Email Notifications

[Pernod]

Anyone receiving email notifications since the forum update?

I've had a couple of PM's and subscribed topics that I would usually get an email for, but not the expected emails. The email notifications are still selected in my profile, so can only assume an issue with the update.

[BigEd]

Good spot. I get lots of email notifications, usually, but the most recent was just after midnight on Tuesday the 8th.

[IanS]

Good spot. I get lots of email notifications, usually, but the most recent was just after midnight on Tuesday the 8th.

I subscribed to this thread and got a notification email for your post.

[BigEd]

Interesting, so they are going out - but maybe the deliverability is patchy. I'm a gmail user, and I'm not presently seeing any.

[KenLowe]

Perhaps being directed to Junk?

[BigEd]

Maybe for some people, maybe some of the time, but not for me in this case.

(There was a lot of trouble over on 6502.org with deliverability - could be similar - only very rarely would the notifications go to spam, almost always they were just not there, blocked on the way in presumably.)

[BigEd]

Perhaps someone who runs their own mailserver could share the (redacted) headers of the notifications they are getting?

[IanS]

Perhaps someone who runs their own mailserver could share the (redacted) headers of the notifications they are getting?

I don't run my own mailserver, though I did until recently.

Headers as received by mxroute -

Code: Select all

[code]Return-Path: <stardotcouk@www.stardot.org.uk>
Delivered-To: <redacted>@testbox2.co.uk
Received: from witcher.mxrouting.net
	by witcher.mxrouting.net with LMTP
	id +HzUC5AX12T6zREAYBR5ng
	(envelope-from <stardotcouk@www.stardot.org.uk>)
	for <<redacted>@testbox2.co.uk>; Sat, 12 Aug 2023 05:24:32 +0000
Return-path: <stardotcouk@www.stardot.org.uk>
Envelope-to: <redacted>@testbox2.co.uk
Delivery-date: Sat, 12 Aug 2023 05:24:32 +0000
Received: from www.stardot.org.uk ([82.148.225.179])
	by witcher.mxrouting.net with esmtps  (TLS1.3) tls TLS_AES_256_GCM_SHA384
	(Exim 4.96-58-g4e9ed49f8)
	(envelope-from <stardotcouk@www.stardot.org.uk>)
	id 1qUh6u-004xVG-1T
	for <redacted>@testbox2.co.uk;
	Sat, 12 Aug 2023 05:24:32 +0000
Received: from www.stardot.org.uk (localhost [127.0.0.1])
	by www.stardot.org.uk (8.16.1/8.16.1) with ESMTPS id 37C5OBvp022561
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
	for <<redacted>@testbox2.co.uk>; Sat, 12 Aug 2023 06:24:11 +0100 (BST)
	(envelope-from stardotcouk@www.stardot.org.uk)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=stardot.org.uk;
	s=20200214; t=1691817851;
	bh=/38xef6tcrCM5+NZqALJ0Xz6cB47v69HjxwJDLxFa2Q=;
	h=To:Subject:From:Reply-To:Date:List-Unsubscribe;
	b=QAXU0y1npxotYnGBVnzrJj1E6+oVBHru4CN7GbF+gWe3IUR/LfkDpRkm/ogzv89Pm
	 80+CLXQrZ7b3gRRyoVr0QH1om6s9m3BiFpwMFM0A4ZsH8d38Ku2QAg5UAgiHDy9ZbC
	 X8iDMR+Ei7bsloMuthap5Hcxl6/LeZNx9RFRk6EXX35/H0+kmco6P0+abit8gYOu9g
	 IuySgWxvMXS16w2jhAYfJ/mX0PoTJYcHfy30VFLGdR32Z9KyfBdcqpR9G7OkFwecsI
	 dsdLGK3+6QGeH422gfwudtUYDwf8hpNq8kHSk6xE9FXAM9dVSJxkTLjWCr9k2F2VU3
	 haBfcFtQQDyXQ==
Received: (from stardotcouk@localhost)
	by www.stardot.org.uk (8.16.1/8.16.1/Submit) id 37C5OBkA022442;
	Sat, 12 Aug 2023 06:24:11 +0100 (BST)
	(envelope-from stardotcouk)
To: =?US-ASCII?Q?IanS?= <<redacted>@testbox2.co.uk>
Subject: =?US-ASCII?Q?Reply=20in=20=22Email=20Notifications=22?=
From: <contact@stardot.org.uk>
Reply-To: <contact@stardot.org.uk>
Sender: <contact@stardot.org.uk>
MIME-Version: 1.0
Message-ID: <8059a19d7857d07f5bcdbdb60fb95ae6@stardot.org.uk>
Date: Sat, 12 Aug 2023 06:23:37 +0100
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: phpBB3
X-MimeOLE: phpBB3
X-phpBB-Origin: phpbb://stardot.org.uk/forums
List-Unsubscribe: <https://stardot.org.uk/forums/viewtopic.php?uid=9062&t=27410&unwatch=topic>
X-DKIM: signer='stardot.org.uk' status='pass' reason=''
DKIMCheck: Server passes DKIM test, 0 Spam score
X-Spam-Score: -0.1 (/)
X-Spam-Report: Spam detection software, running on the system "witcher.mxrouting.net", has
 performed the tests listed below against this email.
 Information: https://mxroutedocs.com/directadmin/spamfilters/
 
 Content analysis details:   (-0.1 points)
 
  pts rule name              description
 ---- ---------------------- -----------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URI: stardot.org.uk]
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                             domain
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
SpamTally: Final spam score: 0

Hello IanS,

The topic "Email Notifications" received a new reply by BigEd since your
last visit to "stardot.org.uk". No more emails will be sent until you visit
the topic.

[BigEd]

If you're in a position to route a notification to a temporary address at mail-tester.com that gives lots of advice.

My last seen notification - a bit later than I said:

Code: Select all

Delivered-To: redacted@gmail.com
Received: by 2002:a05:7300:b088:b0:cd:c02b:964b with SMTP id db8csp2010927dyb;
        Mon, 7 Aug 2023 23:23:29 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHA1Wb/C6SUOo/bTWsRnOUH2V9K3QMNoHOBi6235hD2xK6edlX2WZ0KNtqukEU8q788IPXx
X-Received: by 2002:a7b:c393:0:b0:3f7:678c:74b0 with SMTP id s19-20020a7bc393000000b003f7678c74b0mr7325922wmj.12.1691475809346;
        Mon, 07 Aug 2023 23:23:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691475809; cv=none;
        d=google.com; s=arc-20160816;
        b=bVhZd3CM7xXEH/K0CXoKMcUffIHNkooJRRY9YGEaCeZmA4PDp8+D/poh0sIJhKy98I
         s/gkWe06XTOZY2P8M7J88t3hLiVT48IeSNe8dbGRuuvcnKIOk0LVWkruURAH9cn1/Vcf
         Q5raRCwXmcP6B7teiKaJ4u6U/GXWCDpF76AIXBYR2SG4okVxF+520cSC2zC+Gj/auir7
         dHOvDpv1GYWTdKcLcxBwkMr3xZBT7ARjibL0x7WjnVoIYiqbWzN2+ezDG/xeFNhngQdy
         1LbF6M5FCvLQZiNVMkoOKEFD4aTSQUgLh/0tzdgdh7syIECkY2tsgeGLIIT4cZjGZuey
         m78g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:content-transfer-encoding:date:message-id
         :mime-version:sender:reply-to:from:subject:to;
        bh=E6Hr8QKp9rmYBtpWR3W8In8tHbd44+3X5xPoydd/Yqk=;
        fh=UEqDespwriIwNuXEBuOPmh0GDLAfHlpVtYEKEY+VcvQ=;
        b=o1lGu1TpuC9QwUWhYRFh5+8etY+DAPuc/syQjU6Jb9gSIso07zX75TiwjwOC+zV17i
         A1jJtiHbqr2wXLE4206lJIqGwBJMmKVW7pTVLFDgw2/AL/5kcv50rk2rfBul9qBn6v6+
         00+w/SCfFIu6qPm1ADZFM15MRCr/5keftX+KgpoXCoh2z9RY4xlXM3y4W2ESxJS2JlBc
         PmFv2o7N9Nj1of7pUM7fF41qam226tLPXlSSyO0B07CT7XkLnYfcbsgWlJPj/7nBjRZh
         HzzgodhkcWM/Cxm9ZaF1FuVAqIyRhvyuUnjq+j3/hOLa8YEX5YecPA5EOqAYn8ojpPuD
         FIvg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=none (google.com: www.stardot.org.uk does not designate permitted sender hosts) smtp.mailfrom=www@www.stardot.org.uk
Return-Path: <www@www.stardot.org.uk>
Received: from www.stardot.org.uk (www.stardot.org.uk. [82.148.225.178])
        by mx.google.com with ESMTPS id t15-20020adff04f000000b0031762631ae3si4417936wro.622.2023.08.07.23.23.28
        for <redacted@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 07 Aug 2023 23:23:29 -0700 (PDT)
Received-SPF: none (google.com: www.stardot.org.uk does not designate permitted sender hosts) client-ip=82.148.225.178;
Authentication-Results: mx.google.com;
       spf=none (google.com: www.stardot.org.uk does not designate permitted sender hosts) smtp.mailfrom=www@www.stardot.org.uk
Received: from www.stardot.org.uk (localhost [127.0.0.1]) by www.stardot.org.uk (8.15.2/8.15.2) with ESMTPS id 3786NScg008867 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <redacted@gmail.com>; Tue, 8 Aug 2023 07:23:28 +0100 (BST) (envelope-from www@www.stardot.org.uk)
Received: (from www@localhost) by www.stardot.org.uk (8.15.2/8.15.2/Submit) id 3786NSPR008866; Tue, 8 Aug 2023 07:23:28 +0100 (BST) (envelope-from www)
To: BigEd <redacted@gmail.com>
Subject: Topic reply notification - "Acorn Electron online?
  Any such hardware."
X-PHP-Originating-Script: 1009:functions_messenger.php
From: <contact@stardot.org.uk>
Reply-To: <contact@stardot.org.uk>
Sender: <contact@stardot.org.uk>
MIME-Version: 1.0
Message-ID: <be86fa7e0d744987046243827dd9a671@stardot.org.uk>
Date: Tue, 08 Aug 2023 07:22:16 +0100
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: phpBB3
X-MimeOLE: phpBB3
X-phpBB-Origin: phpbb://stardot.org.uk/forums
List-Unsubscribe: <https://stardot.org.uk/forums/viewtopic.php?uid=9120&f=3&t=19013&unwatch=topic>

[Pernod]

Interesting, so they are going out - but maybe the deliverability is patchy. I'm a gmail user, and I'm not presently seeing any.

I'm also gmail, and definitely not ending up in Spam.

[baz4096]

When I migrated the site over to the new server, I noticed that I no longer received notifications. At the time, the DNS had only just changed and I wasn't sure if notification mails were being flagged due to cached DNS not matching with the IP of the sending server. I could see in the mail logs that Google were flat refusing to accept messages.

To help mitigate this, I added a DMARC policy and DKIM signed each outgoing mail which immediately helped delivery to my email address (Google hosted mail).

Given the problems seem primarily related to Gmail, I'll swap my mail over and diagnose further.

Thanks for all the mail headers, very helpful.

Chris

[sweh]

Perhaps someone who runs their own mailserver could share the (redacted) headers of the notifications they are getting?

I run my own mail server, but I'm not sure how to force trigger an email! I _think_ phpBB may take into account online status when deciding whether to mail you or not; dunno!

Maybe an admin could send me a test via the ACP and then PM me to let me know? Or else I've subscribed to this thread.. maybe it'll send me one...

[IanS]

Or else I've subscribed to this thread.. maybe it'll send me one...

Quoted and posted to trigger an email.

[sweh]

OK, I can see an SMTP attempt. It's hit my greylist (normal; it's a great anti-spam solution). Hopefully it'll retry; all proper mail servers will.

One oddity I did see is that it's trying over IPv6 which has a good rDNS but one that doesn't match the forward DNS. That'll score down on some systems, 'cos it'll fail FCrDNS ( https://en.wikipedia.org/wiki/Forward-c ... everse_DNS )

Code: Select all

Aug 12 08:36:17 dastardly postfix/smtpd[8571]: warning: hostname www.stardot.org.uk does not resolve to address 2a00:1b98:1:2::179: Name or service not known
Aug 12 08:36:17 dastardly postfix/smtpd[8571]: connect from unknown[2a00:1b98:1:2::179]
Aug 12 08:36:23 dastardly postfix/smtpd[8571]: Anonymous TLS connection established from unknown[2a00:1b98:1:2::179]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 12 08:36:23 dastardly postfix/smtpd[8571]: NOQUEUE: reject: RCPT from unknown[2a00:1b98:1:2::179]: 450 4.7.1 <MYEMAIL>: Recipient address rejected: Greylisting in progress.  Try later; from=<stardotcouk@www.stardot.org.uk> to=<MYEMAIL> proto=ESMTP helo=<www.stardot.org.uk>
Aug 12 08:36:31 dastardly postfix/smtpd[8571]: disconnect from unknown[2a00:1b98:1:2::179]

[guesser]

Gmail can be a huge PITA with this stuff. I run a couple of small wikis and it consistently bounces mail from them despite the DKIM signing etc all being in order as far as I can make out. Their spam policies are so opaque, to prevent them being gamed I suppose, but it makes their delivery troubleshooting pages mostly useless.

[sweh]

OK, the mail did arrive.

SpamAssassin scored it 1.2, because of the rDNS issue. DKIM passed, there is an SPF mismatch on the HELO but spamassassin doesn't score that. Other systems might.

Code: Select all

Content analysis details:   (1.2 points, 4.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                            domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS

[baz4096]

OK, the mail did arrive.

SpamAssassin scored it 1.2, because of the rDNS issue. DKIM passed, there is an SPF mismatch on the HELO but spamassassin doesn't score that. Other systems might.

Code: Select all

Content analysis details:   (1.2 points, 4.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                            domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS

Trying again, disabled IPv6 in the mail config...

[baz4096]

OK, the mail did arrive.

SpamAssassin scored it 1.2, because of the rDNS issue. DKIM passed, there is an SPF mismatch on the HELO but spamassassin doesn't score that. Other systems might.

Code: Select all

Content analysis details:   (1.2 points, 4.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from author's
                            domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS

Trying again, disabled IPv6 in the mail config...

That didn't work! Sorry for the spam, trying again....

[KenLowe]

At a guess, the reverse DNS failure is likely to be an issue. That's usually something the ISP would need to fix for you.

[baz4096]

SpamAssassin scored it 1.2, because of the rDNS issue. DKIM passed, there is an SPF mismatch on the HELO but spamassassin doesn't score that. Other systems might.

So sweh hit the nail on the head. The old server mail system was only set up for IPv4. Migrating to the new server, which has both v4 & v6 setup, means that some mail gets sent out via IPv6.

My Google hosted mail works fine because I've never added IPv6 MX records. IanS's mail server also only uses IPv4 MX records. Gmail, however, uses both and it seems our new server will favour delivery by IPv6 if it's set up.

Hopefully someone with a Gmail address has read the thread up to this point, so they'll receive a new notification message! phpBB only sends out notifications for the first reply since you last read the thread. Subsequent replies don't generate more notifications.

[sweh]

If you want to keep using IPv6 then you should just need to add an AAAA record for www.stardot.org.uk, so then FCrDNS will work (ip6 address -> rDNS -> www.stardot -> AAAA -> ip6 address).

[sweh]

At a guess, the reverse DNS failure is likely to be an issue. That's usually something the ISP would need to fix for you.

It wasn't rDNS that was the problem; that existed. It was that rDNS didn't match forward DNS so FCrDNS failed.

[baz4096]

If you want to keep using IPv6 then you should just need to add an AAAA record for www.stardot.org.uk, so then FCrDNS will work (ip6 address -> rDNS -> www.stardot -> AAAA -> ip6 address).

It would also mean configuring Apache to handle IPv6 - which I know is relatively trivial but I'm running out of time for today. The hosting providers are really good at setting this kind of thing up - they handle the DNS changes - so I'll drop them a message next week and see about making IPv6 support permanent.

Edit: Nope, not figured it out yet.

[sweh]

It would also mean configuring Apache to handle IPv6

I think it already is;

Code: Select all

openssl s_client -connect '[2a00:1b98:1:2::179]:443' -servername www.stardot.org.uk
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = stardot.org.uk
verify return:1
---Certificate chain 0 s:CN = stardot.org.uk
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

(It's what I'd expect; apache mostly does the right thing by default).

[sweh]

Alright, that seems the more correct way to resolve this then. I'll get an email sent over to the hosts asap asking them to add the relevant records.

Thanks to everyone for their help! I'll try get this resolved as soon as possible.

Chris

Err, was there an edit mistake somewhere? That message above in my name is not my content. I had an example of showing apache working with IPv6.

Umm...

[baz4096]

You would be right. So I screwed up and edited your post. Please accept my apologies! I thought I'd hit "quote in reply" but hit "edit" instead, which does a _very_ different thing.

I'm rushing as I have somewhere to be very shortly, and really wanted to get this resolved. Time to pass it onto the hosting provider.

Chris

[sweh]

No worries. I had hoped it was an admin error and not databse corruption

[baz4096]

Thanks Stephen

I managed to restore the majority of your post above. More speed, less haste is the pertinent lesson for me here.

So I've emailed the hosting provider. Hopefully they will be able to add the IPv6 DNS records soon, but it's likely to be Monday at the earliest. Having done a tiny bit of reading (more will be done later) it looks like I'll simply have to add the IPv6 number to the :80 & :443 virtual hosts.

Chris

[sweh]

If you're using a "default" type setup then it should already be *:443 which listens on all addresses.

eg my apache config has lines like

Code: Select all

<VirtualHost *:443>
  ServerName www.sweharris.org
  DocumentRoot /web/htdocs/www.sweharris.org

With the openssl command I showed it was listening and the SNI (-servername) picked the right TLS cert, so I don't think you'll need to do anything.

As a quick test I added this to my local etc/hosts file

Code: Select all

2a00:1b98:1:2::179 www.stardot.org.uk

Now I can test..

Code: Select all

% curl -v -6 https://www.stardot.org.uk
* About to connect() to www.stardot.org.uk port 443 (#0)
*   Trying 2a00:1b98:1:2::179...
* Connected to www.stardot.org.uk (2a00:1b98:1:2::179) port 443 (#0)
...
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.stardot.org.uk
> Accept: */*
>
< HTTP/1.1 200 OK   
< Date: Sat, 12 Aug 2023 14:53:17 GMT
< Server: Apache
< Upgrade: h2
< Connection: Upgrade
< Last-Modified: Sat, 28 May 2016 17:00:10 GMT
< ETag: "d88-533e9f4bd72ad"
< Accept-Ranges: bytes
< Content-Length: 3464
< Content-Type: text/html
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>stardot.org.uk</title>

So that worked.

So I don't think you need to do anything for apache.

[baz4096]

There's a few different virtual hosts on this server, but only one physical IP address. The config, is as you suggested using the default * type. I didn't realise that it would apply to both types of IP address, so something new learnt. Thanks!