Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Google mail blocking password resets
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Forums Feedback
View previous topic :: View next topic  
Author Message
Jim5678
n00b
n00b


Joined: 23 Jan 2024
Posts: 13

PostPosted: Tue Jan 23, 2024 5:45 am    Post subject: Google mail blocking password resets Reply with quote

Hi,
I'm starting to get this with a few sites now,but google mail seems to be dropping password resets before they even get to spam.

Had to create this account to get access to the forums; wonder if it's related to this issue my email sent me attached to your message on sign up.
Quote:
This email has failed its domain’s authentication requirements. It may be spoofed(new window) or improperly forwarded


Thanks,
James
Back to top
View user's profile Send private message
Zucca
Moderator
Moderator


Joined: 14 Jun 2007
Posts: 3747
Location: Rasi, Finland

PostPosted: Tue Jan 23, 2024 11:25 am    Post subject: Re: Google mail blocking password resets Reply with quote

Jim5678 wrote:
google mail seems to be dropping password resets before they even get to spam.
There are few possible scenarios here:
  • mail arrives but for some reason gmail marks it to be deleted
  • mail doesn't arrive to gmail at all, but instead is dropped off at some point during the delivery
  • mail doesn't get sent at all


The first case might be a result of some gmail filter you have. Please check if you have set any filters.

Our Forum Admins could check more detailed logs of your password reset attempts for possible undelivered mail for example.
_________________
..: Zucca :..

My gentoo installs:
init=/sbin/openrc-init
-systemd -logind -elogind seatd

Quote:
I am NaN! I am a man!
Back to top
View user's profile Send private message
Jim5678
n00b
n00b


Joined: 23 Jan 2024
Posts: 13

PostPosted: Thu Jan 25, 2024 9:36 am    Post subject: Reply with quote

Believe me, I've checked all the filters and settings and this is happening for my energy provider too, so I thought I'd give you a heads up.
They don' even get to my spam folder.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22729

PostPosted: Thu Jan 25, 2024 3:48 pm    Post subject: Reply with quote

If Google is breaking this for multiple senders, that suggests this is a Google problem, not a sender problem. The sender might or might not have relevant data in their logs, but Google should have a log of what happened.
Back to top
View user's profile Send private message
Max Steel
Advocate
Advocate


Joined: 12 Feb 2007
Posts: 2270
Location: My own world! I and Gentoo!

PostPosted: Mon Jan 29, 2024 6:37 pm    Post subject: Reply with quote

It looks like google did increase the requirements for incoming E-Mails to them. https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
for example, they want a dkim or at least strongly advise it.
Also our reverse-DNS Entrys for the smtp.gentoo.org server, doesnt show smtp.gentoo.org like it calls itself during submissions on the ipv6 Adresses (which gmail accepts), only woodpecker.gentoo.org.



And on a personal Note:
Quote:
If Google is breaking this for multiple senders, that suggests this is a Google problem, not a sender problem. The sender might or might not have relevant data in their logs, but Google should have a log of what happened.

probably. But you cant hide behind that shield if you also doesn't include todays standard in that, if your servers doesnt use something developed 30 years ago to help decrease spam mails. Like server naming through proper dns to submissions or at least dkim it from your outgoing servers (developed 10 years ago).

(Did you look in your E-Mail Headers outgoing? How much another server "doesn't know" who the server speaking to them is?)

Code:

Recieved: from goshawk.gentoo.org (unknown [140.211.166.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 34F4134336D for <some-name-here@web.de>; Mon, 29 Jan 2024 18:10:50 +0000 (UTC)


for reference, a nopaste
https://nopaste.net/WtElwRZR2x
_________________
mfg
Steel
___________________

Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2)
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22729

PostPosted: Mon Jan 29, 2024 6:57 pm    Post subject: Reply with quote

I cannot speak to the quality of Gentoo's outgoing SMTP setup. My point though is that Google caused this problem by setting their servers to reject these mails, and seemingly compounded it by not bouncing the mails in a clear way and not providing anyone with good logs. Perhaps the Gentoo project should change their mail server configuration. Perhaps not. Your mention of that Google blog post is the first I have heard of these requirements. After having read that post, I am particularly disgusted with Google on this point. They spend a lot more effort grandstanding and misleading than they do on the problem. Of course blocking unauthenticated messages causes a massive reduction in successfully delivered unauthenticated messages, because they're being blocked.

If Google is not going to report this in a way that makes it clear what should be done (and silently losing all this e-mail does not count to me as a good report), then I cannot condemn the volunteer Gentoo mail administrators for not handling this proactively.
Back to top
View user's profile Send private message
Max Steel
Advocate
Advocate


Joined: 12 Feb 2007
Posts: 2270
Location: My own world! I and Gentoo!

PostPosted: Mon Jan 29, 2024 7:53 pm    Post subject: Reply with quote

Hu wrote:
I cannot speak to the quality of Gentoo's outgoing SMTP setup. My point though is that Google caused this problem by setting their servers to reject these mails, and seemingly compounded it by not bouncing the mails in a clear way and not providing anyone with good logs. Perhaps the Gentoo project should change their mail server configuration. Perhaps not. Your mention of that Google blog post is the first I have heard of these requirements. After having read that post, I am particularly disgusted with Google on this point. They spend a lot more effort grandstanding and misleading than they do on the problem. Of course blocking unauthenticated messages causes a massive reduction in successfully delivered unauthenticated messages, because they're being blocked.

If Google is not going to report this in a way that makes it clear what should be done (and silently losing all this e-mail does not count to me as a good report), then I cannot condemn the volunteer Gentoo mail administrators for not handling this proactively.


I totally understand that, if they not going to do a proper bounce for something they not really accept. Doing a notification "Hey we quarantined that mail for you" to their customers/users, might be fine. IF they do a proper report to the user about that and have a way to do a "Thanks, but no thanks. Let it through"-Rule to that. In my opinion this is a good practice for a general mta. But it does not look like google does so, but i dont use them. So yeah. I just wanted to put out my thoughts about doing smtp configuration, which gentoo devs might not doing from my point of view. But also not having the time to volunteer to such a task.

But i found that blog post in the first 2 minutes of google search to "gmail does not accept my mails" or something along that lines. But, how should the gentoo devs know about it, if google doesnt make it public for other mtas...
_________________
mfg
Steel
___________________

Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2)
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22729

PostPosted: Mon Jan 29, 2024 8:26 pm    Post subject: Reply with quote

I did a cursory search of bugs.gentoo.org and did not find any open bugs requesting a change to the Gentoo SMTP infrastructure. Conveniently, since Google is already dropping Gentoo-generated mail (despite that they are supposed to start the new restrictions in February), anyone who uses Google mail, and does not already have a Bugzilla account, will now be unable to register a Bugzilla account to their Google mail and thus be unable to file a bug requesting the change.
Back to top
View user's profile Send private message
Max Steel
Advocate
Advocate


Joined: 12 Feb 2007
Posts: 2270
Location: My own world! I and Gentoo!

PostPosted: Mon Jan 29, 2024 9:15 pm    Post subject: Reply with quote

Hu wrote:
I did a cursory search of bugs.gentoo.org and did not find any open bugs requesting a change to the Gentoo SMTP infrastructure. Conveniently, since Google is already dropping Gentoo-generated mail (despite that they are supposed to start the new restrictions in February), anyone who uses Google mail, and does not already have a Bugzilla account, will now be unable to register a Bugzilla account to their Google mail and thus be unable to file a bug requesting the change.


Soooo... you suggest someone with access to b.g.o and a valid gmail adress (for testing) should open a bug about it. I can do it, but have not any gmail account on hand to set up a proper "hey look test it here" account.

A bug is fast enough opened... But i suggest that probably not everyone with a gmail account know about them not getting emails, or something.

Edit: I opened a bug regarding their changes: https://bugs.gentoo.org/923295
_________________
mfg
Steel
___________________

Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2)
Back to top
View user's profile Send private message
Max Steel
Advocate
Advocate


Joined: 12 Feb 2007
Posts: 2270
Location: My own world! I and Gentoo!

PostPosted: Mon Feb 05, 2024 3:34 pm    Post subject: Reply with quote

While looking into that i found another bug in bgo. from 2010... maybe that should get another look.

#334685
_________________
mfg
Steel
___________________

Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Forums Feedback All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum