search

greasyfork-org / greasyfork

An online repository of user scripts.
https://greasyfork.org
GNU General Public License v3.0
1.41k stars 423 forks source link

Some users can't receive emails from Greasy Fork #1199

Closed JasonBarnabe closed 7 months ago

JasonBarnabe commented 8 months ago

Gathering info on what exactly is failing.

JasonBarnabe commented 8 months ago

From #1198

Oct 18 21:46:47 mail sm-mta[1835663]: STARTTLS=client, relay=mail2.anonaddy.me., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: to=<s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>, delay=00:00:09, xdelay=00:00:09, mailer=esmtp, pri=120643, relay=mail2.anonaddy.me. [IPv6:2a04:3544:8000:1000:e8b5:6ff:fe29:56c], dsn=5.7.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: to=<noreply@greasyfork.org>, delay=00:00:09, mailer=local, pri=120643, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: to=postmaster, delay=00:00:09, mailer=local, pri=120643, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: 39ILkmR61835663: postmaster notify: User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: to=postmaster, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: 39ILkmR71835663: return to sender: User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR71835663: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: Saved message in /var/lib/sendmail/dead.letter

Bounce message:

From MAILER-DAEMON Wed Oct 18 21:46:48 2023
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
        by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) id 39ILkmR61835663;
        Wed, 18 Oct 2023 21:46:48 GMT
Date: Wed, 18 Oct 2023 21:46:48 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <202310182146.39ILkmR61835663@mail.greasyfork.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="39ILkmR61835663.1697665608/mail.greasyfork.org"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)

This is a MIME-encapsulated message

--39ILkmR61835663.1697665608/mail.greasyfork.org

The original message was received at Wed, 18 Oct 2023 21:46:39 GMT
from mail.greasyfork.org [127.0.0.1]
with id 39ILkdR61835642

   ----- The following addresses had permanent fatal errors -----
<s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>
    (reason: 550 5.7.1 Service unavailable; client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org)

   ----- Transcript of session follows -----
... while talking to mail2.anonaddy.me.:
>>> RCPT To:<s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>
<<< 550 5.7.1 Service unavailable; client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org
550 5.1.1 <s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>... User unknown
>>> DATA
<<< 554 5.5.1 Error: no valid recipients
451 4.4.1 reply: read error from mail2.anonaddy.me.
550 5.1.1 <noreply@greasyfork.org>... User unknown
550 5.1.1 postmaster... User unknown

--39ILkmR61835663.1697665608/mail.greasyfork.org
Content-Type: message/delivery-status

Reporting-MTA: dns; mail.greasyfork.org
Received-From-MTA: DNS; mail.greasyfork.org
Arrival-Date: Wed, 18 Oct 2023 21:46:39 GMT

Final-Recipient: RFC822; s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; mail2.anonaddy.me
Diagnostic-Code: SMTP; 550 5.7.1 Service unavailable; client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org
Last-Attempt-Date: Wed, 18 Oct 2023 21:46:48 GMT

--39ILkmR61835663.1697665608/mail.greasyfork.org
Content-Type: text/rfc822-headers

Return-Path: <noreply@greasyfork.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greasyfork.org;
        s=default; t=1697665599;
        bh=JC28450rGzhEk07qPKrkt4X+Y1feTx4tJD0/NYY0dc0=;
        h=Date:From:Reply-To:To:Subject:From;
        b=dlqcREb5yiIdt1qXqTzd3mjzW15yVdMDLgxqQNhClgcpuwF5ExZzEmkQy9xLF5Z2U
         7gR3UlSg9Hzn/iAxx7EYRnT6GyhvxblDXLINEUBXCVvTgFtGI8uLHoSEGNX/Z9w7Ht
         O/EP1uU71wcN6X6/cwQ5lB2NnwRnXLgvR4v7vRlvgcNRz8UpjP2f2hne8JtobWgzmb
         17StUCilG0TSr6mV3yXTJ0ITYHQQTF++j+YhwAgpCHd/apcUbJlDC68f5yIMkjzw5d
         2boj78Jq1QnghqTmwzG0tNZVXnQcxhRs1EmixySKIJ16e7gUOH1Bb8QrHIuDnYKqWN
         KWbGMEA5TnL0Q==
Received: from localhost.localdomain (mail.greasyfork.org [127.0.0.1])
        by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) with ESMTP id 39ILkdR61835642
        for <s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>; Wed, 18 Oct 2023 21:46:39 GMT
Date: Wed, 18 Oct 2023 21:46:39 +0000
From: Greasy Fork <noreply@greasyfork.org>
Reply-To: noreply@greasyfork.org
To: s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com
Message-ID: <6530523f226d8_1b4e0c1b940055@riker.mail>
Subject: Confirmation instructions
Mime-Version: 1.0
Content-Type: text/html;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

--39ILkmR61835663.1697665608/mail.greasyfork.org--

Pertinent portion appears to be

client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org

JasonBarnabe commented 8 months ago

From https://greasyfork.org/en/discussions/greasyfork/203868-no-notification-emails-are-sent, a log from a receiving server:

un 2023-10-01 03:13:55: [6144:1] Session 6144; child 1; thread 0
Sun 2023-10-01 03:13:55: [6144:1] Accepting SMTP connection from [xx.xx.xx.xx:34306] to [xx.xx.xx.xx:25]
Sun 2023-10-01 03:13:55: [6144:1] --> 220 xxx.xxx.xxx ESMTP MDaemon 11.0.2; Sun, 01 Oct 2023 03:13:55 -0400
Sun 2023-10-01 03:13:55: [6144:1] <-- EHLO [mail.greasyfork.org](http://mail.greasyfork.org/)
Sun 2023-10-01 03:13:55: [6144:1] EHLO/HELO response delayed 1 seconds
Sun 2023-10-01 03:13:56: [6144:1] --> 250-xxx.xxx.xxx Hello [mail.greasyfork.org](http://mail.greasyfork.org/), pleased to meet you
Sun 2023-10-01 03:13:56: [6144:1] --> 250-ETRN
Sun 2023-10-01 03:13:56: [6144:1] --> 250-AUTH=LOGIN
Sun 2023-10-01 03:13:56: [6144:1] --> 250-AUTH LOGIN CRAM-MD5
Sun 2023-10-01 03:13:56: [6144:1] --> 250-8BITMIME
Sun 2023-10-01 03:13:56: [6144:1] --> 250-STARTTLS
Sun 2023-10-01 03:13:56: [6144:1] --> 250 SIZE
Sun 2023-10-01 03:13:56: [6144:1] <-- STARTTLS
Sun 2023-10-01 03:13:56: [6144:1] --> 220 Begin TLS negotiation
Sun 2023-10-01 03:13:56: [6144:1] * SSL error 0x80090302 The function requested is not supported
Sun 2023-10-01 03:13:56: [6144:1] SMTP session terminated (Bytes in/out: 332/3527)
JasonBarnabe commented 8 months ago

From an email request:

Oct 17 20:20:50 mail sm-mta[2569455]: STARTTLS=client, relay=mx2.mailbox.org., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: to=<redacted@mailbox.org>, delay=00:00:03, xdelay=00:00:02, mailer=esmtp, pri=120586, relay=mx2.mailbox.org. [IPv6:2001:67c:2050:104:0:2:25:1], dsn=5.7.1, stat=Service unavailable
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: to=<noreply@greasyfork.org>, delay=00:00:03, mailer=local, pri=120586, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: to=postmaster, delay=00:00:03, mailer=local, pri=120586, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: 39HKKpvR2569455: postmaster notify: User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: to=postmaster, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: 39HKKpvS2569455: return to sender: User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvS2569455: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: Saved message in /var/lib/sendmail/dead.letter

Bounce email:

From MAILER-DAEMON Tue Oct 17 20:20:51 2023
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
        by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) id 39HKKpvR2569455;
        Tue, 17 Oct 2023 20:20:51 GMT
Date: Tue, 17 Oct 2023 20:20:51 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <202310172020.39HKKpvR2569455@mail.greasyfork.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="39HKKpvR2569455.1697574051/mail.greasyfork.org"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)

This is a MIME-encapsulated message

--39HKKpvR2569455.1697574051/mail.greasyfork.org

The original message was received at Tue, 17 Oct 2023 20:20:48 GMT
from mail.greasyfork.org [127.0.0.1]
with id 39HKKmvR2569435

   ----- The following addresses had permanent fatal errors -----
<redacted@mailbox.org>
    (reason: 554 5.7.1 Service unavailable; Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS)

   ----- Transcript of session follows -----
... while talking to mx2.mailbox.org.:
>>> DATA
<<< 554 5.7.1 Service unavailable; Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients
550 5.1.1 <noreply@greasyfork.org>... User unknown
550 5.1.1 postmaster... User unknown

--39HKKpvR2569455.1697574051/mail.greasyfork.org
Content-Type: message/delivery-status

Reporting-MTA: dns; mail.greasyfork.org
Received-From-MTA: DNS; mail.greasyfork.org
Arrival-Date: Tue, 17 Oct 2023 20:20:48 GMT

Final-Recipient: RFC822; redacted@mailbox.org
Action: failed
Status: 5.7.1
Remote-MTA: DNS; mx2.mailbox.org
Diagnostic-Code: SMTP; 554 5.7.1 Service unavailable; Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS
Last-Attempt-Date: Tue, 17 Oct 2023 20:20:51 GMT

--39HKKpvR2569455.1697574051/mail.greasyfork.org
Content-Type: text/rfc822-headers

Return-Path: <noreply@greasyfork.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greasyfork.org;
        s=default; t=1697574048;
        bh=qMlpziykcqbQiWddQraM3/Zmfy6SX6E8CzULws7GPaQ=;
        h=Date:From:To:Subject:From;
        b=GUl9RBiLW61gHx1888E9xGWFs3VYabJ0ubt6FBzLXpo2mAxtuqHqbAgxJO340rHEN
         v8qoSSJiFJs5F3dANVtjXoxyK9pvgF1ono5cXfE0HNRP6LDuGxkeI9t6pEGZF8SP2b
         zyAFT7qmbXtOeu/ASTdtGcTmAfvEUo01smREjfVIJ/KMv4OvxWPMczzzIDpbBAgkU2
         jC8KmiHefweTgDZD73CstkQkfTQCpfFiP0PlLXBf/Yq+Hev8V3Rre790F2VDvFdepE
         z8d9XaqVdrK0HH0im64WSdzFmeoZrG9A3cil91STrtaG+tRGg7oavuqehNkCzx8wlK
         5//zcbzwHte3A==
Received: from localhost.localdomain (mail.greasyfork.org [127.0.0.1])
        by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) with ESMTP id 39HKKmvR2569435
        for <redacted@mailbox.org>; Tue, 17 Oct 2023 20:20:48 GMT
Date: Tue, 17 Oct 2023 20:20:48 +0000
From: Greasy Fork <noreply@greasyfork.org>
To: (redacted)@mailbox.org
Message-ID: <652eeca09f4e9_2558d513420579c7@riker.mail>
Subject: Sleazy Fork account delete confirmation
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit

Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS

Why was this IP listed?

2600:3c01::/64 is making SMTP connections with HELO values that use a bare IP address. This behavior is commonly associated with various botnets, and is a violation of the SMTP protocol as defined in RFC2821/5321 section 4.1.1.1.

The most recent detection(s):

(IP, UTC timestamp, HELO value)

2600:3c01::f03c:93ff:fe42:f60e 2023-10-18 13:30:00 74-207-240-164

JasonBarnabe commented 8 months ago

Some potential leads:

http://www.isnotspam.com says DKIM is failing.

Result: fail ID(s) verified: header.From=noreply@greasyfork.org Selector= domain= DomainKeys DNS Record=._domainkey.

X-DKIM-Status: fail (bodyhash_mismatch)

However, Gmail says DKIM is fine.

Spamhaus says

2600:3c01::/64 is making SMTP connections with HELO values that use a bare IP address. This behavior is commonly associated with various botnets, and is a violation of the SMTP protocol as defined in RFC2821/5321 section 4.1.1.1.

The most recent detection(s):

(IP, UTC timestamp, HELO value)

2600:3c01::f03c:93ff:fe42:f60e 2023-10-18 13:30:00 74-207-240-164

(According to an IP lookup, 74-207-240-164 is a Linode address but doesn't seem to be one I control.)

While isnotspam.com says

HELO hostname: 192-155-83-16.ip.linodeusercontent.com

JasonBarnabe commented 8 months ago

Added a DMARC record, trying to get incoming email to work so I can get reports. Added postfix to handle it, which also took over outgoing email duties from sendmail, but then outgoing emails broke due to

OpenSSL::SSL::SSLError

SSL_connect returned=1 errno=0 peeraddr=[::1]:25 state=error: certificate verify failed (hostname mismatch) (OpenSSL::SSL::SSLError)

Possibly because postfix works over TLS and sendmail doesn't, and with Rails's default enable_starttls_auto=>true, it tried to use TLS, but there was no proper certificate on the server.

Since only my own servers have access to send email, I think we can skip certificate verification with `openssl_verify_mode => 'none'.

JasonBarnabe commented 8 months ago

Re-enabled postfix with openssl_verify_mode: OpenSSL::SSL::VERIFY_NONE to avoid failures due to the self-signed certificates. Verified email goes out - passes SPF but no result for DKIM now. Verify incoming email works (to receive DMARC reports).

JasonBarnabe commented 8 months ago

Re-enabled DKIM with Postfix.

JasonBarnabe commented 8 months ago

mail-tester.com now says rDNS is good and the authentication tests all pass.

JasonBarnabe commented 8 months ago

Remaining (known) tasks:

JasonBarnabe commented 8 months ago

New IPv6 range is now in use.

JasonBarnabe commented 8 months ago

From a Hotmail account:


Oct 30 05:39:28 mail postfix/smtp[2668286]: 49204A2876: to=<redacted@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.17.97]:25, delay=1.2, delays=0.09/0/0.96/0.13, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.17.97] said: 550 5.7.1 Unfortunately, messages from [192.155.83.16] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB8EUR05FT031.eop-eur05.prod.protection.outlook.com 2023-10-30T05:39:28.426Z 08DBD88ACE532CFB] (in reply to MAIL FROM command))```
JasonBarnabe commented 8 months ago

Reviewing DMARC results:

My only concern here are the gmail.com DKIM fails for 2600:3c01:e000:8f7::1. This may have just been while this was getting set up. Will wait for the next report to see if it's still an issue.

The rest of the IPs are not mine and failures are expected.

JasonBarnabe commented 8 months ago

Latest DKIM results from Gmail are fine, changed DMARC from "none" to "quarantine". Will change to "reject" in about a week if no problems are found.

JasonBarnabe commented 7 months ago

DMARC is now set to "reject".

JasonBarnabe commented 7 months ago

Last known failure is with Microsoft email address like outlook.com, live.com, and hotmail.com.

Nov 24 21:48:25 mail postfix/smtp[4114583]: 98934A28A9: to=<greasyforktest@outlook.com>, relay=outlook-com.olc.protection.outlook.com[104.47.14.33]:25, delay=4.2, delays=0.1/0.01/3.9/0.16, dsn=5.7.1, status=bounced (host outlook-com.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1 Unfortunately, messages from [192.155.83.16] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR04FT031.eop-eur04.prod.protection.outlook.com 2023-11-24T21:48:25.710Z 08DBE2D1B3E6A724] (in reply to MAIL FROM command))

Submitted a support ticket at https://olcsupport.office.com/ but not that confident that it'll fix things.

williamdes commented 7 months ago

Submitted a support ticket at https://olcsupport.office.com/ but not that confident that it'll fix things.

They are stupid people, it gets patience to be unblocked. And some day they just block you back. Small ISP here and I am fighting each every months to have 2-3 IPs allowed. Anyway, good luck.. 💪🏻

They reply "Nothing was detected to prevent your mail from reaching Outlook.com customers. Please follow the instructions below." now and "As stated previously, I do not see anything offhand that would be preventing your mail from reaching our customers for the following IP (.....)"

JasonBarnabe commented 7 months ago

Yup, got the "Nothing was detected" message back, now gotta argue with a real person I guess.

williamdes commented 7 months ago

Let me know if you find a wording that makes them answer something else

Seems like it's a stupid IA

JasonBarnabe commented 7 months ago

They have "implemented mitigation" which may take 24-48 hours.

williamdes commented 7 months ago

They have "implemented mitigation" which may take 24-48 hours.

Lucky day!

What did you send to trigger such a reply?

JasonBarnabe commented 7 months ago

This is all I sent:

When my server at 192.155.83.16 sends email to outlook.com addresses, I get this error:

Nov 24 21:48:25 mail postfix/smtp[4114583]: 98934A28A9: to=[greasyforktest@outlook.com](mailto:greasyforktest@outlook.com), relay=outlook-com.olc.protection.outlook.com[104.47.14.33]:25, delay=4.2, delays=0.1/0.01/3.9/0.16, dsn=5.7.1, status=bounced (host outlook-com.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1 Unfortunately, messages from [192.155.83.16] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR04FT031.eop-eur04.prod.protection.outlook.com 2023-11-24T21:48:25.710Z 08DBE2D1B3E6A724] (in reply to MAIL FROM command))

I would like to be removed from this block list.

JasonBarnabe commented 7 months ago

Confirmed sending to outlook.com works. No known problems remain, so closing.

williamdes commented 7 months ago

I started using tools like https://github.com/anson-vandoren/mailfeed or https://github.com/eduardostuart/paperboy

To send my daily emails on Microsoft and ensure my IP does not get blocked because I do lot have enough volume sent to them That's for now my conclusion, keep sending or in some months the ip will get blocked back

williamdes commented 7 months ago

If you are interested, you can setup this too and send emails to my address and I will read them to ensure bots do not spam flag them