[BALUG-Admin] (forw) Bounce action notification

Rick Moen rick@linuxmafia.com
Sat Jul 30 21:58:20 UTC 2022 

It took me a moment to figure this out, because I was in a security talk
at SCaLE 19x and was distracted.

Hoover Chan did something that many people think is a good idea, but is
not:  Hoover subscribed "hchan@mail.ewind.com" but set that mailbox to
forward to his GMail mailbox, hoover.chan@gmail.com .  

Hoover, sorry, in 2022 you can no longer do mail forwarding with wild
abandon, because of increasing deployment of anti-forgery blocking
technologies (SPF and DMARC).

In this case, my posting to balug-admin was processed by list.balug.org
and re-mailed to all subscribers including your hchan@mail.ewind.com .
Host nephoscale.ewind.com (IP 198.89.112.140) tried re-lobbing your
subscriber copy to GMail, which rejected it because IP 198.89.112.140 
is not a permitted originator for mail from domain balug.org, i.e., 
that IP as an SMTP source violates balug.org's SPF and DMARC
declarations.

I am deleting your subscriptions of hchan@mail.ewind.com from
balug-admin and from any other BALUG mailing list it might be on.
(I haven't yet checked the other three.)  I will also have Mailman
send an "invitation" to quick-subscribe Hoover Chan <hoover.chan@gmail.com> ,
if you so wish.

Please review your subscriptions to any _other_ mailing lists, and stop
relying on hchan@mail.ewind.com -> hoover.chan@gmail.com forwarding.
You really cannot rely on that, any more.  TY.

-- Rick Moen
   for the BALUG sysadmin team


----- Forwarded message from mailman@lists.balug.org -----

Date: Sat, 30 Jul 2022 20:35:00 +0000
From: mailman@lists.balug.org
To: balug-admin-owner@lists.balug.org
Subject: Bounce action notification
X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,MAILING_LIST_MULTI,
	NO_REAL_NAME,SPF_PASS,T_TVD_MIME_NO_HEADERS autolearn=ham version=3.3.1

This is a Mailman mailing list bounce action notice:

    List:       BALUG-Admin
    Member:     hchan@mail.ewind.com
    Action:     Subscription disabled.
    Reason:     Excessive or fatal bounces.
    


The triggering bounce notice is attached below.

Questions? Contact the Mailman site administrator at
mailman@lists.balug.org.

Received: from static-198.89.112.140.nephohosting.com ([198.89.112.140] helo=nephoscale.ewind.com)
	by balug-sf-lug-v2.balug.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	id 1oHtAp-00053A-No
	for balug-admin-bounces@lists.balug.org; Sat, 30 Jul 2022 20:34:59 +0000
Received: from localhost (localhost)
	by nephoscale.ewind.com (8.14.4/8.14.4) id 26UKUlVD005544;
	Sat, 30 Jul 2022 13:30:47 -0700
Date: Sat, 30 Jul 2022 13:30:47 -0700
From: Mail Delivery Subsystem <MAILER-DAEMON@nephoscale.ewind.com>
Message-Id: <202207302030.26UKUlVD005544@nephoscale.ewind.com>
To: <balug-admin-bounces@lists.balug.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="26UKUlVD005544.1659213047/nephoscale.ewind.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Received-SPF: none client-ip=198.89.112.140; helo=nephoscale.ewind.com

The original message was received at Sat, 30 Jul 2022 13:30:41 -0700
from balug.org [96.86.170.229]

   ----- The following addresses had permanent fatal errors -----
hoover.chan@gmail.com
    (reason: 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both)
    (expanded from: <hchan@mail.ewind.com>)

   ----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
<<< 550-5.7.26 do not pass). SPF check for [lists.balug.org] does not pass with ip:
<<< 550-5.7.26 [198.89.112.140].To best protect our users from spam, the message
<<< 550-5.7.26 has been blocked. Please visit
<<< 550-5.7.26  https://support.google.com/mail/answer/81126#authentication for more
<<< 550 5.7.26 information. f5-20020a62db05000000b0052c708707dbsi7062217pfg.121 - gsmtp
554 5.0.0 Service unavailable

Reporting-MTA: dns; nephoscale.ewind.com
Received-From-MTA: DNS; balug.org
Arrival-Date: Sat, 30 Jul 2022 13:30:41 -0700

Final-Recipient: RFC822; hchan@mail.ewind.com
X-Actual-Recipient: RFC822; hoover.chan@gmail.com
Action: failed
Status: 5.7.26
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both
Last-Attempt-Date: Sat, 30 Jul 2022 13:30:42 -0700

Return-Path: <balug-admin-bounces@lists.balug.org>
Received: from balug-sf-lug-v2.balug.org (balug.org [96.86.170.229])
	by nephoscale.ewind.com (8.14.4/8.14.4) with ESMTP id 26UKUfVD005543
	for <hchan@mail.ewind.com>; Sat, 30 Jul 2022 13:30:41 -0700
Received: from localhost ([127.0.0.1] helo=balug.org)
	by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92)
	(envelope-from <balug-admin-bounces@lists.balug.org>)
	id 1oHtAc-00052G-8o; Sat, 30 Jul 2022 20:34:46 +0000
Received: from linuxmafia.com ([96.95.217.99])
 by balug-sf-lug-v2.balug.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.92) (envelope-from <rick@linuxmafia.com>) id 1oHtAZ-000526-W5
 for balug-admin@lists.balug.org; Sat, 30 Jul 2022 20:34:44 +0000
Received: from rick by linuxmafia.com with local (Exim 4.72)
 (envelope-from <rick@linuxmafia.com>) id 1oHtAX-0001P2-QB
 for balug-admin@lists.balug.org; Sat, 30 Jul 2022 13:34:41 -0700
Date: Sat, 30 Jul 2022 13:34:41 -0700
From: Rick Moen <rick@linuxmafia.com>
To: balug-admin@lists.balug.org
Message-ID: <20220730203441.GI13985@linuxmafia.com>
References: <20220726022507.GV13985@linuxmafia.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20220726022507.GV13985@linuxmafia.com>
Organization: If you lived here, you'd be $HOME already.
X-Mas: Bah humbug.
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: rick@linuxmafia.com
X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false
Received-SPF: pass client-ip=96.95.217.99; envelope-from=rick@linuxmafia.com;
 helo=linuxmafia.com
Subject: Re: [BALUG-Admin] Spamtraps and
 http://www.uceprotect.net/en/rblcheck.php?ipr=96.86.170.229
X-BeenThere: balug-admin@lists.balug.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion among those who make BALUG work
 <balug-admin.lists.balug.org>
List-Unsubscribe: <https://lists.balug.org/cgi-bin/mailman/options/balug-admin>, 
 <mailto:balug-admin-request@lists.balug.org?subject=unsubscribe>
List-Archive: <https://lists.balug.org/pipermail/balug-admin/>
List-Post: <mailto:balug-admin@lists.balug.org>
List-Help: <mailto:balug-admin-request@lists.balug.org?subject=help>
List-Subscribe: <https://lists.balug.org/cgi-bin/mailman/listinfo/balug-admin>, 
 <mailto:balug-admin-request@lists.balug.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: balug-admin-bounces@lists.balug.org
Sender: "BALUG-Admin" <balug-admin-bounces@lists.balug.org>



----- End forwarded message -----

More information about the BALUG-Admin mailing list