Help! List traffic shunted to gmail/yahoo spam folders
Hello,
I've been through DKIM hell and back. Now I'm to the point where when I "show original" mail with gmail it says SPF, DKIM and DMARC all pass, but it's still going to the spam folders.
Has anyone sorted this?
thanks!
matt
show original:
Delivered-To: somebody@gmail.com
Received: by 2002:a02:968f:0:0:0:0:0 with SMTP id w15csp1521828jai;
Sat, 10 Jul 2021 14:33:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy72rM7rrvKmz7wlOVjj2M02l971IurhWQqYjQlhjZNhtJ1m7uph2Y/p85GAtq4x56KMLi4
X-Received: by 2002:a05:6830:270b:: with SMTP id j11mr3612659otu.352.1625952812813;
Sat, 10 Jul 2021 14:33:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1625952812; cv=none;
d=google.com; s=arc-20160816;
b=LSNHINAAV62ePpOJ85HzOKFKSRBzP4htN0SkBgG3HnZp7eVAUY7td/ibOWIsVDy0Iz
AcAK6WoRhDKhHmlnx71LAo3COnbmD5TWGle/Kp8cx2tMS5bxRXw+Rb5FZYblTPIiwyFo
7u7zXTTxKCzbyCQgAmpvsQN55N41TRq1je6dTMdo1j4T6msO5pvLzfnJRT3Oo+ZP3sYY
K3lOEEl1MNFcmVTxsHY73tdNMncq5TTLGdqdYvT+GDd5a6QnjrkWQvhk783kppNB6kFC
dgiXst5Ql/jUbe4NnS1T+i/md+WcXTitmryEtY8lxzCjEnT6NFA5IcHw/tChpH4OqyPv
MGIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:reply-to:from:list-unsubscribe
:list-subscribe:list-post:list-help:list-archive:archived-at:list-id
:subject:precedence:message-id-hash:content-language:mime-version
:user-agent:date:message-id:to:dkim-signature:dmarc-filter
:dkim-signature;
bh=4HN4XCD73340TTta47Nw8NNNFEbWsNLm9zWdectMYcI=;
b=K3ANa/+WBrM8ChcoYKIUkoRZ3sgDZB77S3BRFFu2WZCOBA5pGlG176jCzA1hOz7b+6
1ewP/Imzh16yBVGzugL+/JQZJlCWV1F5S6jq8xeoQIPbkM2JGKIUFAS9+Sk+JNKDTMl4
nMTFiDVfTMkgK6f1guKxBhqHroJKJ4eAUwxjHcX17nZwvY5SOeP0UqnyQaGmeRnJuXel
fcdBoY5TqnDMxq7709anmcYRQuIahso/UPjzZrdMsrTJaRhScAxfa0ZQOVnjf4bkyf0D
1/eLCHEl+oZlzNXT06ghOzPFC91g/TxComGBLRWc1G5nk92gqBPrQh9690sbOuqmHZA8
ybPA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sditdg.org header.s=mail header.b=BteyCkCY;
dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="Kt/xXWZE";
spf=pass (google.com: domain of testing-bounces@sditdg.org designates 65.50.252.27 as permitted sender) smtp.mailfrom=testing-bounces@sditdg.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sditdg.org
Return-Path: testing-bounces@sditdg.org
Received: from sditdg.org ([65.50.252.27])
by mx.google.com with ESMTPS id w3si10563091oiv.8.2021.07.10.14.33.32
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 10 Jul 2021 14:33:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of testing-bounces@sditdg.org designates 65.50.252.27 as permitted sender) client-ip=65.50.252.27;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sditdg.org header.s=mail header.b=BteyCkCY;
dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="Kt/xXWZE";
spf=pass (google.com: domain of testing-bounces@sditdg.org designates 65.50.252.27 as permitted sender) smtp.mailfrom=testing-bounces@sditdg.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sditdg.org
Received: from sditdg.org (localhost [127.0.0.1]) by sditdg.org (Postfix) with ESMTP id 9079DC1DF0; Sat, 10 Jul 2021 14:33:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sditdg.org; s=mail; t=1625952811; bh=4HN4XCD73340TTta47Nw8NNNFEbWsNLm9zWdectMYcI=; h=To:Date:Subject:List-Id:List-Archive:List-Help:List-Post:
List-Subscribe:List-Unsubscribe:From:Reply-To:From; b=BteyCkCYE4gLRLEUV+nsoK7PM5Ayj0ce+ZgWkUdqtbwQynND4zs1PLPwebsALsP5k
NYVnZLBJGHoXOA256v+imGl4BD8IFXe1onyY6VSKcJfx/2vYwfwwnDyB3zkc9s9BYO
K0B4EPVOepbjClhUg5Z5JnOSyZhoIWjQHZwFsXpY+di5B2y5sDMvDyWLJHh3GGhw8y
zijl2IJZDCaF3iVq4EFlxP4UfHvQ+bmfkGGmjYVJvkmsQWAsTFUb7UawK3w3m9Z6LN
W+hV9H3L+95O+CIfUz0q7kG7T5gwz/eoce9ewv7xhimpVPjuatgLt4hFJcvzwaohmp
S/u54SwGh0iVA==
Received: from cat.efs.org (cat.efs.org [10.128.128.46]) by sditdg.org (Postfix) with ESMTPS id 0D110C1DF0 for testing@sditdg.org; Sat, 10 Jul 2021 14:33:29 -0700 (PDT)
X-Spam-Status: No
Authentication-Results: cat.efs.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Kt/xXWZE"
X-EFS-MailScanner-EFA-Watermark: 1626557599.13472@k3T7MnvZ29zIPokD4fCFrg
X-EFS-MailScanner-EFA-From: somebody-else@gmail.com
X-EFS-MailScanner-EFA: Found to be clean
X-EFS-MailScanner-EFA-ID: 4GMjtw2R5xzYrqBb
X-EFS-MailScanner-EFA-Information: Please contact matt@efs.org for more information
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (no client certificate requested) by cat.efs.org (MailScanner Milter) with SMTP id 4GMjtw2R5xzYrqBb for testing@sditdg.org; Sat, 10 Jul 2021 14:33:12 -0700 (PDT)
DMARC-Filter: OpenDMARC Filter v1.4.1 cat.efs.org 4GMjtw2R5xzYrqBb
Authentication-Results: cat.efs.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: cat.efs.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pl1-f180.google.com with SMTP id v14so9940plg.9
for testing@sditdg.org; Sat, 10 Jul 2021 14:33:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=to:from:subject:message-id:date:user-agent:mime-version
:content-transfer-encoding:content-language;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=Kt/xXWZEIVQlTx1hyx4VeQlW8OZc+z5Uxz8vkIaQJkK5PhHmc6/0safN0MGVJcXoBe
ii3/LXmMTkbbZEztKBdVIV5TI8ZqvMOS2uvJk//lFVgq/AbcKOGcrNTfg7tTpfL7knQY
79CWtAE/etBKni0pONNORAevyCQq07YwJRFvSuZDEB2mWnk+SxQpkudgEX6ngXtNKqiW
OroAx3fTcEO/tEQEVCKCdJAOSi5T1gmk/nTonU1zpmw+LJTOBcgCYZu4ppIwsss1eRbH
TgaZO8yhoHztSP8MCjF2fwG5GYdcgYtI1Scq8XQVVe9f7mdrOU1NMDT6+8fiZltvSg0y
KaUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:to:from:subject:message-id:date:user-agent
:mime-version:content-transfer-encoding:content-language;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=Jdlw1Ajc3T80d9gzMNci+0GYQ1vI7B1AzIc+4qv4t/x57S1l6PkmwmtiDV9HqJIVcA
wUE9Fuih0yFJHMRwSQX/nsPLIKwmC4HO34V3Diy0NltMDSTBQFjTJ8xJY6kSmX8IXSN5
fBBvQkS9AjQbLZUm7a4ttfK6o4A5gBKSaj60I7+sc5hUxCLK+hEcb7F1pnD0AoE2/Zlz
nLfyg2FNA+/BclTgRI7kgjY0+ro67BdU4KS3/E5ltSngLRSMijouKzAp9ITzzms1pBKT
OkFPwRPQ3PBzcBPGF4SrQK7pcUKhdsmua7upMia3pOBjh/HvC9aUgsGUsj+T5xqOe0xU
ANcA==
X-Gm-Message-State: AOAM531v1T1CpYQn1gzRqHpER9tizVVsXfwKmSdvQBkSgRi3IBxptEIl Vhgt9h0ndeYsYoGUJOo+P1ttSeVVslSmlA==
X-Received: by 2002:a17:90b:798:: with SMTP id l24mr46030558pjz.141.1625952789010;
Sat, 10 Jul 2021 14:33:09 -0700 (PDT)
Received: from [192.168.86.248] (cpe-76-93-161-126.san.res.rr.com. [76.93.161.126])
by smtp.gmail.com with ESMTPSA id d2sm8574671pjo.50.2021.07.10.14.33.08
for testing@sditdg.org
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Sat, 10 Jul 2021 14:33:08 -0700 (PDT)
To: testing@sditdg.org
Message-ID: fb1474b0-27d5-65ed-26b2-1753b95994c0@gmail.com
Date: Sat, 10 Jul 2021 14:33:07 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
Content-Language: en-US
Message-ID-Hash: ZY5T327H5SEXWCMGQQMQCDSJ6IYBLNHA
X-Message-ID-Hash: ZY5T327H5SEXWCMGQQMQCDSJ6IYBLNHA
X-MailFrom: somebody-else@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
Subject: [Testing] test
List-Id:
test
Testing mailing list -- testing@sditdg.org To unsubscribe send an email to testing-leave@sditdg.org
On 7/10/21 2:42 PM, Matt Wilbur EFS via Mailman-users wrote:
Hello,
I've been through DKIM hell and back. Now I'm to the point where when I "show original" mail with gmail it says SPF, DKIM and DMARC all pass, but it's still going to the spam folders.
Does your list domain publish a DMARC record? If not publishing a DMARC record with policy of none may help, but it seems you are probably doing that.
Beyond that, it is probably filtering based on something in the message content and the recipient ISPs will never tell you what because they consider that kind of information proprietary.
Setting up feedback loops with gmail and yahoo also may help, but there's really not much else you can do.
-- Mark Sapiro mark@msapiro.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Matt Wilbur EFS via Mailman-users writes:
I've been through DKIM hell and back. Now I'm to the point where when I "show original" mail with gmail it says SPF, DKIM and DMARC all pass, but it's still going to the spam folders.
ARC would help get you through Google, Google participates in ARC:
ARC-Seal: i=1; a=rsa-sha256; t=1625952812; cv=none; d=google.com; s=arc-20160816;
The idea is that you can have your incoming MTA attest that the signature was valid on the way in, and have that testimony signed by the outgoing MTA. I don't know offhand who else give gold stars for a valid ARC signature, though.
Despite what you wrote, this isn't a pass:
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sditdg.org header.s=mail header.b=BteyCkCY; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="Kt/xXWZE"; spf=pass (google.com: domain of testing-bounces@sditdg.org designates 65.50.252.27 as permitted sender) smtp.mailfrom=testing-bounces@sditdg.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sditdg.org
Your body hash did not verify, I don't know why. It could be that you're signing it on the way in so the footer breaks the signature on the way out (seems unlikely, but at least it's easy to find and to fix), or that the signing function is incorrect (harder to diagnose) or Google's verifier is broken (unlikely in the extreme, but logically possible) or your MTA (Postfix) is corrupting the message (ditto). Or maybe cosmic rays aren't random, they're targeting your mail. :-)
DMARC passes because the policy is NONE.
Note that "neutral" is actually a failure, but the term "neutral" is used because a failure should not be a reason to treat your mail as more suspicious than unsigned mail.
I assume the signature below is supposed to be from the outgoing MTA at your Mailman site.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sditdg.org; s=mail; t=1625952811; bh=4HN4XCD73340TTta47Nw8NNNFEbWsNLm9zWdectMYcI=; h=To:Date:Subject:List-Id:List-Archive:List-Help:List-Post:
Here's a DKIM pass at your site, but I assume this is incoming to Mailman:
Authentication-Results: cat.efs.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Kt/xXWZE"
Hope this helps, Steve
Thank you Steve
This is very helpful. I've seen the hash not verifying and am chasing that through the hellish postfix/mailscanner/etc path we have. Something's modifying the body and I haven't found it yet.
Again. Thank you!
matt
On 7/11/21 11:02 AM, Stephen J. Turnbull wrote:
Matt Wilbur EFS via Mailman-users writes:
I've been through DKIM hell and back. Now I'm to the point where when I "show original" mail with gmail it says SPF, DKIM and DMARC all pass, but it's still going to the spam folders.
ARC would help get you through Google, Google participates in ARC:
ARC-Seal: i=1; a=rsa-sha256; t=1625952812; cv=none; d=google.com; s=arc-20160816;
The idea is that you can have your incoming MTA attest that the signature was valid on the way in, and have that testimony signed by the outgoing MTA. I don't know offhand who else give gold stars for a valid ARC signature, though.
Despite what you wrote, this isn't a pass:
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sditdg.org header.s=mail header.b=BteyCkCY; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b="Kt/xXWZE"; spf=pass (google.com: domain of testing-bounces@sditdg.org designates 65.50.252.27 as permitted sender) smtp.mailfrom=testing-bounces@sditdg.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sditdg.org
Your body hash did not verify, I don't know why. It could be that you're signing it on the way in so the footer breaks the signature on the way out (seems unlikely, but at least it's easy to find and to fix), or that the signing function is incorrect (harder to diagnose) or Google's verifier is broken (unlikely in the extreme, but logically possible) or your MTA (Postfix) is corrupting the message (ditto). Or maybe cosmic rays aren't random, they're targeting your mail. :-)
DMARC passes because the policy is NONE.
Note that "neutral" is actually a failure, but the term "neutral" is used because a failure should not be a reason to treat your mail as more suspicious than unsigned mail.
I assume the signature below is supposed to be from the outgoing MTA at your Mailman site.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sditdg.org; s=mail; t=1625952811; bh=4HN4XCD73340TTta47Nw8NNNFEbWsNLm9zWdectMYcI=; h=To:Date:Subject:List-Id:List-Archive:List-Help:List-Post:
Here's a DKIM pass at your site, but I assume this is incoming to Mailman:
Authentication-Results: cat.efs.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Kt/xXWZE"
Hope this helps, Steve
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Matt Wilbur EFS via Mailman-users writes:
This is very helpful.
Love to hear that! :-)
I've seen the hash not verifying and am chasing that through the hellish postfix/mailscanner/etc path we have. Something's modifying the body and I haven't found it yet.
That sucks, of course, and I guess you wouldn't have known about that bug if you weren't having this problem :-/, but it should be possible to avoid the signature failure, if the boundary MTA does the signing -- then it would be signing the (slightly) corrupted message. A few random suggestions: Maybe Postfix milters are in the wrong order, or the DKIM signature is done on the "wrong" host?
Good hunting!
Steve
participants (3)
-
Mark Sapiro
-
Matt Wilbur EFS
-
Stephen J. Turnbull