Hey there,
I've just added a new email address to my account and found out that the confirmation email gets greylisted by my server. This is because the server(s) sending the confirmation emails are not included in the drupal.org SPF record.
current SPF:
$ dig +short drupal.org txt
"v=spf1 include:servers.mcsv.net ?all"
Log lines (email addresses anonymized) that show postfix receiving the email:
Apr 22 15:47:36 pshum postfix/smtpd[25596]: connect from hemlock.osuosl.org[140.211.166.133]
Apr 22 15:47:37 pshum milter-greylist: (unknown id): addr hemlock.osuosl.org[140.211.166.133] from =lelutin.ca@drupal.org> to <someone@somewhere.tld> delayed for
00:14:35 (ACL 164)
Apr 22 15:47:37 pshum postfix/smtpd[25596]: NOQUEUE: milter-reject: RCPT from hemlock.osuosl.org[140.211.166.133]: 451 4.7.1 Greylisting in action, please com
e back later; from=<bounces+someone=somewhere.tld@drupal.org> to=<someone@somewhere.tld> proto=ESMTP helo=<hemlock.osuosl.org>
Apr 22 15:47:37 pshum postfix/smtpd[25596]: disconnect from hemlock.osuosl.org[140.211.166.133]
Email is finally delivered, albeit with a delay. So the issue does not have a very high impact. It might help the domain's reputation to make the hosts verifiable through the SPF though.
I'd suggest you add the relevant hosts or add some "include:osuosl.org" part in the SPF, or what should be relevant to this case.
Comments
Comment #1
nnewton CreditAttribution: nnewton commentedHmm....
This record used to be "drupal.org. 3501 IN TXT "v=spf1 mx ~all"
I don't know why that changed. I'll ask.
Likely won't impact greylisting though (depends on config).
-N
Comment #2
basic CreditAttribution: basic at Drupal Association commentedThanks for reporting this, it looks like this has been a long standing issue with the spf for drupal.org.
I've pushed a new config that should go live within the next hour:
which translates to
Comment #3
basic CreditAttribution: basic at Drupal Association commentedby long standing I mean since mid March: Date: Mon Mar 9 15:53:34 2015 -0700
the mx was removed from the spf when mailchimp verification was happening, but this step is complete and the mx has been added back.
Comment #4
mlhess CreditAttribution: mlhess as a volunteer commented