It took me a moment to figure this out, because I was in a security talk at SCaLE 19x and was distracted.
Hoover Chan did something that many people think is a good idea, but is not: Hoover subscribed "hchan@mail.ewind.com" but set that mailbox to forward to his GMail mailbox, hoover.chan@gmail.com .
Hoover, sorry, in 2022 you can no longer do mail forwarding with wild abandon, because of increasing deployment of anti-forgery blocking technologies (SPF and DMARC).
In this case, my posting to balug-admin was processed by list.balug.org and re-mailed to all subscribers including your hchan@mail.ewind.com . Host nephoscale.ewind.com (IP 198.89.112.140) tried re-lobbing your subscriber copy to GMail, which rejected it because IP 198.89.112.140 is not a permitted originator for mail from domain balug.org, i.e., that IP as an SMTP source violates balug.org's SPF and DMARC declarations.
I am deleting your subscriptions of hchan@mail.ewind.com from balug-admin and from any other BALUG mailing list it might be on. (I haven't yet checked the other three.) I will also have Mailman send an "invitation" to quick-subscribe Hoover Chan hoover.chan@gmail.com , if you so wish.
Please review your subscriptions to any _other_ mailing lists, and stop relying on hchan@mail.ewind.com -> hoover.chan@gmail.com forwarding. You really cannot rely on that, any more. TY.
-- Rick Moen for the BALUG sysadmin team
----- Forwarded message from mailman@lists.balug.org -----
Date: Sat, 30 Jul 2022 20:35:00 +0000 From: mailman@lists.balug.org To: balug-admin-owner@lists.balug.org Subject: Bounce action notification X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,MAILING_LIST_MULTI, NO_REAL_NAME,SPF_PASS,T_TVD_MIME_NO_HEADERS autolearn=ham version=3.3.1
This is a Mailman mailing list bounce action notice:
List: BALUG-Admin Member: hchan@mail.ewind.com Action: Subscription disabled. Reason: Excessive or fatal bounces.
The triggering bounce notice is attached below.
Questions? Contact the Mailman site administrator at mailman@lists.balug.org.
Received: from static-198.89.112.140.nephohosting.com ([198.89.112.140] helo=nephoscale.ewind.com) by balug-sf-lug-v2.balug.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) id 1oHtAp-00053A-No for balug-admin-bounces@lists.balug.org; Sat, 30 Jul 2022 20:34:59 +0000 Received: from localhost (localhost) by nephoscale.ewind.com (8.14.4/8.14.4) id 26UKUlVD005544; Sat, 30 Jul 2022 13:30:47 -0700 Date: Sat, 30 Jul 2022 13:30:47 -0700 From: Mail Delivery Subsystem MAILER-DAEMON@nephoscale.ewind.com Message-Id: 202207302030.26UKUlVD005544@nephoscale.ewind.com To: balug-admin-bounces@lists.balug.org MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="26UKUlVD005544.1659213047/nephoscale.ewind.com" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) Received-SPF: none client-ip=198.89.112.140; helo=nephoscale.ewind.com
The original message was received at Sat, 30 Jul 2022 13:30:41 -0700 from balug.org [96.86.170.229]
----- The following addresses had permanent fatal errors ----- hoover.chan@gmail.com (reason: 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both) (expanded from: hchan@mail.ewind.com)
----- Transcript of session follows ----- ... while talking to gmail-smtp-in.l.google.com.:
DATA
<<< 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both <<< 550-5.7.26 do not pass). SPF check for [lists.balug.org] does not pass with ip: <<< 550-5.7.26 [198.89.112.140].To best protect our users from spam, the message <<< 550-5.7.26 has been blocked. Please visit <<< 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more <<< 550 5.7.26 information. f5-20020a62db05000000b0052c708707dbsi7062217pfg.121 - gsmtp 554 5.0.0 Service unavailable
Reporting-MTA: dns; nephoscale.ewind.com Received-From-MTA: DNS; balug.org Arrival-Date: Sat, 30 Jul 2022 13:30:41 -0700
Final-Recipient: RFC822; hchan@mail.ewind.com X-Actual-Recipient: RFC822; hoover.chan@gmail.com Action: failed Status: 5.7.26 Remote-MTA: DNS; gmail-smtp-in.l.google.com Diagnostic-Code: SMTP; 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both Last-Attempt-Date: Sat, 30 Jul 2022 13:30:42 -0700
Return-Path: balug-admin-bounces@lists.balug.org Received: from balug-sf-lug-v2.balug.org (balug.org [96.86.170.229]) by nephoscale.ewind.com (8.14.4/8.14.4) with ESMTP id 26UKUfVD005543 for hchan@mail.ewind.com; Sat, 30 Jul 2022 13:30:41 -0700 Received: from localhost ([127.0.0.1] helo=balug.org) by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from balug-admin-bounces@lists.balug.org) id 1oHtAc-00052G-8o; Sat, 30 Jul 2022 20:34:46 +0000 Received: from linuxmafia.com ([96.95.217.99]) by balug-sf-lug-v2.balug.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from rick@linuxmafia.com) id 1oHtAZ-000526-W5 for balug-admin@lists.balug.org; Sat, 30 Jul 2022 20:34:44 +0000 Received: from rick by linuxmafia.com with local (Exim 4.72) (envelope-from rick@linuxmafia.com) id 1oHtAX-0001P2-QB for balug-admin@lists.balug.org; Sat, 30 Jul 2022 13:34:41 -0700 Date: Sat, 30 Jul 2022 13:34:41 -0700 From: Rick Moen rick@linuxmafia.com To: balug-admin@lists.balug.org Message-ID: 20220730203441.GI13985@linuxmafia.com References: 20220726022507.GV13985@linuxmafia.com MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: 20220726022507.GV13985@linuxmafia.com Organization: If you lived here, you'd be $HOME already. X-Mas: Bah humbug. X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.5.20 (2009-06-14) X-SA-Exim-Connect-IP: <locally generated> X-SA-Exim-Mail-From: rick@linuxmafia.com X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false Received-SPF: pass client-ip=96.95.217.99; envelope-from=rick@linuxmafia.com; helo=linuxmafia.com Subject: Re: [BALUG-Admin] Spamtraps and http://www.uceprotect.net/en/rblcheck.php?ipr=96.86.170.229 X-BeenThere: balug-admin@lists.balug.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion among those who make BALUG work <balug-admin.lists.balug.org> List-Unsubscribe: https://lists.balug.org/cgi-bin/mailman/options/balug-admin, mailto:balug-admin-request@lists.balug.org?subject=unsubscribe List-Archive: https://lists.balug.org/pipermail/balug-admin/ List-Post: mailto:balug-admin@lists.balug.org List-Help: mailto:balug-admin-request@lists.balug.org?subject=help List-Subscribe: https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin, mailto:balug-admin-request@lists.balug.org?subject=subscribe Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: balug-admin-bounces@lists.balug.org Sender: "BALUG-Admin" balug-admin-bounces@lists.balug.org
----- End forwarded message -----