Hello, So I have two things I would like to address which I have realised: Firstly is the fact that Arch Linux almost always picks IPv4 over IPv6 when delivery the mail. I am aware this is not a big issue because I still receive the email but Arch Linux has full support for IPv6, and I would like to have it used (especially for the hope in the future we can all use single stack IPv6 and get rid of legacy IPv4). I believe this is not an issue with Arch Linux, but the mailing list software used (which I believe is mailman). I have discussed the same issue with the Gajim developers on XMPP. I believe GNU mailman uses Happy Eyeballs (like which Gajim uses) (more info: https://en.wikipedia.org/wiki/Happy_Eyeballs), which when I test it on my network for about 200-300 attempts, IPv6 is picked 299/300 of the times, so I should be seeing almost always IPv6, but I get the opposite. I assume GNU mailman uses the GNU python network library (forgot what it is called) which contains a Happy Eyeballs implementation (the same one Gajim uses). So there is a strong likelihood that it is an issue with the library being biased towards picking IPv4 over IPv6, because I do not have this issue with any other software. So this is not something which Arch is responsible for, but if anyone has more information about this, I would be grateful to be given it :) I did think for a while I had setup IPv6 incorrectly, but when I see Microsoft delivering emails solely over IPv6 (not a single use of IPv4), I do not believe it is an issue on my end, but correct me if I am wrong :D The second issue I want to bring up is the issue of gmail (and also sometimes outlook emails) spamming my emails. I have a few thoughts on this: - Google employs IP whitelisting, my email server is small and thus is suspicious, other small email servers know the going trend of "it being impossible to stay out of gmail spam folders", even legitimate emails from big companies sometimes end up in gmail spam, so for those who keep complaining about my emails being put into your spam, it is not an issue on my end, I have checked numerous times. - DKIM signatures are broken in transit, and depending on how the spam filter classifies something as spam, it could be picked up as a incorrect DKIM signature and thus spammed instantly, I will use David Rankin's email from this morning as a reference for this (https://lists.archlinux.org/archives/list/arch-general@xxxxxxxxxxxxxxxxxxx/message/VS3GLZ35UO4QU74GZYX3W5DXBODWE53N/) Here are the relevant headers: Received: from mail.polarian.dev by email with LMTP id +Pw5ALfTAmV1LwAAotfoXQ (envelope-from <arch-general-bounces@xxxxxxxxxxxxxxxxxxx>) for <polarian@localhost>; Thu, 14 Sep 2023 09:34:47 +0000 Received: from lists.archlinux.org (lists.archlinux.org [IPv6:2a01:4f9:c010:9eb4::1]) by mail.polarian.dev (Postfix) with ESMTPS id 9B5AB10A0772 for <polarian@xxxxxxxxxxxx>; Thu, 14 Sep 2023 09:34:46 +0000 (UTC) Authentication-Results: mail.polarian.dev; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=S2HFsXca Received: from lists.archlinux.org (localhost [IPv6:::1]) by lists.archlinux.org (Postfix) with ESMTP id AD29AF4E9A0; Thu, 14 Sep 2023 09:34:30 +0000 (UTC) Received: from mail-oo1-xc35.google.com (mail-oo1-xc35.google.com [IPv6:2607:f8b0:4864:20::c35]) by lists.archlinux.org (Postfix) with ESMTPS id 3AC84F4E993 for <arch-general@xxxxxxxxxxxxxxxxxxx>; Thu, 14 Sep 2023 09:34:20 +0000 (UTC) Authentication-Results: lists.archlinux.org; dkim=pass header.d=gmail.com header.s=20221208 header.b=S2HFsXca; spf=pass (lists.archlinux.org: domain of drankinatty@xxxxxxxxx designates 2607:f8b0:4864:20::c35 as permitted sender) smtp.mailfrom=drankinatty@xxxxxxxxx; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-oo1-xc35.google.com with SMTP id 006d021491bc7-57355a16941so450114eaf.2 for <arch-general@xxxxxxxxxxxxxxxxxxx>; Thu, 14 Sep 2023 02:34:20 -0700 (PDT) Sorry for the bad formatting, and apologies to David Rankin for using your email headers as a reference, but I assume its fine because it was posted to a public mailing list which we can already see, its public information, but if you do mind, I am sorry. The bottom hop is just google hopping the email between their servers, but once it hits lists.archlinux.org you can see that the authentication results is that it passes both spf and dkim, also I would like to draw attention to the fact that it was delivered to the mailing list via IPv6, which does show that IPv6 is definitely functioning on Arch's end. It is then hopped to my mail server, this was the only email which I have so far which was hopped to me via IPv6, so I was amazed when I saw it, so it definitely seems to be a issue with Happy Eyeballs. Anyways back to the topic, the signature then fails dkim validation (Yes I do not currently check spf, ip address spoofing is trivial compared to cryptographic signing and thus I was lazy and haven't yet bothered (its been over a year since my current mail server was configured :P). I assume that Google with their strict (and pointless) spam filter, sees that their mail server has failed to validate dkim and spams said email. I know I am not the only person being spammed too, I have seen other people being informed "hey your email was spammed for me", and 9 times out of 10 its those who self host, and thus are less known. Welcome to Googles dictatorship on email. I believe people running rspamd picks up that further down the hop chain it was valid, and thus takes that into account possibly, because I haven't heard people struggling to pass rspamd filtering. The reason for me bringing this up is getting an email every time I post to a mailing list from 3 different people complaining how google spammed my emails is a pain, and heres the kicker, half the time DKIM is valid and half the time it is broken when hopping through lists.archlinux.org, so wrap your ahead around that one! If you are getting legitimate emails spammed, then you either need to relax your email spam filter, or simply get used to checking your spam often to pull legitimate emails out. Personally I do not employ a spam filter, because just the likelihood of a legitimate email being spammed or bounced is a bad idea in my mind. As people complain about my email length, I will give a TL;DR: - Arch Linux (or GNU mailman) seems to have issues when it comes to picking between IPv4 and IPv6. - DKIM signatures are randomly broken when passing through lists.archlinux.org - If emails from the mailing list are being spammed, it might be wise to relax your spam settings, as even fully verified emails can be spammed from companies like google simply because their AI doesn't like the content of said email, or their IP whitelist doesn't include the sender. Maybe I should start putting a TL;DR at the top of every email? and then below that is the usual email with all the context and explanation. If someone thinks this is a good idea let me know (any way for me to annoy people less is a good thing :P) Any advice on how to improve (or hopefully fix) the two above issues would be highly appreciated. Take care, -- Polarian GPG signature: 0770E5312238C760 Website: https://polarian.dev JID/XMPP: polarian@xxxxxxxxxxxx
Attachment:
pgp3FjstuMYVC.pgp
Description: OpenPGP digital signature
