www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <t...@pc-tony.com>
Subject Re: Nabble Archive emails to MLs rejected due to SPF check
Date Tue, 12 Aug 2014 13:53:39 GMT

> On 12 Aug 2014, at 14:42, Robert Metzger <rmetzger@apache.org> wrote:
> 
> Hi,
> 
> I recently noticed that users tried to ask questions on our mailing list (
> user@flink.incubator.apache.org) through the nabble mailing list archive (
> http://apache-flink-incubator-user-mailing-list-archive.2336050.n4.nabble.com/),
> but the mails never showed up at our mailing list.
> It seems that Nabble is sending the mails from their servers, on behalf of
> the user, using the user's email address.
> 
> I tried replying to our mailing list from a @web.de email address, and got
> the following error:
> 
> This message was created automatically by mail delivery software.
>> A message that you sent could not be delivered to one or more of its
>> recipients. This is a permanent error. The following address(es) failed:
>>  dev@flink.incubator.apache.org
>>    SMTP error from remote mail server after RCPT TO:<
>> dev@flink.incubator.apache.org>:
>>    host mx1.us.apache.org [140.211.11.136]: 550 SPF forgery:
>>    Please see
>> http://www.openspf.org/why.html?sender=metzgerr%40web.de&ip=216.139.236.26&receiver=athena.apache.org
>> ------ This is a copy of the message, including all the headers. ------
>> Return-path: <metzgerr@web.de>
>> Received: from ben.nabble.com ([192.168.236.152])
>>        by sam.nabble.com with esmtp (Exim 4.72)
>>        (envelope-from <metzgerr@web.de>)
>>        id 1XGQ79-00009o-1D
>>        for dev@flink.incubator.apache.org; Sun, 10 Aug 2014 03:12:35
>> -0700
>> Date: Sun, 10 Aug 2014 03:12:35 -0700 (PDT)
>> From: rmetzger <metzgerr@web.de>
>> To: dev@flink.incubator.apache.org
>> Message-ID: <1407665555031-1345.post@n3.nabble.com>
>> In-Reply-To: <1406710888004-1255.post@n3.nabble.com>
>> References: <1406710888004-1255.post@n3.nabble.com>
>> Subject: Re: How to use ShipStrategy BroadCast
> 
> 
> Would it be possible to "whitelist" nabble.com for sending mails on behalf
> of their user’s?

No sorry. This would be a dangerous strategy IMO. This would mean ignoring all defences put
in place by the admins for $DOMAIN, and just accepting mail as coming from that domain via
a list of $OTHER_SERVICE.

> At least one other Apache project also noticed the issue:
> http://mail-archives.apache.org/mod_mbox/cxf-users/201406.mbox/%3CDC3F5CBB3E66D44FBF12357ADC2471F257B471%40CBR1PEXC03.production.prod%3E
> Here is another example:
> http://ofbiz.135035.n4.nabble.com/Internal-Server-Error-Trunk-Demo-Management-Apps-td1475202.html
> (See second message)
> 
> 
> Regards,
> Robert


Cheers,
Tony

----------------------------------
Tony Stevenson

tony@pc-tony.com
pctony@apache.org

http://www.pc-tony.com

GPG - 1024D/51047D66
----------------------------------







Mime
View raw message