It took me a moment to figure this out, because I was in a security talk at SCaLE 19x and was distracted. Hoover Chan did something that many people think is a good idea, but is not: Hoover subscribed "hchan@mail.ewind.com" but set that mailbox to forward to his GMail mailbox, hoover.chan@gmail.com . Hoover, sorry, in 2022 you can no longer do mail forwarding with wild abandon, because of increasing deployment of anti-forgery blocking technologies (SPF and DMARC). In this case, my posting to balug-admin was processed by list.balug.org and re-mailed to all subscribers including your hchan@mail.ewind.com . Host nephoscale.ewind.com (IP 198.89.112.140) tried re-lobbing your subscriber copy to GMail, which rejected it because IP 198.89.112.140 is not a permitted originator for mail from domain balug.org, i.e., that IP as an SMTP source violates balug.org's SPF and DMARC declarations. I am deleting your subscriptions of hchan@mail.ewind.com from balug-admin and from any other BALUG mailing list it might be on. (I haven't yet checked the other three.) I will also have Mailman send an "invitation" to quick-subscribe Hoover Chan <hoover.chan@gmail.com> , if you so wish. Please review your subscriptions to any _other_ mailing lists, and stop relying on hchan@mail.ewind.com -> hoover.chan@gmail.com forwarding. You really cannot rely on that, any more. TY. -- Rick Moen for the BALUG sysadmin team ----- Forwarded message from mailman@lists.balug.org ----- Date: Sat, 30 Jul 2022 20:35:00 +0000 From: mailman@lists.balug.org To: balug-admin-owner@lists.balug.org Subject: Bounce action notification X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,MAILING_LIST_MULTI, NO_REAL_NAME,SPF_PASS,T_TVD_MIME_NO_HEADERS autolearn=ham version=3.3.1 This is a Mailman mailing list bounce action notice: List: BALUG-Admin Member: hchan@mail.ewind.com Action: Subscription disabled. Reason: Excessive or fatal bounces. The triggering bounce notice is attached below. Questions? Contact the Mailman site administrator at mailman@lists.balug.org. Received: from static-198.89.112.140.nephohosting.com ([198.89.112.140] helo=nephoscale.ewind.com) by balug-sf-lug-v2.balug.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) id 1oHtAp-00053A-No for balug-admin-bounces@lists.balug.org; Sat, 30 Jul 2022 20:34:59 +0000 Received: from localhost (localhost) by nephoscale.ewind.com (8.14.4/8.14.4) id 26UKUlVD005544; Sat, 30 Jul 2022 13:30:47 -0700 Date: Sat, 30 Jul 2022 13:30:47 -0700 From: Mail Delivery Subsystem <MAILER-DAEMON@nephoscale.ewind.com> Message-Id: <202207302030.26UKUlVD005544@nephoscale.ewind.com> To: <balug-admin-bounces@lists.balug.org> MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="26UKUlVD005544.1659213047/nephoscale.ewind.com" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) Received-SPF: none client-ip=198.89.112.140; helo=nephoscale.ewind.com The original message was received at Sat, 30 Jul 2022 13:30:41 -0700 from balug.org [96.86.170.229] ----- The following addresses had permanent fatal errors ----- hoover.chan@gmail.com (reason: 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both) (expanded from: <hchan@mail.ewind.com>) ----- Transcript of session follows ----- ... while talking to gmail-smtp-in.l.google.com.:
DATA <<< 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both <<< 550-5.7.26 do not pass). SPF check for [lists.balug.org] does not pass with ip: <<< 550-5.7.26 [198.89.112.140].To best protect our users from spam, the message <<< 550-5.7.26 has been blocked. Please visit <<< 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more <<< 550 5.7.26 information. f5-20020a62db05000000b0052c708707dbsi7062217pfg.121 - gsmtp 554 5.0.0 Service unavailable
Reporting-MTA: dns; nephoscale.ewind.com Received-From-MTA: DNS; balug.org Arrival-Date: Sat, 30 Jul 2022 13:30:41 -0700 Final-Recipient: RFC822; hchan@mail.ewind.com X-Actual-Recipient: RFC822; hoover.chan@gmail.com Action: failed Status: 5.7.26 Remote-MTA: DNS; gmail-smtp-in.l.google.com Diagnostic-Code: SMTP; 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both Last-Attempt-Date: Sat, 30 Jul 2022 13:30:42 -0700 Return-Path: <balug-admin-bounces@lists.balug.org> Received: from balug-sf-lug-v2.balug.org (balug.org [96.86.170.229]) by nephoscale.ewind.com (8.14.4/8.14.4) with ESMTP id 26UKUfVD005543 for <hchan@mail.ewind.com>; Sat, 30 Jul 2022 13:30:41 -0700 Received: from localhost ([127.0.0.1] helo=balug.org) by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from <balug-admin-bounces@lists.balug.org>) id 1oHtAc-00052G-8o; Sat, 30 Jul 2022 20:34:46 +0000 Received: from linuxmafia.com ([96.95.217.99]) by balug-sf-lug-v2.balug.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <rick@linuxmafia.com>) id 1oHtAZ-000526-W5 for balug-admin@lists.balug.org; Sat, 30 Jul 2022 20:34:44 +0000 Received: from rick by linuxmafia.com with local (Exim 4.72) (envelope-from <rick@linuxmafia.com>) id 1oHtAX-0001P2-QB for balug-admin@lists.balug.org; Sat, 30 Jul 2022 13:34:41 -0700 Date: Sat, 30 Jul 2022 13:34:41 -0700 From: Rick Moen <rick@linuxmafia.com> To: balug-admin@lists.balug.org Message-ID: <20220730203441.GI13985@linuxmafia.com> References: <20220726022507.GV13985@linuxmafia.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20220726022507.GV13985@linuxmafia.com> Organization: If you lived here, you'd be $HOME already. X-Mas: Bah humbug. X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.5.20 (2009-06-14) X-SA-Exim-Connect-IP: <locally generated> X-SA-Exim-Mail-From: rick@linuxmafia.com X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false Received-SPF: pass client-ip=96.95.217.99; envelope-from=rick@linuxmafia.com; helo=linuxmafia.com Subject: Re: [BALUG-Admin] Spamtraps and http://www.uceprotect.net/en/rblcheck.php?ipr=96.86.170.229 X-BeenThere: balug-admin@lists.balug.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion among those who make BALUG work <balug-admin.lists.balug.org> List-Unsubscribe: <https://lists.balug.org/cgi-bin/mailman/options/balug-admin>, <mailto:balug-admin-request@lists.balug.org?subject=unsubscribe> List-Archive: <https://lists.balug.org/pipermail/balug-admin/> List-Post: <mailto:balug-admin@lists.balug.org> List-Help: <mailto:balug-admin-request@lists.balug.org?subject=help> List-Subscribe: <https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin>, <mailto:balug-admin-request@lists.balug.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: balug-admin-bounces@lists.balug.org Sender: "BALUG-Admin" <balug-admin-bounces@lists.balug.org> ----- End forwarded message -----