[Systems] Email classified as spam went sent over @sugarlabs.org alias

Bernie Innocenti bernie at sugarlabs.org
Sun Jun 28 13:21:48 EDT 2020


On 29/06/2020 01.14, Srevin Saju wrote:
> Wow!! Thanks. You are right, the new email does not have the red pad 
> lock. I am very new to the way how emails work 😁, trying to learn them 
> of course. Amazed at the way you solved it. (Looks very complicated. 
> Hopefully I will learn how an _email_ works in another decade 😇)
> Yea, I agree, I would not need a shell account.

Email used to be simple before it had to deal with spammers and 
eavesdroppers.

Now getting delivery to work consistently is an art, and eliminating 
spam is almost impossible at our scale.


> Thanks a lot again
> I do not have the skills to debug it anyway.
> (Learning from the pros)

Well, your clear bug report brought the problem to our attention, and 
that's important. I think encrypted delivery has been broken for two 
months and nobody had noticed.

Cheers!


> On Sun, Jun 28, 2020, 17:02 Bernie Innocenti <bernie at sugarlabs.org 
> <mailto:bernie at sugarlabs.org>> wrote:
> 
>     On 28/06/2020 22.14, Srevin Saju wrote:
>>
>>     Thanks for the reply
>>
>>
>>>     I went to postmaster.google.com <http://postmaster.google.com>,
>>>     and the sugarlabs.org <http://sugarlabs.org> domain has a tiny
>>>     trickle of spam reported against it on May 28 and April 1, but
>>>     otherwise the reputation is 100% good for the past 120 days, and
>>>     most (but not all) email should be signed with DMARC.
>>
>>     Ok, I might not have signed my email with DMARC; and I do not know
>>     how to align sugarlabs' DKIM signature on an alias. I was able to
>>     succeed on my personal domain, but not on sugarlabs.org
>>     <http://sugarlabs.org>. If you have any small guide, or any
>>     previous extract from the sugarlabs mailing list, it would do me
>>     great help. (I searched over the archives, did not find anything
>>     useful)
>>
>     Well, the whole point of DKIM is that nobody can sign an email as
>     originating from sugarlabs.org <http://sugarlabs.org> /unless/ they
>     have the private key ;-)
> 
>     With a shell account, you could submit mail to sunjammer via
>     authenticated SMTP on port 465 (submissions). Then, sunjammer would
>     sign it and deliver it to its next relay.
> 
>     New accounts on sunjammer are discouraged because users with too
>     little shell experience cost the admins a lot of support. It's also
>     no longer needed by the current development workflow, which is based
>     on Git Hub.
> 
>     If you have a valid use-case, just find a sponsor and send us a
>     request. The sysadmins are all busy with work and life, and the
>     self-hosted infrastructure is on long-term maintenance mode... so
>     don't expect fast turnaround :-)
> 
> 
>>>     For the red padlock:  indeed, it seems we're not using SMTPS when
>>>     connecting to gmail.com <http://gmail.com>. This shouldn't affect
>>>     the spam score, but it's not good for privacy. Maybe aleph@ can
>>>     help us debug this.
>>
>>     Thanks. Please let me know if I can do anything.
>>
>     I fixed it. This email should have no red padlock (there is no green
>     padlock).
> 
> 
>     Our Postfix config was missing the "new" option
>     smtp_tls_security_level. I set it to "may", which is the simplest
>     level of opportunistic encryption:
> 
>     http://www.postfix.org/postconf.5.html#smtp_tls_security_level
>     <http://www.postfix.org/postconf.5.html#smtp_tls_security_level>
> 
>     Setting it to "dane" would increase MitM resilience while also being
>     interoperable with legacy non-TLS domains. I'm not opposed to trying
>     it out if someone wants to own debugging it.
> 
> 
>>>     Could you please forward the entire email to me, including all
>>>     headers and body? Do you know for sure that serverquark at gmail.com
>>>     <mailto:serverquark at gmail.com> is a legit sender and the email is
>>>     not spam sent to your sugarlabs.org <http://sugarlabs.org> email
>>>     alias?
>>
>>     serverquark at gmail.com <mailto:serverquark at gmail.com> is an email
>>     address owned by me. I use it to do some random testing. I did not
>>     want to disclose any other email addresses in the conversation,
>>     (due to privacy problems). so i had used my personally created
>>     email addresses. I shall forward the entire email to your personal
>>     email.
>>
>>     The email is not spam, I did a test email to see if it shows the
>>     padlock. The image I sent in the first email, was an email sent to
>>     sugarlabs-devel@; you can see it here
>>
>>     http://lists.sugarlabs.org/archive/sugar-devel/2020-June/058454.html
>>     <http://lists.sugarlabs.org/archive/sugar-devel/2020-June/058454.html>
>>
>>     Seems like none of the members whom I CC'ed got the email in the
>>     Inbox. They found it in the spam for some reason. I hope its not
>>     because I do not use smtp.sugarlabs.org
>>     <http://smtp.sugarlabs.org>; I use smtp.gmail.com
>>     <http://smtp.gmail.com>
>>
>>
>>     Thanks again.
>>
>>
>>>
>>>     On 24/06/2020 21.32, Srevin Saju wrote:
>>>>
>>>>     Hello
>>>>
>>>>     (PS: I had previously sent an email which was likely classified
>>>>     as spam; so this email has more information)
>>>>
>>>>     I had been facing (encryption) problems with @sugarlabs.org
>>>>     <http://sugarlabs.org> alias. Recently, the Sugar Mailing list
>>>>     classified my email as spam, and the email was not  delivered to
>>>>     the respective members, possibly because Gmail classified it as
>>>>     spam email.
>>>>
>>>>     https://usercontent.irccloud-cdn.com/file/xRfwCf8y/Capture.PNG
>>>>
>>>>     This is how it looked. My email alias is
>>>>     srevinsaju at sugarlabs.org <mailto:srevinsaju at sugarlabs.org>
>>>>     connected to smtp.gmail.com <http://smtp.gmail.com>.
>>>>
>>>>     Also, this is another problem:
>>>>
>>>>     the emails I receive has this message along with it
>>>>     "sugarlabs.org <http://sugarlabs.org> did not encrypt this message"
>>>>
>>>>     I had not known that my emails were classified as spam, because
>>>>     I particularly use the Mozilla Thunderbird Email Client, these
>>>>     images were forwarded by other users who did not receive my
>>>>     email and found it later in the spam
>>>>
>>>>     I am not sure if I am doing something wrong. Please let me know
>>>>     , if I messed up some step in setting up an alias. My other
>>>>     personal email (mail at srevinsaju.me <mailto:mail at srevinsaju.me>,
>>>>     srevin03 at gmail.com <mailto:srevin03 at gmail.com>) do not have
>>>>     these problems on both sides.
>>>>
>>>>     Sorry for taking your time
>>>>
>>>>     Thank you
>>>>
>>>>     -- 
>>>>
>>>>     V/r
>>>>     Srevin Saju
>>>
>>>
>>>     -- 
>>>     _ // Bernie Innocenti
>>>     \X/https://codewiz.org/  <https://codewiz.org/>
>>     -- 
>>     V/r
>>     Srevin Saju
> 
> 
>     -- 
>     Bernie Innocenti
>     Sugar Labs Infrastructure Team
>     http://wiki.sugarlabs.org/go/Infrastructure_Team  <http://wiki.sugarlabs.org/go/Infrastructure_Team>
> 


-- 
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team


More information about the Systems mailing list