Giter Site home page Giter Site logo

Comments (7)

nguyenkims avatar nguyenkims commented on May 18, 2024 1

@jarylc Thanks a lot for the details! SpamAssasin does not like 240.0.0.0 indeed ... We just replaced the Docker network by 10.0.0.0 which is more conventional but also has more risks of conflict with existing networks ...

Now the mail-tester score is back to 10 :).

from app.

nguyenkims avatar nguyenkims commented on May 18, 2024

Hi can you give more info about your setup please?

240.0.0.3 is from the SimpleLogin docker container network (which is 240.0.0.0/24).

from app.

jarylc avatar jarylc commented on May 18, 2024

I've done 2 test e-mails on mail-tester.com today (it did not trigger the flag when I tested yesterday).

I'm not entirely sure what causes Spam Assassin to flag for RCVD_ILLEGAL_IP, but looking at the description and the source so far, the only IP that I could think it might be flagging is [240.0.0.3] (unknown [240.0.0.3]) (see the source below).

Unless it's Google's ipv6 address IPv6:2a00:1450:4864:20::131 which I think it's unlikely. Or this one 2002:ac2:5e9b:: (see the source below).

Here's the Spam Assassin response.

Here's the latest source for one of them with some content snipped out:

Received: by mail-tester.com (Postfix, from userid 500)
	id 5F473A4979; Thu, 23 Jan 2020 12:10:40 +0100 (CET)
Authentication-Results: mail-tester.com;
	dkim=pass (1024-bit key; unprotected) header.d=simplelogin.co [email protected] header.b=F1GVCCb0;
	dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail-tester.com
X-Spam-Level: *
X-Spam-Status: No/1.1/5.0
X-Spam-Test-Scores: DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1,HTML_MESSAGE=0.001,RCVD_ILLEGAL_IP=1.3,
	SPF_PASS=-0.001,URIBL_BLOCKED=0.001
X-Spam-Last-External-IP: 94.237.86.150
X-Spam-Last-External-HELO: mx1.simplelogin.co
X-Spam-Last-External-rDNS: mx1.simplelogin.co
X-Spam-Date-of-Scan: Thu, 23 Jan 2020 12:10:40 +0100
X-Spam-Report: 
	*  1.3 RCVD_ILLEGAL_IP Received: contains illegal IP address
	* -0.0 SPF_PASS SPF: sender matches SPF record
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	* -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	*      envelope-from domain
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	*      author's domain
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*       valid
	*  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
	*      blocked.  See
	*      http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	*      for more information.
	*      [URIs: simplelogin.co]
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=94.237.86.150; helo=mx1.simplelogin.co; envelope-from=---snip alias address---; receiver=--- snip id [email protected] 
DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com ADAB19FC76
Authentication-Results: mail-tester.com; dmarc=pass header.from=simplelogin.co
Authentication-Results: mail-tester.com;
	dkim=pass (1024-bit key; unprotected) header.d=simplelogin.co [email protected] header.b=F1GVCCb0;
	dkim-atps=neutral
Received: from mx1.simplelogin.co (mx1.simplelogin.co [94.237.86.150])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail-tester.com (Postfix) with ESMTPS id ADAB19FC76
	for <--- snip id [email protected]>; Thu, 23 Jan 2020 12:10:38 +0100 (CET)
Received: from [240.0.0.3] (unknown [240.0.0.3])
	by mx1.simplelogin.co (Postfix) with ESMTP id 278845C10D
	for <--- snip id [email protected]>; Thu, 23 Jan 2020 11:10:38 +0000 (UTC)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com
 [IPv6:2a00:1450:4864:20::131])	(using TLSv1.3 with cipher
 TLS_AES_128_GCM_SHA256 (128/128 bits))	(No client certificate requested)	by
 mx1.simplelogin.co (Postfix) with ESMTPS id E87A75C10B	for
 <--- snip reverse alias email --->; Thu, 23 Jan 2020 11:10:37
 +0000 (UTC)
Received: by mail-lf1-x131.google.com with SMTP id b15so1988943lfc.4       
 for <--- snip reverse alias email --->; Thu, 23 Jan 2020 03:10:37
 -0800 (PST)
X-Google-DKIM-Signature: --- snip ---
X-Gm-Message-State: --- snip ---
X-Google-Smtp-Source: --- snip ---
X-Received: by 2002:ac2:5e9b:: with SMTP id b27mr4586538lfq.184.1579777836925;
 Thu, 23 Jan 2020 03:10:36 -0800 (PST)
MIME-Version: 1.0
References:
 <[email protected]>
In-Reply-To:
 <[email protected]>
From: ---snip [email protected]
Date: Thu, 23 Jan 2020 19:10:24 +0800
Message-ID:
 <[email protected]>
Subject: ---snip subject---
To: ---snip [email protected]
Content-Type: multipart/alternative; boundary="000000000000cb4589059cccb0cf"
List-Unsubscribe: <https://app.simplelogin.io/dashboard/unsubscribe/1679>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
DKIM-Signature: ---snip---

--000000000000cb4589059cccb0cf
Content-Type: text/plain; charset="UTF-8"

---snip e-mail contents---

On Thu, 23 Jan 2020, 18:18 Jaryl, <---snip e-mail---> wrote:

---snip e-mail contents---

--000000000000cb4589059cccb0cf
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

---snip e-mail contents---

--000000000000cb4589059cccb0cf--

from app.

jarylc avatar jarylc commented on May 18, 2024

Looking at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6923#c1

(of course addresses above 224.x.x.x remain illegal)

Likely it's because the Docker IP address is in 240.0.0.0/24 range which is probably triggers the 224.0.0.0/4 range of Spam Assassin.

Might be fixed if you set up the Docker network to use another range of IPs.

from app.

jarylc avatar jarylc commented on May 18, 2024

Awesome, just did another test, perfect score indeed.

I think you should consider having a separate server for premium & paying users in the long run. Of course after securing a good revenue stream.

Eventually if popularity grows, I predict there will probably be some black sheeps around that abuse the free service and use your current mail server to post spam causing the IP to get blacklisted in spam databases.

from app.

nguyenkims avatar nguyenkims commented on May 18, 2024

@jarylc Very good point about having separated servers for premium & free plans! I just created https://trello.com/c/1MqpVrEi/23-separate-server-for-free-premium-plan in our roadmap.

from app.

luisgepeto avatar luisgepeto commented on May 18, 2024

Hello I am using the self hosted solution but changing the docker network to 10.0.0.0 does not work, i.e. my emails are no longer being redirected to my email address.

Jan 28 17:52:24 vps643 postfix/smtp[30046]: 1A5E542521: to=[email protected], relay=127.0.0.1[127.0.0.1]:20381, delay=166, delays=0.27/0.01/35/131, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 500 Error: (TimeoutError) [Errno 110] Connection timed out (in reply to end of DATA command))
Jan 28 17:52:24 vps643 postfix/cleanup[30074]: AD41542CA9: message-id=[email protected]
Jan 28 17:52:24 vps643 postfix/qmgr[30024]: AD41542CA9: from=<>, size=4774, nrcpt=1 (queue active)
Jan 28 17:52:24 vps643 postfix/bounce[30072]: 1A5E542521: sender non-delivery notification: AD41542CA9
Jan 28 17:52:24 vps643 postfix/qmgr[30024]: 1A5E542521: removed
Jan 28 17:52:24 vps643 postfix/smtp[30046]: connect to gmail-smtp-in.l.google.com[2a00:1450:4010:c03::1b]:25: Network is unreachable
Jan 28 17:52:25 vps643 postfix/smtp[30046]: AD41542CA9: to=[email protected], relay=gmail-smtp-in.l.google.com[173.194.220.27]:25, delay=0.63, delays=0.1/0.01/0.35/0.17, dsn=2.0.0, status=sent (250 2.0.0 OK DMARC:Quarantine 1611856345 c200si3910149lfd.317 - gsmtp)
Jan 28 17:52:25 vps643 postfix/qmgr[30024]: AD41542CA9: removed
Jan 28 17:52:59 vps643 postfix/anvil[30037]: statistics: max connection rate 1/60s for (smtp:209.85.167.42) at Jan 28 17:48:02
Jan 28 17:52:59 vps643 postfix/anvil[30037]: statistics: max connection count 1 for (smtp:209.85.167.42) at Jan 28 17:48:02
Jan 28 17:52:59 vps643 postfix/anvil[30037]: statistics: max cache size 1 at Jan 28 17:48:02

I created my docker network by using

sudo docker network create -d bridge \
    --subnet=10.0.0.0/24 \
    --gateway=10.0.0.1 \
    sl-network

Also in my /etc/postfix/main.cf I updated the line:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24

And then ran:

sudo systemctl restart postfix

Is there something I might be missing?

from app.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.