View previous topic :: View next topic |
Author |
Message |
Jim5678 n00b
Joined: 23 Jan 2024 Posts: 13
|
Posted: Tue Jan 23, 2024 5:45 am Post subject: Google mail blocking password resets |
|
|
Hi,
I'm starting to get this with a few sites now,but google mail seems to be dropping password resets before they even get to spam.
Had to create this account to get access to the forums; wonder if it's related to this issue my email sent me attached to your message on sign up.
Quote: | This email has failed its domain’s authentication requirements. It may be spoofed(new window) or improperly forwarded |
Thanks,
James |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3747 Location: Rasi, Finland
|
Posted: Tue Jan 23, 2024 11:25 am Post subject: Re: Google mail blocking password resets |
|
|
Jim5678 wrote: | google mail seems to be dropping password resets before they even get to spam. | There are few possible scenarios here:- mail arrives but for some reason gmail marks it to be deleted
- mail doesn't arrive to gmail at all, but instead is dropped off at some point during the delivery
- mail doesn't get sent at all
The first case might be a result of some gmail filter you have. Please check if you have set any filters.
Our Forum Admins could check more detailed logs of your password reset attempts for possible undelivered mail for example. _________________ ..: Zucca :..
My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
Jim5678 n00b
Joined: 23 Jan 2024 Posts: 13
|
Posted: Thu Jan 25, 2024 9:36 am Post subject: |
|
|
Believe me, I've checked all the filters and settings and this is happening for my energy provider too, so I thought I'd give you a heads up.
They don' even get to my spam folder. |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22729
|
Posted: Thu Jan 25, 2024 3:48 pm Post subject: |
|
|
If Google is breaking this for multiple senders, that suggests this is a Google problem, not a sender problem. The sender might or might not have relevant data in their logs, but Google should have a log of what happened. |
|
Back to top |
|
|
Max Steel Advocate
Joined: 12 Feb 2007 Posts: 2270 Location: My own world! I and Gentoo!
|
Posted: Mon Jan 29, 2024 6:37 pm Post subject: |
|
|
It looks like google did increase the requirements for incoming E-Mails to them. https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
for example, they want a dkim or at least strongly advise it.
Also our reverse-DNS Entrys for the smtp.gentoo.org server, doesnt show smtp.gentoo.org like it calls itself during submissions on the ipv6 Adresses (which gmail accepts), only woodpecker.gentoo.org.
And on a personal Note:
Quote: | If Google is breaking this for multiple senders, that suggests this is a Google problem, not a sender problem. The sender might or might not have relevant data in their logs, but Google should have a log of what happened. |
probably. But you cant hide behind that shield if you also doesn't include todays standard in that, if your servers doesnt use something developed 30 years ago to help decrease spam mails. Like server naming through proper dns to submissions or at least dkim it from your outgoing servers (developed 10 years ago).
(Did you look in your E-Mail Headers outgoing? How much another server "doesn't know" who the server speaking to them is?)
Code: |
Recieved: from goshawk.gentoo.org (unknown [140.211.166.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 34F4134336D for <some-name-here@web.de>; Mon, 29 Jan 2024 18:10:50 +0000 (UTC)
|
for reference, a nopaste
https://nopaste.net/WtElwRZR2x _________________ mfg
Steel
___________________
Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2) |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22729
|
Posted: Mon Jan 29, 2024 6:57 pm Post subject: |
|
|
I cannot speak to the quality of Gentoo's outgoing SMTP setup. My point though is that Google caused this problem by setting their servers to reject these mails, and seemingly compounded it by not bouncing the mails in a clear way and not providing anyone with good logs. Perhaps the Gentoo project should change their mail server configuration. Perhaps not. Your mention of that Google blog post is the first I have heard of these requirements. After having read that post, I am particularly disgusted with Google on this point. They spend a lot more effort grandstanding and misleading than they do on the problem. Of course blocking unauthenticated messages causes a massive reduction in successfully delivered unauthenticated messages, because they're being blocked.
If Google is not going to report this in a way that makes it clear what should be done (and silently losing all this e-mail does not count to me as a good report), then I cannot condemn the volunteer Gentoo mail administrators for not handling this proactively. |
|
Back to top |
|
|
Max Steel Advocate
Joined: 12 Feb 2007 Posts: 2270 Location: My own world! I and Gentoo!
|
Posted: Mon Jan 29, 2024 7:53 pm Post subject: |
|
|
Hu wrote: | I cannot speak to the quality of Gentoo's outgoing SMTP setup. My point though is that Google caused this problem by setting their servers to reject these mails, and seemingly compounded it by not bouncing the mails in a clear way and not providing anyone with good logs. Perhaps the Gentoo project should change their mail server configuration. Perhaps not. Your mention of that Google blog post is the first I have heard of these requirements. After having read that post, I am particularly disgusted with Google on this point. They spend a lot more effort grandstanding and misleading than they do on the problem. Of course blocking unauthenticated messages causes a massive reduction in successfully delivered unauthenticated messages, because they're being blocked.
If Google is not going to report this in a way that makes it clear what should be done (and silently losing all this e-mail does not count to me as a good report), then I cannot condemn the volunteer Gentoo mail administrators for not handling this proactively. |
I totally understand that, if they not going to do a proper bounce for something they not really accept. Doing a notification "Hey we quarantined that mail for you" to their customers/users, might be fine. IF they do a proper report to the user about that and have a way to do a "Thanks, but no thanks. Let it through"-Rule to that. In my opinion this is a good practice for a general mta. But it does not look like google does so, but i dont use them. So yeah. I just wanted to put out my thoughts about doing smtp configuration, which gentoo devs might not doing from my point of view. But also not having the time to volunteer to such a task.
But i found that blog post in the first 2 minutes of google search to "gmail does not accept my mails" or something along that lines. But, how should the gentoo devs know about it, if google doesnt make it public for other mtas... _________________ mfg
Steel
___________________
Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2) |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22729
|
Posted: Mon Jan 29, 2024 8:26 pm Post subject: |
|
|
I did a cursory search of bugs.gentoo.org and did not find any open bugs requesting a change to the Gentoo SMTP infrastructure. Conveniently, since Google is already dropping Gentoo-generated mail (despite that they are supposed to start the new restrictions in February), anyone who uses Google mail, and does not already have a Bugzilla account, will now be unable to register a Bugzilla account to their Google mail and thus be unable to file a bug requesting the change. |
|
Back to top |
|
|
Max Steel Advocate
Joined: 12 Feb 2007 Posts: 2270 Location: My own world! I and Gentoo!
|
Posted: Mon Jan 29, 2024 9:15 pm Post subject: |
|
|
Hu wrote: | I did a cursory search of bugs.gentoo.org and did not find any open bugs requesting a change to the Gentoo SMTP infrastructure. Conveniently, since Google is already dropping Gentoo-generated mail (despite that they are supposed to start the new restrictions in February), anyone who uses Google mail, and does not already have a Bugzilla account, will now be unable to register a Bugzilla account to their Google mail and thus be unable to file a bug requesting the change. |
Soooo... you suggest someone with access to b.g.o and a valid gmail adress (for testing) should open a bug about it. I can do it, but have not any gmail account on hand to set up a proper "hey look test it here" account.
A bug is fast enough opened... But i suggest that probably not everyone with a gmail account know about them not getting emails, or something.
Edit: I opened a bug regarding their changes: https://bugs.gentoo.org/923295 _________________ mfg
Steel
___________________
Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2) |
|
Back to top |
|
|
Max Steel Advocate
Joined: 12 Feb 2007 Posts: 2270 Location: My own world! I and Gentoo!
|
Posted: Mon Feb 05, 2024 3:34 pm Post subject: |
|
|
While looking into that i found another bug in bgo. from 2010... maybe that should get another look.
#334685 _________________ mfg
Steel
___________________
Heim-PC: AMD Ryzen 5950X, 64GB RAM, GTX 1080
Laptop: Intel Core i5-4300U, 16GB RAM, Intel Graphic
Arbeit-PC: Intel i5-1145G7, 16GB RAM, Intel Iris Xe Graphic (leider WSL2) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|