open-risk-data-dashboard icon indicating copy to clipboard operation
open-risk-data-dashboard copied to clipboard

Published 20 hours ago verified publisher icon GFDRR

Registration e-mail is received as a SPAM

Open thom4parisot opened this issue 7 years ago • 5 comments

Headers content

X-Spam-known-sender: no
Subject: {SPAM 05.5} Open Data for Resilience Index: registration for user oncletom
X-Spam: spam
X-Spam-score: 5.5
X-Spam-hits: HTML_FONT_LOW_CONTRAST 0.001, HTML_IMAGE_RATIO_04 0.61, HTML_MESSAGE 0.001,
	  KHOP_DYNAMIC 1.997, ME_NOAUTH 0.01, MIME_HTML_ONLY 1.105,
	  SPF_HELO_SOFTFAIL 0.896, SPF_SOFTFAIL 0.972, LANGUAGES en,
	  BAYES_USED none, SA_VERSION 3.4.0
X-Backscatter: NotFound1
X-Backscatter-Hosts: 
X-Spam-source: IP='195.201.219.176', Host='static.176.219.201.195.clients.your-server.de'

It's likely the host sending the e-mail SPF and DKIM DNS settings are not aligned properly. Thus e-mail servers think the e-mail is sent by rogue machines.

I still have to investigate a clearer path to resolution.

Via @pzwsk, taken from #147.

thom4parisot avatar Sep 25 '18 14:09 thom4parisot 

Received-SPF: softfail
    (index.opendri.org: Sender is not authorized by default to use '[email protected]' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched))
    receiver=mx2.messagingengine.com;
    identity=mailfrom;
    envelope-from="[email protected]";
    helo=index.opendri.org;
    client-ip=195.201.219.176

Looks like there is something to investigate on how SPF DNS records work.

thom4parisot avatar Oct 09 '18 17:10 thom4parisot

This is something I can check. Emails are sent using the wrong IP address (VM address instead of the floating one that has a proper SPF record and a good rDNS)

daniviga avatar Oct 12 '18 08:10 daniviga

Issue should be fixed now (and IPv6 is also available now):

Received: from index.opendri.org (index.opendri.org. [2a01:4f8:1c0c:804e::1])
        by mx.google.com with ESMTP id s80-v6si679925wme.133.2018.10.12.01.56.11
        for <[email protected]>;
        Fri, 12 Oct 2018 01:56:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 2a01:4f8:1c0c:804e::1 as permitted sender) client-ip=2a01:4f8:1c0c:804e::1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 2a01:4f8:1c0c:804e::1 as permitted sender) [email protected]

As you can see SPF passes and also the IP is correctly resolved via reverse DNS to index.opendri.org (instead of xxx.clients.your-server.de) I sent a custom test email, so I would ask you to check if it is also OK with a 'production' mail.

Change was:

smtp_bind_address = 195.201.44.103

in /etc/postfix/main.cf

daniviga avatar Oct 12 '18 08:10 daniviga

Amazing, thank you @daniviga!

I have not received any test email registered with my account (oncletom) but I'm glad you found out how to fix this. Thank you also for the documented answer 🙂

thom4parisot avatar Oct 12 '18 18:10 thom4parisot

I asked for a password reset and I can confirm the SPAM score is significantly lower and the SPF SPAM score is not not weighing anymore.

The issue is solved on my side of things 👍

thom4parisot avatar Oct 12 '18 19:10 thom4parisot