Comments (7)
@jarylc Thanks a lot for the details! SpamAssasin does not like 240.0.0.0 indeed ... We just replaced the Docker network by 10.0.0.0 which is more conventional but also has more risks of conflict with existing networks ...
Now the mail-tester score is back to 10 :).
from app.
Hi can you give more info about your setup please?
240.0.0.3
is from the SimpleLogin docker container network (which is 240.0.0.0/24
).
from app.
I've done 2 test e-mails on mail-tester.com today (it did not trigger the flag when I tested yesterday).
I'm not entirely sure what causes Spam Assassin to flag for RCVD_ILLEGAL_IP
, but looking at the description and the source so far, the only IP that I could think it might be flagging is [240.0.0.3] (unknown [240.0.0.3])
(see the source below).
Unless it's Google's ipv6 address IPv6:2a00:1450:4864:20::131
which I think it's unlikely. Or this one 2002:ac2:5e9b::
(see the source below).
Here's the Spam Assassin response.
Here's the latest source for one of them with some content snipped out:
Received: by mail-tester.com (Postfix, from userid 500)
id 5F473A4979; Thu, 23 Jan 2020 12:10:40 +0100 (CET)
Authentication-Results: mail-tester.com;
dkim=pass (1024-bit key; unprotected) header.d=simplelogin.co [email protected] header.b=F1GVCCb0;
dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail-tester.com
X-Spam-Level: *
X-Spam-Status: No/1.1/5.0
X-Spam-Test-Scores: DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1,HTML_MESSAGE=0.001,RCVD_ILLEGAL_IP=1.3,
SPF_PASS=-0.001,URIBL_BLOCKED=0.001
X-Spam-Last-External-IP: 94.237.86.150
X-Spam-Last-External-HELO: mx1.simplelogin.co
X-Spam-Last-External-rDNS: mx1.simplelogin.co
X-Spam-Date-of-Scan: Thu, 23 Jan 2020 12:10:40 +0100
X-Spam-Report:
* 1.3 RCVD_ILLEGAL_IP Received: contains illegal IP address
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
* envelope-from domain
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
* blocked. See
* http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* for more information.
* [URIs: simplelogin.co]
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=94.237.86.150; helo=mx1.simplelogin.co; envelope-from=---snip alias address---; receiver=--- snip id [email protected]
DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com ADAB19FC76
Authentication-Results: mail-tester.com; dmarc=pass header.from=simplelogin.co
Authentication-Results: mail-tester.com;
dkim=pass (1024-bit key; unprotected) header.d=simplelogin.co [email protected] header.b=F1GVCCb0;
dkim-atps=neutral
Received: from mx1.simplelogin.co (mx1.simplelogin.co [94.237.86.150])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail-tester.com (Postfix) with ESMTPS id ADAB19FC76
for <--- snip id [email protected]>; Thu, 23 Jan 2020 12:10:38 +0100 (CET)
Received: from [240.0.0.3] (unknown [240.0.0.3])
by mx1.simplelogin.co (Postfix) with ESMTP id 278845C10D
for <--- snip id [email protected]>; Thu, 23 Jan 2020 11:10:38 +0000 (UTC)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com
[IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher
TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by
mx1.simplelogin.co (Postfix) with ESMTPS id E87A75C10B for
<--- snip reverse alias email --->; Thu, 23 Jan 2020 11:10:37
+0000 (UTC)
Received: by mail-lf1-x131.google.com with SMTP id b15so1988943lfc.4
for <--- snip reverse alias email --->; Thu, 23 Jan 2020 03:10:37
-0800 (PST)
X-Google-DKIM-Signature: --- snip ---
X-Gm-Message-State: --- snip ---
X-Google-Smtp-Source: --- snip ---
X-Received: by 2002:ac2:5e9b:: with SMTP id b27mr4586538lfq.184.1579777836925;
Thu, 23 Jan 2020 03:10:36 -0800 (PST)
MIME-Version: 1.0
References:
<[email protected]>
In-Reply-To:
<[email protected]>
From: ---snip [email protected]
Date: Thu, 23 Jan 2020 19:10:24 +0800
Message-ID:
<[email protected]>
Subject: ---snip subject---
To: ---snip [email protected]
Content-Type: multipart/alternative; boundary="000000000000cb4589059cccb0cf"
List-Unsubscribe: <https://app.simplelogin.io/dashboard/unsubscribe/1679>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
DKIM-Signature: ---snip---
--000000000000cb4589059cccb0cf
Content-Type: text/plain; charset="UTF-8"
---snip e-mail contents---
On Thu, 23 Jan 2020, 18:18 Jaryl, <---snip e-mail---> wrote:
---snip e-mail contents---
--000000000000cb4589059cccb0cf
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
---snip e-mail contents---
--000000000000cb4589059cccb0cf--
from app.
Looking at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6923#c1
(of course addresses above 224.x.x.x remain illegal)
Likely it's because the Docker IP address is in 240.0.0.0/24
range which is probably triggers the 224.0.0.0/4
range of Spam Assassin.
Might be fixed if you set up the Docker network to use another range of IPs.
from app.
Awesome, just did another test, perfect score indeed.
I think you should consider having a separate server for premium & paying users in the long run. Of course after securing a good revenue stream.
Eventually if popularity grows, I predict there will probably be some black sheeps around that abuse the free service and use your current mail server to post spam causing the IP to get blacklisted in spam databases.
from app.
@jarylc Very good point about having separated servers for premium & free plans! I just created https://trello.com/c/1MqpVrEi/23-separate-server-for-free-premium-plan in our roadmap.
from app.
Hello I am using the self hosted solution but changing the docker network to 10.0.0.0 does not work, i.e. my emails are no longer being redirected to my email address.
Jan 28 17:52:24 vps643 postfix/smtp[30046]: 1A5E542521: to=[email protected], relay=127.0.0.1[127.0.0.1]:20381, delay=166, delays=0.27/0.01/35/131, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 500 Error: (TimeoutError) [Errno 110] Connection timed out (in reply to end of DATA command))
Jan 28 17:52:24 vps643 postfix/cleanup[30074]: AD41542CA9: message-id=[email protected]
Jan 28 17:52:24 vps643 postfix/qmgr[30024]: AD41542CA9: from=<>, size=4774, nrcpt=1 (queue active)
Jan 28 17:52:24 vps643 postfix/bounce[30072]: 1A5E542521: sender non-delivery notification: AD41542CA9
Jan 28 17:52:24 vps643 postfix/qmgr[30024]: 1A5E542521: removed
Jan 28 17:52:24 vps643 postfix/smtp[30046]: connect to gmail-smtp-in.l.google.com[2a00:1450:4010:c03::1b]:25: Network is unreachable
Jan 28 17:52:25 vps643 postfix/smtp[30046]: AD41542CA9: to=[email protected], relay=gmail-smtp-in.l.google.com[173.194.220.27]:25, delay=0.63, delays=0.1/0.01/0.35/0.17, dsn=2.0.0, status=sent (250 2.0.0 OK DMARC:Quarantine 1611856345 c200si3910149lfd.317 - gsmtp)
Jan 28 17:52:25 vps643 postfix/qmgr[30024]: AD41542CA9: removed
Jan 28 17:52:59 vps643 postfix/anvil[30037]: statistics: max connection rate 1/60s for (smtp:209.85.167.42) at Jan 28 17:48:02
Jan 28 17:52:59 vps643 postfix/anvil[30037]: statistics: max connection count 1 for (smtp:209.85.167.42) at Jan 28 17:48:02
Jan 28 17:52:59 vps643 postfix/anvil[30037]: statistics: max cache size 1 at Jan 28 17:48:02
I created my docker network by using
sudo docker network create -d bridge \
--subnet=10.0.0.0/24 \
--gateway=10.0.0.1 \
sl-network
Also in my /etc/postfix/main.cf
I updated the line:
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24
And then ran:
sudo systemctl restart postfix
Is there something I might be missing?
from app.
Related Issues (20)
- Reset Password deleted al my alias HOT 4
- SL blocks all incoming emails from altmails.com
- Service findthatlead.com indexes your domain HOT 1
- Prospect.io and ninjaoutreach.com and findemails.com and voilanorbert.com and Snov.io and getprospect.com indexing your domains!
- [Self-Hosted] Bounced Emails at Microsoft HOT 2
- Accept only certain senders for a given alias (default status for new sender)
- Can't Receive e-mails from GMail accounts HOT 2
- DKIM verification documentation partially incorrect? HOT 1
- Switch Account
- Serious issues receiving all emails forwarded to Yahoo mailbox HOT 2
- You published private key! HOT 2
- Some “bad” words HOT 4
- Nothing happens when trying to create account HOT 13
- Reverse aliases created not respecting custom domain
- Block promo
- Can not creating more then 5 subdomains even if the MAX_NB_SUBDOMAIN has been set. HOT 1
- Remove two additional sensitive word
- Need an option to use mailbox.email as "To" header instead of the alias, when forwarding an email to the mailbox. HOT 2
- Hide remove button HOT 1
- Add spam report feature
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from app.