Opened 4 weeks ago

Last modified 24 hours ago

#14357 assigned Bug/Something is broken

Cannot receive e-mail at lists.portside.org addresses

Reported by: https://id.mayfirst.org/ben-agaric Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: email, subdomain Cc: chris@…, david@…, https://id.mayfirst.org/jamie
Sensitive: no

Description

Currently we only have redirect addresses configured for lists.portside.org.

We receive this back:

This is the mail system at host gil.mayfirst.org.

I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

abuse@…: host evo.mayfirst.org[209.51.172.4] said: 550 5.1.1 abuse@…: Recipient address rejected: User unknown in virtual alias table (in reply to RCPT TO command)

Reporting-MTA: dns; gil.mayfirst.org X-Postfix-Queue-ID: 6EE4D5E9A X-Postfix-Sender: rfc822; ben@… Arrival-Date: Fri, 28 Dec 2018 16:16:39 -0500 (EST)

Final-Recipient: rfc822; abuse@… Original-Recipient: rfc822;abuse@… Action: failed Status: 5.1.1 Remote-MTA: dns; evo.mayfirst.org Diagnostic-Code: smtp; 550 5.1.1 abuse@…: Recipient address rejected: User unknown in virtual alias table

Right now lists.portside.org is an optional subdomain under portside.org in May First's control panel. Not sure if that's part of the issue, but certainly we don't want to break anything that lists.portside.org is doing currently in the process of getting e-mail addresses there able to work.

This is needed to move forward with #14184

Change History (14)

comment:1 Changed 4 weeks ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added
  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

So first of all the double DNS listings for evo.mayfirst.org and morales.mayfirst.org probably has no bearing on this issue but I wanted to mention that internally in our puppet records the server hostname is morales and serve itself has its hostname set to morales which makes for a few minutes of confusion head scratching until I figure out where evo is every time. The relationship should be obvious but is easy to forget.

So when you set up the e-mail address aliases through the control those are added to postfix virtual alias maps for the hosting order server. For portside.org this happens automatically on mumia. But lists.portside.org is set to deliver to (evo|morales).mayfirst.org necessarily because your mailing list is there. But morales is not a mosh so I don't think the control panel can manipulate the postfix settings there. The cp probably shouldn't even let you attempt to create e-mail addresses for lists.portside.org because of this. Copying jamie about that possible bug.

For now, the simplest workaround I can think of is manually adding the desired forwarding aliases yourself to postfix on morales. Check this section of the postfix guide. http://www.postfix.org/VIRTUAL_README.html#forwarding

comment:2 Changed 4 weeks ago by https://id.mayfirst.org/ben-agaric

Ahhhh, thank you. Was just coming back to note that lists.portside.org was indeed working for Listserv addresses. That makes sense.

comment:3 Changed 4 weeks ago by https://id.mayfirst.org/jamie

Thanks for the heads up. I think we should remove the evo.mayfirst.org dns entry entirely.

Unfortunately, the control panel is not smart enough to know whether an MX record is configured for a mosh or not so it isn't any easy fix to prevent that easy to make mistake. :(. I don't think i'll try to fix that but we should keep it in mind for the future control panel.

Given the integration between listserv and postfix on morales, I would advise against messing with those aliases if at all possible.

comment:4 Changed 3 weeks ago by https://id.mayfirst.org/wolcen

OK... well, I was already hesitant, now if *YOU* are hesitant...oh my!

The last suggestion we were given (in re: improving list serv deliverability), was to use the @lists.portside.org for everything coming from listserv, and apply DKIM/SPF/DMARC rules specifically at that level.

The existing tickets: https://support.mayfirst.org/ticket/14277 (routing return path back to listserv for auto-deletes) and https://support.mayfirst.org/ticket/14184#comment:15 (DMARC - last comment specifically suggesting using the subdomain).

I wonder if it would be best to meet with/chat with you all quick to try hash out the best route to complete these few tickets. At the end of the day, we just want to make the Portside listserv work as well as possible.

comment:5 Changed 3 weeks ago by https://id.mayfirst.org/jaimev

  • Owner changed from https://id.mayfirst.org/jaimev to https://id.mayfirst.org/jamie

We'll need jamie's input on those tickets.

comment:6 Changed 3 weeks ago by https://id.mayfirst.org/jamie

I'm so sorry for sowing confusion by not considering the big picture when I responded!

I take back my original thoughts - I think we should create a @lists.portside.org alias for sending portside email. Perhaps just one that can live in /etc/aliases on morales - that forwards mail. Then, you can just use lists.portside.org all the way through for sending the email, and you can then create a dmarc entry for lists.portside.org.

comment:7 Changed 3 weeks ago by https://id.mayfirst.org/wolcen

Hi Jamie,

I'm sorry to say that I am lost as to how to implement your suggestion. Could we possibly schedule some time with you to talk about this (big-picture and details)? I'm not against doing all we can ourselves, but it's beyond my personal understanding still.

Thanks, --Chris

comment:8 Changed 2 weeks ago by https://id.mayfirst.org/jamie

No worries! And sorry for the slow response. Can this wait til next week? I'm leaving town tomorrow. Perhaps we could schedule a time next thurdsay afternoon - like 3:00 pm Eastern on January 16?

comment:9 Changed 2 weeks ago by https://id.mayfirst.org/wolcen

Hope you enjoy your time away.

Next Thu [note this is the 17th - I'm assuming the date rather than day is incorrect] at 3pm works for us. We can do Jitsi or Mumble - whatever you prefer.

Thank you!

comment:10 Changed 9 days ago by https://id.mayfirst.org/jamie

Woops, yes I meant thursday, January 17 - let's plan for 3:00 pm at https://meet.mayfirst.org/mayfirst

comment:11 Changed 6 days ago by https://id.mayfirst.org/jamie

I missed you! Maybe we can try to re-schedule? I can do wed or thu afternoon next week - same time.

comment:12 Changed 30 hours ago by https://id.mayfirst.org/wolcen

Hello again - we're on for Thu @ 3p. Thank you.

(I did find there is an issue with my Calendar - the sync client is not pushing things from my primary system, which also seems to lose connection for the file sync client...research so far seems to indicate an attack throttling setting on recent Nextcloud version, but trying to get better logging)

comment:13 Changed 29 hours ago by https://id.mayfirst.org/jamie

Interesting that you have come across this now... I just spent several hours debugging a sync problem on my phone and came to a similar conclusion. When I switched from wifi to cell data is suddenly worked perfectly.

In any event... settled for 3:00 pm thu.

comment:14 Changed 24 hours ago by https://id.mayfirst.org/jamie

I don't mean to hijack this ticket but wanted to link to some new documentation I added on nextcloud on unbanning ips. If you ever get banned let us know and we can remove it!

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.