothly.
73,Bob W9IZ

On Fri, Feb 18, 2022, 2:11 PM Randy Hall <aa6rh at socorad.io> wrote:

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3alists.tapr.org&run=toolpage
Turns out, TAPR's maillist server is blacklisted. That is the thing that needs to be addressed first and foremost. Complaining to a mail receiver that they should disregard a blacklist is not going to get anything done.
The fact that TAPR is hosting their own mail server on Linode is part of the problem. TAPR needs to have a person (staff or volunteer) who knows SMTP, sendmail and MX blacklist policies like the back of their hand, so that they can quickly address blacklist problems. Until and unless TAPR gets off the blacklist that the IP address is listed on, Microsoft is within their rights to disregard mail coming from lists.tapr.org
This is just the "hidden cost" of running your own mail server at work right here. You pay for it one way or another.
--R
--Randy AA6RHaa6rh at socorad.ioGrid Square: CM88plQRZ Profile
Sonoma County DMR: BrandMeister 31707

On Fri, Feb 18, 2022 at 10:56 AM Charles Gallo <charlie at thegallos.com> wrote:

Usually, it is when someone else on the server is a spammer,  so hey block the whole server

--  
73 de KG2V
Charlie

> On Feb 18, 2022, at 1:24 PM, John Ackermann N8UR <jra at febo.com> wrote:
> 
> On 2/18/22 12:00 PM, aprssig-request at lists.tapr.org wrote:
> 
> The issue we're dealing with has been affecting folks on the other lists.tapr.org lists; I don't know how many people on aprssig are affected by it.
> 
> People who have Microsoft as their email service provider are being blocked from getting messages from lists.tapr.org.  The bounce messages say:
> 
> "Access denied, banned sender[173.230.155.76]. To request removal from this list please forward this message to delist at messaging.microsoft.com. For more information please go to http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410) [SY4AUS01FT004.eop-AUS01.prod.protection.outlook.com]"
> 
> We have submitted several requests for delisting, and our ISP has been doing everything they can (we are not the only one of their customers having this problem), but so far nothing has gotten MSFT to unblock us. Changing IP addresses is one way to circumvent the problem.
> 
> There may be other issues going on, but at the moment this is the one we can identify and hopefully do something about.  Just for additional information, lists.tapr.org has been running on the same Mailman software and configuration since May, 2018.  So there've been no recent changes at our end that could result in delivery issues, but there are plenty of things outside our control that can cause problems.
> 
> 73,
> John
> 
>> ------------------------------
>> Message: 8
>> Date: Thu, 17 Feb 2022 20:37:02 -0500
>> From: Steve Dimse <steve at dimse.com>
>> To: TAPR APRS Sig <aprssig at lists.tapr.org>
>> Subject: Re: [aprssig] TAPR Mailing List Update
>> Message-ID: <CA5ACD1C-DEA0-4505-9FC4-249B5001895E at dimse.com>
>> Content-Type: text/plain;    charset=us-ascii
>> I'm not sure how Microsoft is the issue. First, most of the posts are getting through to everyone, AFAIK. Lynn for example seems to see everyone but me. I seem to see everyone but Jeff. And we can email each other directly. It is just list messages from certain people to others that get lost.
>> Steve
> 
> _______________________________________________
> aprssig mailing list
> aprssig at lists.tapr.org
> http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org


_______________________________________________
aprssig mailing list
aprssig at lists.tapr.org
http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org

_______________________________________________
aprssig mailing list
aprssig at lists.tapr.org
http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org

_______________________________________________
aprssig mailing list
aprssig at lists.tapr.org
http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20220219/c5d4d6ef/attachment.html>

More information about the aprssig mailing list