Opened 4 months ago

Closed 3 months ago

#13569 closed Bug/Something is broken (fixed)

mx1.riseup.net rejecting mail from cleveland

Reported by: https://id.mayfirst.org/srevilak Owned by: https://id.mayfirst.org/srevilak
Priority: Medium Component: Tech
Keywords: smtp, cleveland.mayfirst.org Cc: jokeefe@…
Sensitive: no

Description

Opening this ticket on behalf of masspirates

About two weeks ago, mx1.riseup.net began rejecting our CiviCRM-generated newsletters to (AT)riseup.net users. Riseup's DSN was

550 5.7.1 Message refused due to content violation: Heuristics.Phishing.Email.SpoofedDomain

After the first set of bounces, I noticed that masspirates.org's SPF record was set up with a specific set of ip address ranges; it predated spf.mayfirst.org. So I updated spf.mayfirst.org.

Since then, mx1.riseup.net is still rejecting our newsletters. Here's a sample of a rejection (from cleveland's mail.log).

Mar 21 07:53:19 cleveland postfix-therest-c/smtpd[26806]: 99BCA61E8: client=assata.mayfirst.org[209.51.180.23]
Mar 21 07:53:19 cleveland postfix-therest-c/cleanup[26808]: 99BCA61E8: message-id=<>
Mar 21 07:53:19 cleveland postfix-therest-c/qmgr[6992]: 99BCA61E8: from=<b.1418.45119.7592e0ae1265df02@crew.masspirates.org>, size=6700, nrcpt=1 (queue active)
Mar 21 07:53:20 cleveland postfix-therest-c/smtp[26459]: 99BCA61E8: to=<REDACTED@riseup.net>, relay=mx1.riseup.net[198.252.153.129]:25, delay=0.9, delays=0.07/0/0.5/0.33, dsn=5.7.1, status=bounced (host mx1.riseup.net[198.252.153.129] said: 550 5.7.1 Message refused due to content violation: Heuristics.Phishing.Email.SpoofedDomain - contact https://support.riseup.net if this is in error (in reply to end of DATA command))
Mar 21 07:53:20 cleveland postfix-therest-c/bounce[26839]: 99BCA61E8: sender non-delivery notification: 99CD46276
Mar 21 07:53:20 cleveland postfix-therest-c/qmgr[6992]: 99BCA61E8: removed

Because the DSN suggested contacting support.riseup.net, I've opened a ticket with the riseup birds.

I'm opening this ticket for tracking purposes, in case other members run into this particular issue.

Change History (5)

comment:1 Changed 4 months ago by https://id.mayfirst.org/srevilak

  • Owner set to https://id.mayfirst.org/srevilak
  • Status changed from new to assigned

comment:2 Changed 4 months ago by https://id.mayfirst.org/srevilak

This may be a red herring. I used our civi instance to send a message to myself, in order to get a look at the headers. I notice that the message doesn't have a Message-ID header. Apparently Civi didn't add one, and none of the receiving MTAs added one either.

In these headers, I've replaced the at-sign with (()). This civi instance uses bulk.mayfirst.org as an SMTP host.

From srevilak(())masspirates.org Sat Mar 24 22:00:41 2018
Return-Path: <srevilak(())masspirates.org>
Delivered-To: <srevilak(())buffy.mayfirst.org>
Received: from buffy.mayfirst.org by buffy.mayfirst.org (Dovecot) with LMTP
 id LkI9OckCt1qJBwAAdhGbZA for <srevilak(())buffy.mayfirst.org>; Sat, 24 Mar
 2018 22:00:41 -0400
Received: from buffy.mayfirst.org (localhost [127.0.0.1]) by
 buffy.mayfirst.org (Postfix) with ESMTP id CDE3DFB61 for
 <steve(())srevilak.net>; Sat, 24 Mar 2018 22:00:41 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on buffy.mayfirst.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
 autolearn=disabled version=3.4.0
X-Spam-Language: 
Received: from rose.mayfirst.org (rose.mayfirst.org [209.51.180.30]) (using
 TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate
 requested) by buffy.mayfirst.org (Postfix) with ESMTPS id B6EE9FB60 for
 <steve(())srevilak.net>; Sat, 24 Mar 2018 22:00:41 -0400 (EDT)
Received: from rose.mayfirst.org (localhost [127.0.0.1]) by rose.mayfirst.org
 (Postfix) with ESMTP id 8686B273FB for <srevilak(())masspirates.org>; Sat, 24
 Mar 2018 22:00:41 -0400 (EDT)
Received: from cleveland.smtp.mayfirst.org (cleveland.smtp.mayfirst.org
 [162.247.75.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256
 bits)) (No client certificate requested) by rose.mayfirst.org (Postfix) with
 ESMTPS id 73E49273FA for <srevilak(())masspirates.org>; Sat, 24 Mar 2018
 22:00:41 -0400 (EDT)
Received: from lists.people-link.net (assata.mayfirst.org [209.51.180.23]) by
 cleveland.smtp.mayfirst.org (Postfix) with ESMTP id 5574F6165 for
 <srevilak(())masspirates.org>; Sat, 24 Mar 2018 22:00:41 -0400 (EDT)
Received: from masspirates.org (rose.mayfirst.org [209.51.180.30]) by
 lists.people-link.net (Postfix) with ESMTP id 2E174D4002 for
 <srevilak(())masspirates.org>; Sat, 24 Mar 2018 22:00:41 -0400 (EDT)
From: Steve Revilak <srevilak(())masspirates.org>
To: Steve Revilak <srevilak(())masspirates.org>
Cc: 
Subject: This is a test message
Content-Disposition: inline
Reply-To: Steve Revilak <srevilak(())masspirates.org>
Date: Sat, 24 Mar 2018 22:00:41 -0400
X-Virus-Scanned: ClamAV using ClamSMTP
X-Envelope-From: <srevilak(())masspirates.org>
X-Virus-Scanned: ClamAV using ClamSMTP
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
Status: RO

comment:3 Changed 4 months ago by https://id.mayfirst.org/srevilak

  • Resolution set to fixed
  • Status changed from assigned to feedback

Riseup's response:

That error is caused when a URL in the email points to a different domain. URL shorteners are one such problem. Remove such links and the problem will be resolved. Let me know if you need anything else.

Each of the newsletters-with-bounces contained a mailto: link to a lists.riseup.net mailing list. Since masspirates.org != riseup.net, I suspect this was the problem.

comment:4 Changed 4 months ago by https://id.mayfirst.org/jaimev

  • Resolution fixed deleted
  • Status changed from feedback to assigned

Wow, thanks for following up on this steve and for this very interesting discovery.

comment:5 Changed 3 months ago by https://id.mayfirst.org/srevilak

  • Resolution set to fixed
  • Status changed from assigned to closed

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.