E-Mail is fucked. I need someone to help fix it


#1

Our postfix logs are filled with this ominous bullshit:

Feb 12 19:37:12 debian9 postfix/smtp[9387]: 4E5C2110A: host mta7.am0.yahoodns.net[98.137.159.26] said: 421 4.7.0 [TSS04] Messages from 172.93.55.252 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
Feb 12 19:37:12 debian9 postfix/smtp[9387]: 4E5C2110A: lost connection with mta7.am0.yahoodns.net[98.137.159.26] while sending RCPT TO                                                                                          
Feb 12 19:37:12 debian9 postfix/smtp[9385]: A8ACA356F: host mta5.am0.yahoodns.net[74.6.137.63] said: 421 4.7.0 [TSS04] Messages from 172.93.55.252 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
Feb 12 19:37:12 debian9 postfix/smtp[9385]: A8ACA356F: lost connection with mta5.am0.yahoodns.net[74.6.137.63] while sending RCPT TO                                                                                            
Feb 12 19:37:12 debian9 postfix/smtp[9386]: 480A110A3: host mta7.am0.yahoodns.net[67.195.229.58] said: 421 4.7.0 [TSS04] Messages from 172.93.55.252 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)
Feb 12 19:37:12 debian9 postfix/smtp[9386]: 480A110A3: lost connection with mta7.am0.yahoodns.net[67.195.229.58] while sending RCPT TO                                                                                          
Feb 12 19:37:12 debian9 postfix/smtp[9385]: A8ACA356F: to=<ryanrokey1@yahoo.com>, relay=mta6.am0.yahoodns.net[98.137.159.28]:25, delay=344833, delays=344832/0.03/0.29/0.03, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.137.159.28] said: 421 4.7.0 [TSS04] Messages from 172.93.55.252 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))           
Feb 12 19:37:12 debian9 postfix/smtp[9387]: 4E5C2110A: to=<ryanrokey1@yahoo.com>, relay=mta6.am0.yahoodns.net[66.218.85.139]:25, delay=369919, delays=369919/0.04/0.26/0.04, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[66.218.85.139] said: 421 4.7.0 [TSS04] Messages from 172.93.55.252 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))           
Feb 12 19:37:12 debian9 postfix/smtp[9386]: 480A110A3: to=<ryanrokey1@yahoo.com>, relay=mta6.am0.yahoodns.net[98.137.159.25]:25, delay=344800, delays=344800/0.03/0.34/0.04, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.137.159.25] said: 421 4.7.0 [TSS04] Messages from 172.93.55.252 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command))           
Feb 12 19:37:13 debian9 postfix/smtp[9388]: B7EF1148: host in1-smtp.messagingengine.com[66.111.4.74] said: 451 4.7.1 <DATA>: Data command rejected: noisebridge.info is blacklisted - RLR623 - ip=<172.93.55.252>, host=<>, helo=<debian9>, from_domain=<noisebridge.info> (in reply to DATA command)
Feb 12 19:37:14 debian9 postfix/smtp[9388]: B7EF1148: to=<tdfischer@hackerbots.net>, orig_to=<tdfischer>, relay=in1-smtp.messagingengine.com[66.111.4.75]:25, delay=139033, delays=139030/0.05/2.8/0.06, dsn=4.7.1, status=deferred (host in1-smtp.messagingengine.com[66.111.4.75] said: 451 4.7.1 <DATA>: Data command rejected: noisebridge.info is blacklisted - RLR623 - ip=<172.93.55.252>, host=<>, helo=<debian9>, from_domain=<noisebridge.info> (in reply to DATA command))
Feb 12 19:42:12 debian9 postfix/qmgr[19288]: B563E101: from=<replies+verp-03bae4f08070edd3a89c3760573d8308@discuss.noisebridge.info>, size=23037, nrcpt=1 (queue active)                                                        
Feb 12 19:42:13 debian9 postfix/smtp[9741]: B563E101: host in1-smtp.messagingengine.com[66.111.4.72] said: 451 4.7.1 <DATA>: Data command rejected: noisebridge.info is blacklisted - RLR623 - ip=<172.93.55.252>, host=<>, helo=<debian9>, from_domain=<discuss.noisebridge.info> (in reply to DATA command)
Feb 12 19:42:15 debian9 postfix/smtp[9741]: B563E101: to=<jhg@fastmail.com>, relay=in1-smtp.messagingengine.com[66.111.4.71]:25, delay=273524, delays=273521/0.04/2.9/0.06, dsn=4.7.1, status=deferred (host in1-smtp.messagingengine.com[66.111.4.71] said: 451 4.7.1 <DATA>: Data command rejected: noisebridge.info is blacklisted - RLR623 - ip=<172.93.55.252>, host=<>, helo=<debian9>, from_domain=<discuss.noisebridge.info> (in reply to DATA command)) 

Looking at our DNS, I don’t see that we have a reverse record for our IP address. We also don’t have the SPF records configured for discuss.noisebridge.info, however we do for subdomain-less noisebridge.info.

I’m going to start working on getting DKIM set up and configured, but it would be really awesome if someone who has DNS access could get us a reverse record and fix SPF.


#2

DKIM keys are generated, and I’m in the process of hooking up postfix to opendkim. In order for this to work and also for me to test the setup, I need the following TXT record created for 201901._domainkey.discuss.noisebridge.info:

v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoAVwMGT1JNZ07JM+5hm5hjvUeo+CUP1E4zwcxVF9LNKr547vzfVp+MHiaJvQ6891NcUL+hynaKZAuCzLroD0ber0R6paOGFBygC25iPp1GHY68Wy5ySvnjAOaarY0rMA84IpoxJGqtc4s5Fpy1agkzkG34rNWnLRux6+uV9n8svqkH43FE6qck8yTi2BRcOWgB68vZp5akKkhUDzGs0EMCj5Kk+6y6Twu/ADAOY/9MZboCwybEeupLvRWLTzjw81K38rrLgWsPTobUiGp63dK2rTb8HIHJ5YyqiMnuQ2aD4lFqM4r2I1cQmg4tuVuAcZxC6vPZsQqR916wHk/7LlQIDAQAB

Also the following TXT record created for 201901._domainkey.noisebridge.info:

v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVu96Iw+aArHWKree2kXEv9fQ2osX0L/Z3j3l671Jh0//m1lmaTNK83MzOKj0UxyOdQFhhiW1lxgNFM3MxAcK03XuxcVGhI0xgG4xjwai2KlF6pRCMZT/FsQjlPdasDOaTMhmWMoDpqSY8hIeoKrkGis1JnC9UKoDwrjwetTqif+qelYeQvUcAt4iXfoxw55OIgozXQb0YRPkI7GhFs0b96zPwh2baxEWqjDSD8WEpFub18jhAKP8sWqeolmMxxjvfW8NKpMAGJ5lZY+qXHfRUYfWt4tJGCK4o4NRfkhKmfv/OF5f0dCjsgXcWTFcoVHiQBvBkJl1F1aXa/jkUMI/wIDAQAB


#3

Update: DKIM is configured and signing e-mails. All I need now is the DNS records to turn it on.


(Matt) #4

Yeah sorry i tried to do this before but no access to DNS. I have like read only. I kind of feel like we’re back to the domain being held hostage. I’m almost completely off slack at this stage but maybe someone can ping James?


(Steve Phillips) #5

@tdfischer Done!

I added a section to the Unicorn wiki page called “DNS Access” that says who can be asked for access to edit noisebridge.info’s DNS records: https://www.noisebridge.net/wiki/Unicorn#DNS_Access .


lol NameCheap’s interface is shitty, so there’s a section where there’s some sort of read-only TXT record in a separate section, which is confusing, but if Rando has the same access I have, which I believe he does (and if he doesn’t he can tell me his NameCheap username and I will gladly provide it), then he, just like I, can add new TXT records, which is what was needed here.

The domain is not being held hostage. If anyone would have asked us for DNS access, we would have provided it. Now that https://www.noisebridge.net/wiki/Unicorn#DNS_Access exists, people know who to ask! #ProblemSolved

Someone should create an Infrastructure Guild so that it’s more clear where to go for such things!

@nthmost Has anyone expressed interest in creating such a Guild?


#6

Like #guilds:rack?


(Steve Phillips) #7

Yes, except well-advertised (like at Tuesday meetings!) and with members :slight_smile:.


#8

Still unclear on how this is not #guilds:rack


(Steve Phillips) #9

If that describes #guilds:rack, great.

Did I correctly add the TXT records you wanted someone to create? Let me know if there’s anything else you want done there. Also happy to give you direct access; just tell me your NameCheap username.


#10

Almost. discuss.noisebridge.info still does not have an SPF record, but DKIM seems working on both domains now.

I don’t have a name cheap login, but maybe we can transfer it to the new shared gandi account?


#11

There was an error in the original TXT record for noisebridge.info I pasted here. It says h=rsa-sha256 but needs changed to match the one for discuss.noisebridge.info, which says h=sha256. I’ve updated my post above to reflect this.

I’ve also decided to look into what DMARC would require and if it would also help with e-mail reliability. It looks like just having DKIM is enough for my fastmail account to lift the blacklist, but yahoo and gmail are still floundering.


(Steve Phillips) #12

TXT records: updated :+1:

Moving noisebridge.info to the Noisebridge Gandi.net account sounds good to me, but I can only edit DNS; we’ll need to ask @mindfu (who bought, owns, and controls noisebridge.info) to transfer.


#13

Emails seem to be chugging along again now. If we can get the discuss.noisebridge.info SPF record done, I feel like we can call this issue fixed and future proofed.