I regularly receive notices such as this one: “ From: gcc-cvs-request@gcc.gnu.org Subject: confirm 21b5183595835e57a9f69d008b4b03889d4d8b91 To: fweimer@redhat.com Date: Fri, 23 Jun 2023 20:14:53 +0000 (2 days, 10 hours, 15 minutes ago) Message-ID: <mailman.370.1687551293.1980521.gcc-cvs@gcc.gnu.org> Your membership in the mailing list Gcc-cvs has been disabled due to excessive bounces The last bounce received from you was dated 23-Jun-2023. You will not get any more messages from this list until you re-enable your membership. You will receive 3 more reminders like this before your membership in the list is deleted. To re-enable your membership, you can simply respond to this message (leaving the Subject: line intact), or visit the confirmation page at […] ” Could you provide copies of some of the bounce messages, so that I have something report to Red Hat's IT team? Thanks.
Last 5 bounces from your address for messages to gcc-cvs. You can lookup the actual messages using the message-id at https://inbox.sourceware.org/message-id (without the <>) Jun 22 00:17:35 server2 postfix/cleanup[1465874]: 6C2143858D28: message-id=<20230622001731.01DBD3858D28@sourceware.org> Jun 22 00:17:39 server2 postfix/smtp[1494132]: 6C2143858D28: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[205.139.110.242]:25, delay=3.1, delays=1.5/0/0.33/1.3, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[205.139.110.242] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [OMffJKnENt-jHgLbxJmymQ.us252] (in reply to end of DATA command)) Jun 24 00:17:25 server2 postfix/cleanup[287778]: B06963857704: message-id=<20230624001721.CC60C3858C3A@sourceware.org> Jun 24 00:17:27 server2 postfix/smtp[287799]: B06963857704: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[205.139.110.221]:25, delay=1.6, delays=0.09/0.03/0.18/1.3, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[205.139.110.221] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [JQKHnL3mOiyaJcC7rM06yQ.us342] (in reply to end of DATA command)) Jun 24 00:50:09 server2 postfix/cleanup[364844]: 683C73858280: message-id=<20230624005004.12F563858C3A@sourceware.org> Jun 24 00:50:10 server2 postfix/smtp[367779]: 683C73858280: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[207.211.30.242]:25, delay=0.77, delays=0.09/0/0.21/0.48, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[207.211.30.242] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [me9DxAtMP8GsF7Mr-iChBg.us625] (in reply to end of DATA command)) Jun 25 00:17:21 server2 postfix/cleanup[3167396]: B44613858412: message-id=<20230625001708.5B7633858C62@sourceware.org> Jun 25 00:17:23 server2 postfix/smtp[3173352]: B44613858412: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[205.139.110.141]:25, delay=0.88, delays=0.09/0.02/0.19/0.57, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[205.139.110.141] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [xJbJfJiOOnSg8oGAoutBXA.us580] (in reply to end of DATA command)) Jun 26 00:17:56 server2 postfix/cleanup[3933939]: 215B03858415: message-id=<20230626001751.AD88C3858D20@sourceware.org> maillog:Jun 26 00:17:57 server2 postfix/smtp[3952116]: 215B03858415: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[205.139.110.221]:25, delay=0.91, delays=0.09/0.02/0.29/0.51, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[205.139.110.221] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [plr9XUmcMt-7i2ar0u0zbQ.us618] (in reply to end of DATA command))
Thank you. I conveyed this data to the Red Hat It team under INC2656812. I looked at my own logs, and one optimization you could make is to set the outgoing EHLO argument to match what the PTR record says (it's currently sourceware.org, while the PTR record says server2.sourceware.org). That difference should not matter, though, because sourceware.org has the same IP address.
(In reply to Florian Weimer from comment #2) > I looked at my own logs, and one optimization you could make is to set the > outgoing EHLO argument to match what the PTR record says (it's currently > sourceware.org, while the PTR record says server2.sourceware.org). That > difference should not matter, though, because sourceware.org has the same IP > address. I set: smtp_helo_name = server2.sourceware.org But not a fan, since if we switch servers (server3.sourceware.org is a hot spare) we will have to manually update this setting.
BTW. It looks like you are still bouncing a lot of emails. Latest examples: Jul 1 00:19:06 server2 postfix/cleanup[2542516]: 0B8563858C74: message-id=<20230701001901.584A73858D33@sourceware.org> Jul 1 00:19:06 server2 postfix/qmgr[2512863]: 0B8563858C74: from=<gcc-cvs-bounces+fweimer=redhat.com@gcc.gnu.org>, size=13257, nrcpt=1 (queue active) Jul 1 00:19:07 server2 postfix/smtp[2549164]: 0B8563858C74: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[205.139.110.141]:25, delay=1.4, delays=0.1/0.02/0.15/1.1, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[205.139.110.141] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [ZU1yncVgNNSxbZi6hnYcDA.us312] (in reply to end of DATA command)) Jul 1 23:22:27 server2 postfix/cleanup[1005089]: 5EBC33858C31: message-id=<20230701232147.3265358-1-ibuclaw@gdcproject.org> Jul 1 23:22:27 server2 postfix/qmgr[3930487]: 5EBC33858C31: from=<gcc-patches-bounces+fweimer=redhat.com@gcc.gnu.org>, size=7073, nrcpt=1 (queue active) Jul 1 23:22:28 server2 postfix/smtp[996032]: 5EBC33858C31: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[207.211.30.221]:25, delay=0.72, delays=0.09/0/0.2/0.44, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[207.211.30.221] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [OCmtIyD6O5Cf6XZUjrGo2w.us125] (in reply to end of DATA command)) Jul 2 00:17:20 server2 postfix/cleanup[1272615]: B0BA03858401: message-id=<20230702001710.48D643858D35@sourceware.org> Jul 2 00:17:20 server2 postfix/qmgr[3930487]: B0BA03858401: from=<gcc-cvs-bounces+fweimer=redhat.com@gcc.gnu.org>, size=6476, nrcpt=1 (queue active) Jul 2 00:17:22 server2 postfix/smtp[1260274]: B0BA03858401: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[207.211.30.221]:25, delay=1.2, delays=0.09/0/0.31/0.8, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[207.211.30.221] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [HMdfGDQ6PcuCuYcWfgkSlg.us157] (in reply to end of DATA command))
(In reply to Mark Wielaard from comment #3) > I set: > smtp_helo_name = server2.sourceware.org > But not a fan, since if we switch servers (server3.sourceware.org is a hot > spare) we will have to manually update this setting. The default ($myhostname) might be more appropriate, assuming that the system host name is set to server2.sourceware.org and server3.sourceware.org. I don't doubt that there are still many bounces. Mailman is still sending me alerts about them.
(In reply to Florian Weimer from comment #5) > The default ($myhostname) might be more appropriate, assuming that the > system host name is set to server2.sourceware.org and server3.sourceware.org. But $myhostname is set to sourceware.org. And $myhostname is used in a lot of other places. So I don't want to change that. Is there a way to get the system host name if $myhostname is explicitly set? Then we can set smtp_helo_name to that. It isn't fully clear to me that this setting matters. In what way is the helo name used for determining whether or not to bounce the message on your side?
I don't think there's any RFC-compliance or spam-hygiene related benefit from choosing one vs. any other DNS-level alias of the server.
(In reply to Frank Ch. Eigler from comment #7) > I don't think there's any RFC-compliance or spam-hygiene related benefit > from choosing one vs. any other DNS-level alias of the server. RFC 1123 section 5.2.5 comes to my mind (the “principal host domain” part), but it says later on that a mismatch should not be treated as grounds for rejection. It was just a stab in the dark about what caused the problem.
Could I please get another recent log snippet with bounces for fweimer@redhat.com? Thanks.
(In reply to Florian Weimer from comment #9) > Could I please get another recent log snippet with bounces for > fweimer@redhat.com? Thanks. Sure, here are a couple to various mailinglist from earlier today. You should be able to lookup each message through the message-id at https://inbox.sourceware.org/<message-id> (without the <>) Jul 5 15:13:19 server2 postfix/smtpd[1585444]: 523353857007: client=localhost[::1] Jul 5 15:13:19 server2 postfix/cleanup[1853814]: 523353857007: message-id=<MR2P264MB0113D9EB0BE889E9A3DBBAF3CD2FA@MR2P264MB0113.FRAP264.PROD.OUTLOOK.COM> Jul 5 15:13:19 server2 opendkim[2238591]: 523353857007: DKIM-Signature field added (s=default, d=gcc.gnu.org) Jul 5 15:13:19 server2 postfix/qmgr[415641]: 523353857007: from=<gcc-bounces+fweimer=redhat.com@gcc.gnu.org>, size=14994, nrcpt=1 (queue active) Jul 5 15:13:20 server2 postfix/smtp[1502852]: 523353857007: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[207.211.30.221]:25, delay=0.95, delays=0.1/0/0.23/0.62, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[207.211.30.221] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [aw388OUCPGa6lJC4uBUZCQ.us569] (in reply to end of DATA command)) Jul 5 15:13:20 server2 postfix/bounce[2085987]: 523353857007: sender non-delivery notification: 4C8BD3857738 Jul 5 15:13:20 server2 postfix/qmgr[415641]: 523353857007: removed Jul 5 14:57:30 server2 postfix/smtpd[1285685]: 2628A3858421: client=localhost[::1] Jul 5 14:57:30 server2 postfix/cleanup[1503268]: 2628A3858421: message-id=<20230705145727.2DFBF385773C@sourceware.org> Jul 5 14:57:30 server2 opendkim[2238591]: 2628A3858421: DKIM-Signature field added (s=default, d=gcc.gnu.org) Jul 5 14:57:30 server2 postfix/qmgr[415641]: 2628A3858421: from=<gcc-cvs-bounces+fweimer=redhat.com@gcc.gnu.org>, size=14626, nrcpt=1 (queue active) Jul 5 14:57:30 server2 postfix/smtp[1499656]: 2628A3858421: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[205.139.110.242]:25, delay=0.69, delays=0.09/0/0.2/0.4, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[205.139.110.242] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [tehplEwkP9KG8nxtIavsog.us610] (in reply to end of DATA command)) Jul 5 14:57:30 server2 postfix/bounce[1541341]: 2628A3858421: sender non-delivery notification: D264B3857738 Jul 5 14:57:30 server2 postfix/qmgr[415641]: 2628A3858421: removed Jul 5 13:56:09 server2 postfix/smtpd[782799]: 6C6C83858421: client=localhost[::1] Jul 5 13:56:09 server2 postfix/cleanup[809298]: 6C6C83858421: message-id=<mptjzveqx7v.fsf@arm.com> Jul 5 13:56:09 server2 opendkim[2238591]: 6C6C83858421: DKIM-Signature field added (s=default, d=gcc.gnu.org) Jul 5 13:56:09 server2 postfix/qmgr[415641]: 6C6C83858421: from=<gcc-patches-bounces+fweimer=redhat.com@gcc.gnu.org>, size=12663, nrcpt=1 (queue active) Jul 5 13:56:10 server2 postfix/smtp[804655]: 6C6C83858421: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[205.139.110.242]:25, delay=0.67, delays=0.09/0/0.15/0.43, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[205.139.110.242] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [mL4PO3RPPHatVNP7lRm5Xw.us18] (in reply to end of DATA command)) Jul 5 13:56:10 server2 postfix/bounce[804814]: 6C6C83858421: sender non-delivery notification: 1EF673857341 Jul 5 13:56:10 server2 postfix/qmgr[415641]: 6C6C83858421: removed Jul 5 13:28:31 server2 postfix/smtpd[656398]: 994D2385734A: client=localhost[::1] Jul 5 13:28:31 server2 postfix/cleanup[728659]: 994D2385734A: message-id=<20230705132827.EF1D63858C5E@sourceware.org> Jul 5 13:28:31 server2 opendkim[2238591]: 994D2385734A: DKIM-Signature field added (s=default, d=gcc.gnu.org) Jul 5 13:28:31 server2 postfix/qmgr[415641]: 994D2385734A: from=<gcc-cvs-bounces+fweimer=redhat.com@gcc.gnu.org>, size=16716, nrcpt=1 (queue active) Jul 5 13:28:32 server2 postfix/smtp[742447]: 994D2385734A: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[207.211.30.141]:25, delay=0.8, delays=0.09/0.02/0.26/0.43, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[207.211.30.141] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [7uZIJdc1PvWh-HC_Y4TZ8w.us541] (in reply to end of DATA command)) Jul 5 13:28:32 server2 postfix/bounce[742474]: 994D2385734A: sender non-delivery notification: 6AEE43857C48 Jul 5 13:28:32 server2 postfix/qmgr[415641]: 994D2385734A: removed Jul 5 09:12:42 server2 postfix/smtpd[3401781]: 30D2F3853D17: client=localhost[::1] Jul 5 09:12:42 server2 postfix/cleanup[3513786]: 30D2F3853D17: message-id=<5db1b3fde3a7e32d4ff27f8551ffd7b2.stefansf@linux.ibm.com> Jul 5 09:12:42 server2 opendkim[2238591]: 30D2F3853D17: DKIM-Signature field added (s=default, d=gcc.gnu.org) Jul 5 09:12:42 server2 postfix/qmgr[415641]: 30D2F3853D17: from=<gcc-testresults-bounces+fweimer=redhat.com@gcc.gnu.org>, size=110699, nrcpt=1 (queue active) Jul 5 09:12:43 server2 postfix/smtp[3492464]: 30D2F3853D17: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[205.139.110.141]:25, delay=1.5, delays=0.1/0/0.18/1.2, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[205.139.110.141] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [qNXKt5YBPXOo1bsPWblNYQ.us106] (in reply to end of DATA command)) Jul 5 09:12:43 server2 postfix/bounce[3413932]: 30D2F3853D17: sender non-delivery notification: AB9E938555B2 Jul 5 09:12:43 server2 postfix/qmgr[415641]: 30D2F3853D17: removed It would be great if you can somehow match them up with logs on your side with an explanation why they were bounced.
It looks like no more "554 Email rejected due to security policies" bounces have been seen for more than 2 days now. Could you confirm emails seem to be flowing again to your address?
(In reply to Mark Wielaard from comment #11) > It looks like no more "554 Email rejected due to security policies" bounces > have been seen for more than 2 days now. Could you confirm emails seem to be > flowing again to your address? I just received: “ Your membership in the mailing list Gcc-patches has been disabled due to excessive bounces The last bounce received from you was dated 10-Jul-2023. ” Any idea what bounces may have triggered this, and how far back they go? Perhaps it's an actual spam rejection this time, which triggered Mailman into action combined with the old bounces still stored in the system?
(In reply to Florian Weimer from comment #12) > (In reply to Mark Wielaard from comment #11) > > It looks like no more "554 Email rejected due to security policies" bounces > > have been seen for more than 2 days now. Could you confirm emails seem to be > > flowing again to your address? > > I just received: > > “ > Your membership in the mailing list Gcc-patches has been disabled due > to excessive bounces The last bounce received from you was dated > 10-Jul-2023. > ” > > Any idea what bounces may have triggered this, and how far back they go? > Perhaps it's an actual spam rejection this time, which triggered Mailman > into action combined with the old bounces still stored in the system? We are seeing the "554 Email rejected due to security policies" bounces again since this morning. It does look like they are all from rivia.ai and it looks like they contained HTML (which we strip): Jul 10 07:06:50 server2 postfix/smtpd[3598137]: DD10B385770C: client=localhost[::1] Jul 10 07:06:50 server2 postfix/cleanup[3680702]: DD10B385770C: message-id=<20230710070612.233168-1-juzhe.zhong@rivai.ai> Jul 10 07:06:50 server2 opendkim[2238591]: DD10B385770C: no signing table match for 'juzhe.zhong@rivai.ai' Jul 10 07:06:50 server2 postfix/qmgr[415641]: DD10B385770C: from=<gcc-patches-bounces+fweimer=redhat.com@gcc.gnu.org>, size=7145, nrcpt=1 (queue active) Jul 10 07:06:51 server2 postfix/smtp[3608734]: DD10B385770C: to=<fweimer@redhat.com>, relay=us-smtp-inbound-1.mimecast.com[205.139.110.221]:25, delay=0.7, delays=0.04/0/0.19/0.46, dsn=5.0.0, status=bounced (host us-smtp-inbound-1.mimecast.com[205.139.110.221] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [mGbBKflfN8uXMSJVsvCU1A.us536] (in reply to end of DATA command)) Jul 10 07:06:51 server2 postfix/bounce[3680608]: DD10B385770C: sender non-delivery notification: 955653857714 Jul 10 07:06:51 server2 postfix/qmgr[415641]: DD10B385770C: removed Jul 10 07:58:37 server2 postfix/smtpd[3792379]: 72D7B385772C: client=localhost[::1] Jul 10 07:58:37 server2 postfix/cleanup[3929042]: 72D7B385772C: message-id=<C551A4BF1C4C009C+202307101558111958855@rivai.ai> Jul 10 07:58:37 server2 opendkim[2238591]: 72D7B385772C: no signing table match for 'juzhe.zhong@rivai.ai' Jul 10 07:58:37 server2 postfix/qmgr[415641]: 72D7B385772C: from=<gcc-patches-bounces+fweimer=redhat.com@gcc.gnu.org>, size=10877, nrcpt=1 (queue active) Jul 10 07:58:38 server2 postfix/smtp[3905172]: 72D7B385772C: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[205.139.110.242]:25, delay=0.56, delays=0.04/0/0.15/0.37, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[205.139.110.242] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [UQCPahAyNsmfwdfICb173Q.us448] (in reply to end of DATA command)) Jul 10 07:58:38 server2 postfix/bounce[3925775]: 72D7B385772C: sender non-delivery notification: 07909385771C Jul 10 07:58:38 server2 postfix/qmgr[415641]: 72D7B385772C: removed Jul 10 07:59:34 server2 postfix/smtpd[3924326]: 092F13857009: client=localhost[::1] Jul 10 07:59:34 server2 postfix/cleanup[3986161]: 092F13857009: message-id=<43742A8A55D8CF45+202307101559084465696@rivai.ai> Jul 10 07:59:34 server2 opendkim[2238591]: 092F13857009: no signing table match for 'juzhe.zhong@rivai.ai' Jul 10 07:59:34 server2 postfix/qmgr[415641]: 092F13857009: from=<gcc-patches-bounces+fweimer=redhat.com@gcc.gnu.org>, size=11360, nrcpt=1 (queue active) Jul 10 07:59:34 server2 postfix/smtp[3886851]: 092F13857009: to=<fweimer@redhat.com>, relay=us-smtp-inbound-2.mimecast.com[205.139.110.242]:25, delay=0.57, delays=0.05/0/0.15/0.38, dsn=5.0.0, status=bounced (host us-smtp-inbound-2.mimecast.com[205.139.110.242] said: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [Ng5NK7R_MYmnJc1-CmSlRg.us518] (in reply to end of DATA command)) Jul 10 07:59:34 server2 postfix/bounce[3925775]: 092F13857009: sender non-delivery notification: 999E9385771A Jul 10 07:59:34 server2 postfix/qmgr[415641]: 092F13857009: removed
There doesn't seem to have been any more bounces from mimecast to your address since those on July 10. Are you still having issues with subscriptions or missing/bouncing emails?
Right, looks good to me. I think we can resolve this.