Forgefriends outgoing SMTP misconfigured

DevOps forgefriends.org
#1

Bonjour,

It appears I have done something wrong with the outgoing SMTP configuration. Most probably missing an Ansible playbook.

To be continued

Hi Loic,

Here’s the output from one of our MXs

2022-11-02 17:25:00 [15242] H=patience.easter-eggs.com (smtp.internal.forgefriends.org) [redacted]:49100 I=[redacted]:25 Warning: X-Country: FR
2022-11-02 17:25:00 [15242] H=patience.easter-eggs.com (smtp.internal.forgefriends.org) [redacted]:49100 I=[redacted]:25 Warning: X-Spam-NoCheck: No
2022-11-02 17:25:00 [15242] H=patience.easter-eggs.com (smtp.internal.forgefriends.org) [redacted]:49100 I=[redacted]:25 sender verify defer for noreply@forum.forgefriends.org: could not connect to patience.easter-eggs.com [redacted]: Connection refused
2022-11-02 17:25:00 [15242] H=patience.easter-eggs.com (smtp.internal.forgefriends.org) [redacted]:49100 I=[redacted]:25 F=noreply@forum.forgefriends.org temporarily rejected RCPT redacted: Could not complete sender verify callout
2022-11-02 17:25:00 [15242] H=patience.easter-eggs.com (smtp.internal.forgefriends.org) [redacted]:49100 I=[redacted]:25 incomplete transaction (RSET) from noreply@forum.forgefriends.org
2022-11-02 17:25:00 [15242] SMTP connection from patience.easter-eggs.com (smtp.internal.forgefriends.org) [redacted]:49100 I=[redacted]:25 closed by QUIT

[redacted] noted that:

Signup emails are originating from noreply@forum.forgefriends.org.

Callbacks are failing because no email is configured for that domain at all.

SMTP connection from patience.easter-eggs.com (smtp.internal.forgefriends.org)

$ host forum.forgefriends.org
forum.forgefriends.org is an alias for patience.easter-eggs.com.
patience.easter-eggs.com has address redacted
$ host patience.easter-eggs.com
patience.easter-eggs.com has address redacted
$ # No MX record, so defaults to A record
$ # NB: No IPv6 either
$ telnet redacted 25
Trying redacted…
telnet: connect to address redacted: Connection refused

Hope that helps :slight_smile:

#2

@rlaguerre it would be great if you could set the reverse of 37.9.139.14 to smtp.internal.forgefriends.org

#3

That was fixed today, it will take a little while to propagate.

#4

The SPF record is incorrect too.

$ dig +short forgefriends.org TXT
"v=spf1 include:_mailcust.gandi.net ?all"

It should be “v=spf1 mx ip4:37.9.139.14 ~all”

#5

The emails sent by the forum come from the forum.forgefriends.org domain (CNAME of patience.easter-eggs.com) which doesn’t have an SPF record at all.

% dig +short forum.forgefriends.org TXT
patience.easter-eggs.com.
1 Like
#6

:man_facepalming:

Fixed.

$ dig +short @ns-190-b.gandi.net forum.forgefriends.org TXT
"v=spf1 mx ip4:37.9.139.14 ~all"
1 Like