Closed
Bug 1065343
Opened 10 years ago
Closed 10 years ago
Telefonica emails bouncing.
Categories
(Infrastructure & Operations :: Infrastructure: Mail, task)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: rwatson, Unassigned)
Details
We received this email from David: Hi, I'm David Palomino, I'm not sure if you are the ones who usually have to deal with this issues (if it's not the case, sorry about that). It seems that we're rejecting any mails coming from @telefonica.com (and that's a big problem, as they are our main partners for FxOS . I've checked this with several colleagues in TEF, and all with the same result. I'm copying and pasting below the info provided by SMTP server from TEF. If you are not responsible of checking this, please just let me know how to raise this. Thanks a lot! David Información de diagnóstico para los administradores: Generando servidor: smtptc.telefonica.com dpalomino@mozilla.com mozilla.com.s5a1.psmtp.com #<mozilla.com.s5a1.psmtp.com #5.0.0 smtp; 550 Sender Authorization check failed - psmtp> #SMTP# Encabezados de mensajes originales: Return-Path: <cristina.helguerasanchez@telefonica.com> Received: from smtptc.telefonica.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2DCB288192 for <dpalomino@mozilla.com>; Wed, 10 Sep 2014 11:58:02 +0200 (CEST) Received: from ESTGVMSP101.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtptc.telefonica.com (Postfix) with ESMTPS id 12CF88816E for <dpalomino@mozilla.com>; Wed, 10 Sep 2014 11:58:02 +0200 (CEST) Received: from ESTGVMSP234.EUROPE.telefonica.corp ([fe80::709b:af58:f600:5455]) by ESTGVMSP101.EUROPE.telefonica.corp ([fe80::dcb3:36c9:e979:754d%11]) with mapi id 14.03.0146.002; Wed, 10 Sep 2014 11:57:58 +0200 From: CRISTINA HELGUERA SANCHEZ <cristina.helguerasanchez@telefonica.com> To: David Palomino <dpalomino@mozilla.com> Subject: Draft agenda workshop Thread-Topic: Draft agenda workshop Thread-Index: Ac/M3O0VZvOxwCkVTFCLBCehOfcAaQAAJ5rA Date: Wed, 10 Sep 2014 09:57:57 +0000 Message-ID: <7671CF9B5992944CA8B5C90A2E15BB952EC3D88F@ESTGVMSP234.EUROPE.telefonica.corp> Accept-Language: es-ES, en-US Content-Language: es-ES X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.92.4.9] Content-Type: multipart/alternative; boundary="_000_7671CF9B5992944CA8B5C90A2E15BB952EC3D88FESTGVMSP234EURO_" MIME-Version: 1.0 X-TM-AS-MML: No I am investigating but if someone could look at this as a matter of Urgency since they are a large partner of Mozilla.
Reporter | ||
Updated•10 years ago
|
Severity: normal → major
Reporter | ||
Comment 1•10 years ago
|
||
"Another delivery report just 3 minutes ago: Reporting-MTA: dns; smtpar4.telefonica.com X-Postfix-Queue-ID: 6E8B4160173 X-Postfix-Sender: rfc822; simon.callan@telefonica.com Arrival-Date: Wed, 10 Sep 2014 09:23:48 -0300 (ART) Final-Recipient: rfc822; dpalomino@mozilla.com Original-Recipient: rfc822;dpalomino@mozilla.com Action: failed Status: 5.0.0 Remote-MTA: dns; mozilla.com.s5a1.psmtp.com Diagnostic-Code: smtp; 550 Sender Authorization check failed - psmtp But with other Telefonica users it's working now (but with different MTA). "
Comment hidden (obsolete) |
Reporter | ||
Comment 3•10 years ago
|
||
Dave, is there anything we can do to allow these emails through our Postini checks?
Comment hidden (obsolete) |
Comment 5•10 years ago
|
||
(In reply to Ryan Watson [:w0ts0n] from comment #3) > Dave, is there anything we can do to allow these emails through our Postini > checks? I don't think we can without completely disabling SPF checks, which I wouldn't recommend. (In reply to Ryan Watson [:w0ts0n] from comment #1) > But with other Telefonica users it's working now (but with different MTA). ^^^^ this is a big clue. The sender is using an unauthorized MTA, the users who have it working are using the correct one.
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Comment hidden (obsolete) |
Comment 9•10 years ago
|
||
https://support.google.com/a/answer/4568483?hl=en They need to eliminate one of those two SPF records, or combine them both into the same one.
Comment 10•10 years ago
|
||
So to summarize, now that I've thoroughly confused people as I posted stuff here as I found it, here's the real problem: The problem is in telefonica.com's DNS. They have 2 SPF records. One of them matches the IP they're sending from, the other doesn't. You're only allowed to have one. Whichever one it finds first will get used. This means their mail will be randomly failing depending on the order the records are returned (which are returned at random by the nameserver). The correct fix is to combine the two SPF records. Right now they have: telefonica.com descriptive text "v=spf1 mx ip4:158.230.100.102 ip4:200.81.36.136/31 ip4:200.81.42.136/31 ip4:200.106.240.18/31 ip4:200.106.242.18/31 ip4:200.205.95.100/31 ip4:200.51.236.83/31 ip4:81.47.204.76 ip4:195.76.34.108 ip4:200.81.36.15 ip4:194.224.58.62 ?all" telefonica.com descriptive text "v=spf1 include:spf.protection.outlook.com -all" They need to be combined into telefonica.com descriptive text "v=spf1 mx ip4:158.230.100.102 ip4:200.81.36.136/31 ip4:200.81.42.136/31 ip4:200.106.240.18/31 ip4:200.106.242.18/31 ip4:200.205.95.100/31 ip4:200.51.236.83/31 ip4:81.47.204.76 ip4:195.76.34.108 ip4:200.81.36.15 ip4:194.224.58.62 include:spf.protection.outlook.com ?all" Perhaps with the "?all" being a "-all" at the end instead, that choice would be up to them. There is nothing else we can do on our end, they need to fix their DNS.
Reporter | ||
Comment 11•10 years ago
|
||
Thank Dave. I'll see if I can get in contact with their IT team and pass the bug along.
Comment 12•10 years ago
|
||
Thanks a lot Dave and Ryan! I'll send this info to their IT team. Is it ok to cc them here in this bug? Cheers! David
Comment 13•10 years ago
|
||
Yes.
Reporter | ||
Updated•10 years ago
|
Group: mozilla-employee-confidential
Reporter | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Comment 14•10 years ago
|
||
Hi, Just fyi, TEF originating mails are not being bounced right now, so working fine :-) Thanks a lot to all of you for your help! David
You need to log in
before you can comment on or make changes to this bug.
Description
•