Re: IPv6 RR disabled on lists.ovirt.org -- WHY???

Incident INC0093361: Neil Miao is requesting the following information to assist in completing your request: 2013-11-10 21:37:49 EST - Neil Miao Comments Hi there, Thanks Mike for going the extra mile to dig it out. The existing SPF record does look bad. Since lists.ovirt.org is actually a CNAME of linode01.ovirt.org. $ dig lists.ovirt.org ... ;; ANSWER SECTION: lists.ovirt.org.300INCNAMElinode01.ovirt.org. linode01.ovirt.org.300INA173.255.252.138 adding lists.ovirt.org to the SPF is a very obvious choice. :) - IN TXT "v=spf1 a:linode01.ovirt.org ~all" + IN TXT "v=spf1 a:linode01.ovirt.org a:lists.ovirt.org ~all" The change is pushed to the corp-dns. Let me know how it goes. Cheers Neil 2013-10-31 16:55:49 EDT - Dave Neary Comments Mail from the oVirt users mailing list is being marked as spam in gmail, and is not getting through to users. A colleague, Mike McLean, looked into the issue, and suspects it is related to our DNS config: See Mike's email to me below. Is this something IT services can help fix? Thanks, Dave. Mike wrote: I don't think it is users marking as spam, despite the google warning bar. The warning in the header suggests it is a networking problem. There is nothing in the headers about the ip address (which is ipv6) being on a blacklist. > On 10/31/2013 03:20 PM, Mike McLean wrote: >> Since I subscribed to the users list last week, I've had exactly zero >> messages from it in my gmail inbox. They're all in the spam folder. >> >> Each message shows a warning at the top "Be careful with this message. >> Many people marked similar messages as spam." >> >> I'm attaching a header example. One notable line is: >> >> Authentication-Results: mx.google.com; >> spf=softfail (google.com: domain of transitioning >> users-bounces(a)ovirt.org does not designate >> 2600:3c01::f03c:91ff:fe93:4b0d as permitted sender) >> smtp.mail=users-bounces(a)ovirt.org ^ This is the header warning I referred to >> It looks like ovirt.org only has an mx entry for linode01.ovirt.org. The >> host actually sending to google (lists.ovirt.org) doesn't show up in an >> mx entry. I'd push this up to IT. It appears that google doesn't trust this mail because ovirt.org explicitly says not to. From the headers, the mail is traversing from (sending user) -> linode01.ovirt.org -> lists.ovirt.org -> (google) The SPF record for ovirt.orig is: "v=spf1 a:linode01.ovirt.org ~all" (found via dig -t TXT ovirt.org) See: http://en.wikipedia.org/wiki/Sender_Policy_Framework This policy says that linode01.ovirt.org is allowed to send and all others (e.g. lists.ovirt.org) should "softfail". Who manages the ovirt.org servers? IT? Someone in IT will have more expertise in this than me, but I suspect that answer is one of 1) change the spf record for ovirt.org to allow lists.ovirt.org 2) reconfigure lists.ovirt.org to route its mail through linode01.ovirt.org State: Pending Customer Submitted Date: 2013-10-31 16:55:49 EDT Priority: 4 - Low Description: oVirt list email is being marked as spam by gmail To update your request and notify the person assigned to your request, simply reply to this email communication. You can view the status of your incident by selecting "Incidents" from the left navigation menu: LINK Ref:MSG1353267

On 05/24/2016 01:32 AM, David Caro wrote: > Maybe it's old enough so Quaid was involved back then? I don't recall for sure why IPv6 would be turned off, but iirc we had problems with SPF for a few years for gmail.com users, meaning it affected the end-users mailing lists the most. Is it possible SPF was turned off for IPv4 & IPv6, then the problem with SPF and GMail was fixed, and it was turned back on but only for IPv 4? How about experimenting and see what happens (SCIENCE!), maybe with a warning to the two main lists (devel, users) in case anything breaks? Best, - Karsten