search

GFDRR / open-risk-data-dashboard

Repository for the Open Data for Resilience Index, a website to track and improve the state of Open Data for Resilience worldwide.
https://index.opendri.org
GNU Lesser General Public License v3.0
23 stars 8 forks source link

Registration e-mail is received as a SPAM #160

Open thom4parisot opened 5 years ago

thom4parisot commented 5 years ago

Headers content

X-Spam-known-sender: no
Subject: {SPAM 05.5} Open Data for Resilience Index: registration for user oncletom
X-Spam: spam
X-Spam-score: 5.5
X-Spam-hits: HTML_FONT_LOW_CONTRAST 0.001, HTML_IMAGE_RATIO_04 0.61, HTML_MESSAGE 0.001,
      KHOP_DYNAMIC 1.997, ME_NOAUTH 0.01, MIME_HTML_ONLY 1.105,
      SPF_HELO_SOFTFAIL 0.896, SPF_SOFTFAIL 0.972, LANGUAGES en,
      BAYES_USED none, SA_VERSION 3.4.0
X-Backscatter: NotFound1
X-Backscatter-Hosts: 
X-Spam-source: IP='195.201.219.176', Host='static.176.219.201.195.clients.your-server.de'

It's likely the host sending the e-mail SPF and DKIM DNS settings are not aligned properly. Thus e-mail servers think the e-mail is sent by rogue machines.

I still have to investigate a clearer path to resolution.

Via @pzwsk, taken from #147.

thom4parisot commented 5 years ago 
Received-SPF: softfail
    (index.opendri.org: Sender is not authorized by default to use 'noreply@index.opendri.org' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched))
    receiver=mx2.messagingengine.com;
    identity=mailfrom;
    envelope-from="noreply@index.opendri.org";
    helo=index.opendri.org;
    client-ip=195.201.219.176

Looks like there is something to investigate on how SPF DNS records work.

daniviga commented 5 years ago

This is something I can check. Emails are sent using the wrong IP address (VM address instead of the floating one that has a proper SPF record and a good rDNS)

daniviga commented 5 years ago

Issue should be fixed now (and IPv6 is also available now):

Received: from index.opendri.org (index.opendri.org. [2a01:4f8:1c0c:804e::1])
        by mx.google.com with ESMTP id s80-v6si679925wme.133.2018.10.12.01.56.11
        for <daniele.vigano@globalquakemodel.org>;
        Fri, 12 Oct 2018 01:56:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@index.opendri.org designates 2a01:4f8:1c0c:804e::1 as permitted sender) client-ip=2a01:4f8:1c0c:804e::1;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of noreply@index.opendri.org designates 2a01:4f8:1c0c:804e::1 as permitted sender) smtp.mailfrom=noreply@index.opendri.org

As you can see SPF passes and also the IP is correctly resolved via reverse DNS to index.opendri.org (instead of xxx.clients.your-server.de) I sent a custom test email, so I would ask you to check if it is also OK with a 'production' mail.

Change was:

smtp_bind_address = 195.201.44.103

in /etc/postfix/main.cf

thom4parisot commented 5 years ago

Amazing, thank you @daniviga!

I have not received any test email registered with my account (oncletom) but I'm glad you found out how to fix this. Thank you also for the documented answer 🙂

thom4parisot commented 5 years ago

I asked for a password reset and I can confirm the SPAM score is significantly lower and the SPF SPAM score is not not weighing anymore.

The issue is solved on my side of things 👍