Closed benrfairless closed 3 weeks ago
@mlandauer any ideas with this one? I’m sure we are sending the messages, just not sure why they are being blocked.
Ah. This is likely to be a fun one. 😩 had a similar sounding problem on planningalerts which required a lot of digging into the depths of the latest email standards.
This is what happened on PlanningAlerts recently: https://www.oaf.org.au/2020/09/29/the-story-of-a-tiny-almost-invisible-change/
How easy would it be to route RTK email through Cuttlefish and enable DMARC?
— Ben Fairless
OpenAustralia Foundation
openaustralia | planningalerts | electionleaflets | righttoknow | theyvoteforyou | morph
--- original message --- On 1 December 2020, 9:04 am AWST notifications@github.com wrote:
This is what happened on PlanningAlerts recently: https://www.oaf.org.au/2020/09/29/the-story-of-a-tiny-almost-invisible-change/
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe. --- end of original message ---
Main reason not to send RTK email through Cuttlefish is that it will confuse the email delivery status stuff in RTK. So I think we just need to fix it at RTK whatever the problem is
Looking through the logs on righttoknow I can see things like:
Dec 1 15:58:18 ip-172-31-43-31 postfix/smtp[10287]: 2344042D02: to=<[redacted]@outlook.com>, relay=outlook-com.olc.protection.outlook.com[104.47.22.161]:25, delay=1.2, delays=0.01/0.01/0.89/0.26, dsn=5.7.1, status=bounced (host outlook-com.olc.protection.outlook.com[104.47.22.161] said: 550 5.7.1 Unfortunately, messages from [13.210.90.135] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB8EUR06FT038.eop-eur06.prod.protection.outlook.com] (in reply to MAIL FROM command))
I checked that we're not on any DNS email blacklists for the righttoknow server and that looks fine.
Apparently microsoft keep their own blacklists. Who knows why we would have been added to one but I guess that's the most likely thing going on here.
I think this might be to do with the fact we are emailing from an AWS IP Range.
Raised a Support Request: Support request number: SR1513555652
@mlandauer do we have a dedicated IP with AWS or is it dynamic?
I've also signed up with the Microsoft Junk Email Program. It's sent a request to abuse@righttoknow.org.au which someone will need to approve.
I didn't think we had an email address abuse@righttoknow.org.au - I might well be wrong about this. I'm pretty sure we have a postmaster@righttoknow.org.au which I think just gets sent to contact
Raised a Support Request: Support request number: SR1513555652
With AWS? I can't see the support request on our AWS dashboard. I'm confused!
@mlandauer do we have a dedicated IP with AWS or is it dynamic?
We have a dedicated external IP which is the one that righttoknow.org.au resolves to - 13.210.90.135
Sorry that SR is for Microsoft not for AWS.
@mlandauer can confirm we don't get emails sent to abuse@righttoknow or postmaster@righttoknow to the contact mailbox. I can't add these as I'm not an admin in the Google Console. If you can elevate my access I can do it, otherwise instructions are here: https://support.google.com/a/answer/33389?hl=en#
You can only create the abuse and postmaster groups using the Google Admin console, not in Google Groups (groups.google.com). When you create groups with the email address abuse or postmaster in the Admin console, you get the following message: "Settings weren't saved because an error occurred." Groups are still created, however, and they appear on the Groups list in the Google Admin console. Note that you can’t designate an individual user to use the abuse or postmaster email address. You can only set them up as groups.
Conversation with M$: https://app.frontapp.com/open/cnv_751arid
I didn't think we had an email address abuse@righttoknow.org.au - I might well be wrong about this. I'm pretty sure we have a postmaster@righttoknow.org.au which I think just gets sent to contact
Sorry @benrfairless I got my wires crossed. We don't have an postmaster@righttoknow.org.au email address. We do have a webmaster@righttoknow.org.au address which I have added you to using your oaf email address. Is that going to be enough?
Looking through the logs for this morning I'm seeing this:
Dec 10 10:32:17 ip-172-31-43-31 postfix/smtp[13423]: 7BBF43E940: to=<[redacted]@outlook.com>, relay=outlook-com.olc.protection.outlook.com[
104.47.56.161]:25, delay=2, delays=0.01/0/1.3/0.71, dsn=2.6.0, status=sent (250 2.6.0 <5fd15e7f76fc9_36ee2b1fe386de9470318@ip-172-31-43-31.mail> [
InternalId=48387101597447, Hostname=CO1NAM11HT169.eop-nam11.prod.protection.outlook.com] 8732 bytes in 0.275, 30.936 KB/sec Queued mail for delive
ry -> 250 2.1.5)
which looks to me like a successful delivery to an outlook.com email address. Is there any chance that M$ have removed us from their list today?
@ben I've also added a DMARC record for righttoknow.org.au which is only doing reporting for the moment. It's going to send analytics data to postmarkapp.com and they in turn will send a weekly digest email to webmaster@righttoknow.org.au which you should hopefully receive as well now.
@benrfairless any chance that you could somehow check whether things are now working for all people on outlook.com? I hope the one successfully delivered email is an indication that now all mail is getting through. :crossed_fingers:
We got a reply from Microsoft that they have fixed a delivery issue for the IP address. In my tests the emails are going through but going to junk. There is no reason why and I'm following up to find out.
@mlandauer We will need postmaster@ or abuse@ to register for the Microsoft program. Could we add the Front forwarding address to groups for webmaster@, postmaster@ and abuse@?
I have also signed up for the Microsoft Deliverability programs here: https://sendersupport.olc.protection.outlook.com/snds/index.aspx
I want to sign up to the Google one as well but it's asking me to verify domain ownership. Maybe I need to be added to the Google Search Console for OAF?
Of course, now that we are using DMARC I'm not sure if any of the above is even required....
This doesn't appear to be an issue any more. Closing
Refer to the Front email, and I've also tested with a test account.
Confirmed in both Staging and Production that the emails aren't getting through. Need to investigate why. Gmail looks like it's OK.