GMail and Sourceforge E-mail Bouncing Saga 242
An anonymous reader writes "All e-mail going back and forth from Sourceforge and Gmail is being bounced. This leaves many Open Source projects with helpless mailing lists. Fortunately, Sourceforge blames Google and Google is blaming SourceForge for this. The Sourceforge support site is clogged with support requests for a resolution to this problem. Google's response to this bouncing has been automated e-mails saying it is probably at the other end of mail delivery. This is something that the community needs to know about since it has been going on for a week already with no end in sight." Worth noting that Sourceforge and Slashdot are both part of OSTG. Update 20:07 GMT by SM: According to SourceForge support staff this issue is now resolved. Apparently a few days ago the sender-verify to gmail started resulting in 450 errors. Google has since either corrected this issue or whitelisted SourceForge and several tests of the system have resulted in correct delivery.
Sourforge? (Score:3, Funny)
Re: (Score:2)
Loss of communication can only mean one thing... (Score:5, Funny)
Re:Loss of communication can only mean one thing.. (Score:4, Funny)
Re: (Score:2, Funny)
Since all email is being bounced does this mean that it is an endless snowball effect with more and more emails being bounced back and forth?
Who will have the last server standing? Google or Sourceforge?
Re: (Score:3, Funny)
Re:Loss of communication can only mean one thing.. (Score:4, Funny)
This must be the work of Microsoft!
Now how can we fit Haliburton into this?
Re:Loss of communication can only mean one thing.. (Score:2)
Re:Loss of communication can only mean one thing.. (Score:2, Funny)
Re:Loss of communication can only mean one thing.. (Score:4, Informative)
A communications disruption can mean only one thing - invasion. [moviewavs.com] (MP3) [moviewavs.com]
Re:Loss of communication can only mean one thing.. (Score:5, Funny)
Why is the email bouncing? (Score:5, Insightful)
Re: (Score:2, Informative)
TEMP_FAILURE: SMTP Error (state 9): 451-Could not complete
sender verify callout
451-Could not complete sender verify callout for
.
451-The mail server(s) for the domain may be temporarily
unreachable, or
451-they may be permanently unreachable from this server. In
the latter case,
451-you need to change the address or create an MX record
for its domain
451-if it is supposed to be generally accessible from the
Internet.
451 Talk to your mail administrator for details.
Re:Why is the email bouncing? (Score:5, Informative)
X-Gmail-Received: ecfafb0784517c3cc7f903105542834cd33fde22
Delivered-To: rodolfo.borges@gmail.com
Received: by 10.35.42.5 with SMTP id u5cs205830pyj;
Sat, 30 Sep 2006 21:26:16 -0700 (PDT)
Received: by 10.35.61.2 with SMTP id o2mr4364526pyk;
Sat, 30 Sep 2006 21:26:16 -0700 (PDT)
Return-Path:
Received: by 10.35.61.2 with SMTP id o2mr5005562pyk;
Sat, 30 Sep 2006 21:26:16 -0700 (PDT)
From: Mail Delivery Subsystem
To: rodolfo.borges@gmail.com
Subject: Delivery Status Notification (Delay)
Date: Sat, 30 Sep 2006 21:26:16 -0700 (PDT)
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
albert@users.sf.net
Message will be retried for 2 more day(s)
Technical details of temporary failure:
TEMP_FAILURE: SMTP Error (state 9): 451-Could not complete sender verify callout
451-Could not complete sender verify callout for .
451-The mail server(s) for the domain may be temporarily unreachable, or
451-they may be permanently unreachable from this server. In the latter case,
451-you need to change the address or create an MX record for its domain
451-if it is supposed to be generally accessible from the Internet.
451 Talk to your mail administrator for details.
----- Message header follows -----
Received: by 10.35.61.2 with SMTP id o2mr1893905pyk;
Fri, 29 Sep 2006 20:41:07 -0700 (PDT)
Received: by 10.35.42.5 with HTTP; Fri, 29 Sep 2006 20:41:07 -0700 (PDT)
Message-ID:
Date: Sat, 30 Sep 2006 00:41:07 -0300
From: "Rodolfo Borges"
To: procps-feedback@lists.sf.net
Subject: pkill -l
Cc: "Kjetil Torgrim Homme" ,
"Albert Cahalan"
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
----- Message body suppressed -----
SourceForge uses Mailman (Score:5, Interesting)
This was DreamHost's response:
I don't know if that means that GMail rejects Mailman messages, or Mailman has problems sending to Gmail addresses, but one way or another, it doesn't work right.
--
Use coupon DH75OFF to get $75 off hosting at DreamHost.com
Re: (Score:2)
And it appears to mean that you shouldn't use GMail if you want to talk to SourceForge.
Presumably things will eventually be fixed, but for now that looks like the proper "answer".
No they don't (Score:3, Insightful)
From the link ... (Score:3, Insightful)
So, it would seem that SourceForge cannot verify the sender of incoming messages from GMail so SourceForge is issuing a temporary rejection.
Is GMail correctly handling the temp rejects?
The solution would be:
a. Find out where the sender verify callout is breaking and fix that.
b. Disable sender verify callout until you can do "a".
Probably Sourceforge? (Score:5, Informative)
Re:Probably Sourceforge? (Score:5, Insightful)
--- SER
Re: (Score:2)
Re: (Score:2)
OTOH, Trac is usable. I don't know how it scales.
Umm (Score:5, Funny)
I don't think that word means what you think it means. Unless you are glad that no one is willing to take responsibility for the problem and fix it???
Re:Umm (Score:5, Informative)
Re:Umm - Oblig. Reply (Score:2, Funny)
Homer: No, I do not know what shaden-frawde is. [sarcasm] Please tell me, because I'm dying to know.
Lisa: It's a German term for `shameful joy', taking pleasure in the suffering of others.
Homer: Oh, come on Lisa. I'm just glad to see him fall flat on his butt! [getting mad] He's usually all happy and comfortable, and surrounded by loved ones, and it makes me feel... What's the opposite of that shameful joy thing of yours?
Lisa: [nastily] Sour grapes.
Homer:
Seemed like sarcasm (Score:2, Redundant)
Re:Umm (Score:5, Funny)
Re: (Score:3, Funny)
-- Ravensfire
Re:Umm (Score:5, Funny)
Re:Umm (Score:5, Funny)
Comment removed (Score:5, Funny)
Re: (Score:2, Funny)
Re: (Score:2)
Unless you are glad that no one is willing to take responsibility for the problem and fix it???
But of course! People are always taking responsibility for the error of their ways ("I was molested as a child by priests," "I didn't see the iceberg," "They told me they were herbal supplements," etc.). It's nice to see a couple of groups turning over a new leaf and denying that either have anything to do with the problem rather than having this tedious mucking about taking the initiative, issuing mea culpas,
SourceForge is good for spewing into the ether... (Score:5, Informative)
I don't see the problem... (Score:5, Funny)
Re: (Score:2)
well this looks clear as mud (Score:5, Interesting)
This is something recent that has changed in how Google handles
email (other sites have started to get the same errors). We
are investigating how to deal with this.
SourceForge.net Support
Is it because sourceforge is not following the RFCs and google has just tightened up?
We had a similar issue in one of our programs where mailing worked wonderfully for months and months for all customers, then one morning complaints started.
It appears as though we weren't following the RFCs to the letter and the main isp in our country (bt) had updated to a more stringent mail server (we shockingly used an additional CR where one was not expected...).
This all sounds similar.
Re: (Score:3, Interesting)
Re: (Score:3, Funny)
Sounds like Microsofts business model.
eh (Score:4, Funny)
Allow me to start. *ahem*
WHY is SourceForge even using SMTP????!!!
Re: (Score:3, Funny)
What we REALLY need is a full OSI protocol stack build on top of TCP/IP so we can use all the wonderful features of X.400, X.500 (instead of messy LDAP), and so forth!
Re: (Score:3, Funny)
Because X.400 isn't at all accepted, anywhere, and never was ;-)
There, corrected that typo for you.
Re: (Score:2)
Of course that is different from the point of my post which is largely that the alternatives to SMTP are overengineered monsters like X.400....
Re: (Score:2)
Open Source vs. Google (Score:5, Funny)
Google's Answer if they find it is them... (Score:5, Funny)
"Well Gmail is still in beta so don't blame us."
E-mail isn't reliable, ya know (Score:3, Insightful)
There is never, ever any absolute guarantee that an e-mail is going to reach its destination, just as there is no way of knowing if that letter you drop in a mailbox is really going to go where it is supposed to.
If you're trying to maintain a discussion, use a bulletin board. There you can see whether your message was posted, and... as long as the host is up, other people will see what you see.
In any event, people gotta learn that technology is never 100% reliable. You'd think we'd understand this by now.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Maybe not, but everything works better if there is at least some attempt to warn the sender that something screwed up. For this reason even if Google did change their mail system to be more compliant, they should recognise non-compliant e-mail and either handle it or send an explanation on why they
SPF records.... (Score:4, Informative)
It's neither sourceforge's fault not google's fault. It's the enduser's fault. You must send/receive email through google's gmail system.
You get what you pay for.....
You have never had experience with this problem... (Score:3, Informative)
It is a *very serious* problem for Sourceforge. Before all this happened, we were actually talking about using Google Code instead.
If you are interested in what LedgerSMB [ledgersmb.org] is, it is a truly open fork of SQL-Ledger with a real attention to security and data integrity. C
Re:SPF records.... (Score:5, Informative)
SPF has nothing to do with it. Sourceforge is employing callback verification, which is not only abuse itself (it's basically a dictionary attack that we're just supposed to trust is for good and not evil), it's also incredibly broken.
See http://atm.tut.fi/list-archive/nanog/msg37172.htm
Just one more reason to jump ship from sourceforget.
Re: (Score:3, Informative)
That's not the case here. I use gmail solely through the web interface, nothing fancy going on at all. I'm subscribed to my SF.NET mailing lists at the same address I'm sending from. But my mail is bouncing. And this has been going on for a week now, since last Wednesday.
If it is an SPF problem, then one of the two of them is implementing it wrong, because all gmail users
Re: (Score:2, Informative)
_spf.google.com descriptive text "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all"
the ?all at the end means that their is no policy how forged mail is going to be handled by SPF aware MTAs and defaults to accept.
see http://en.wikipedia.org/wiki/Sender_Policy_Framew
I beg to differ (Score:5, Informative)
Of course, this is the sort of accuracy I expect from Slashdot.
Callbacks Are Evil (Score:3, Informative)
Gmail is initiating what are called call-backs. For every incoming e-mail, they attempt to send a fake e-mail back to the sender to verify that the sending address actually exists.
The theory is that since spammers forge many names, it will reject spams that have made up names forged into them.
The end result, however, is that it pushes your spam problem back on to the domain forged into the spam. It causes an extra load on that server as it has to accept all these bogus connections. For another it will just encourage spammers to forge other people's actual addresses as the sender of their garbage.
It is encouraging to see that Sourceforge does not support that. I would give the solution as to either complain to Gmail that callbacks break they stated goal of "Do no evil".
Barring that, don't use gmail.
Re:Callbacks Are Evil (Score:4, Insightful)
Re: (Score:2)
Initially callbacks will be evil as you say.
Agreed.
Because spammers are tards and never never NEVER change which bots they use for their spam runs. And the bots are all on static IP addresses so prevalent in the dial-up and consumer broadband arena. So, learn IP address once, good forever.
So give them some slack please.
When they stop violating the inter-MTA interchange dictated by standards [faqs.org]. Until then... well, at least y
Re: (Score:2)
Re:Callbacks Are Evil (Score:5, Interesting)
Most legitimate mailservers are running on static ip addresses. Google will be able to compile a list of legitimate good mailservers rather quickly. Google is also an IP address registrar. It has the routing tables and other registration information and netblock ownership information. It will know the dynamic ip addresses by the block. Mailservers running on dynamic addresses, or relays running dynamic addresses are suspect immediately. It is not proof. But more like preponderance of evidence (IANAL).
Can they determine spam without callbacks in three months. No way. Can they reduce the number of callbacks to confirm legitimacy of email by atleast an order of magnitude? Yes, they can by collecting relay ip addresses, mail server ip addresses, netblock ownership data and putting them all together like "page-rank", "mailserver-rank". They might even find the bots and inform the ISP that they probably have a bot and the ISPs might even contact the boob with the infected machine. Good things can come out of this.
Will they? There you got me. Dont know if they will. But I hope they do.
Re: (Score:2)
(Or, how do I get to the "Show all messages regardless of what you think; I'll decide whether it's spam or not" option?)
Re: (Score:2)
From my read of the bounce, it looks like sourceforge is the one doing the callbacks. Am I wrong here?
http://it.slashdot.org/comments.pl?sid=199035&cid
Re: (Score:2)
The theory is that since spammers forge many names, it will reject spams that have made up names forged into them.
Out of curiosity, how does this interact with greylisting? (Or indeed, what happens when the receiving SMTP server is down or overloaded?)
It doesn't really seem like a good idea, especially as IIRC some SMTP
Re: (Score:3, Interesting)
No. The e-mail server that handles whatever domain happens to be in the sender field is being asked if the address actually exists. There is a big difference.
People can put whatever address they want in the From: field of their mail. Return addresses are forged in spam all the time.
It is becomming a very big problem, when someone decides to forge your return address into 100,000 pieces of spam, and now your server h
Re: (Score:2)
Parent is correct. I can use PHP to programmatically spoof a From address easily... of course, I can't spoof the origin SMTP server (at least not as easily), but it's still enough to fool your average Joe.
It's the different between send("to@email.com", "Subject", "Body"); and send("to@email.com", "Subject", "Body", "From: Someguy ");. That's all it takes.
Re: (Score:2)
Re: (Score:2)
Such as, if you are example.com, what happens when Joe Spammer uses his 1,000 node botnet to send 1 million spams with your domain forged, and 1 million hosts try to do the sender-verify at the same time.
It doesn't scale.
Re: (Score:2)
And we cache the responses to help with the load.
Re: (Score:2)
pragmatism (Score:3, Insightful)
A pragmatic solution would be to say, "I don't care whose fault it is, we will disable/filter our automatic reply system on our end for a couple days until a real solution can be found." The chances of someone being pragmatic on ONE side is pretty good, and while it wouldn't be necessary, the chances of someone being pragmatic on BOTH sides isn't too terrible to contemplate either.
Once you turn off the water at an upstream valve, fixing the actual pipe rupture gets a lot easier. Just git 'er done.
The Solution (Score:3, Interesting)
So at the end of the day, have your friendly local neighborhood mail admin forward a real domain account to your gmail. Then just change it on sourceforge's list. Then I'm not subject to gmails (or sourceforges) mail policies, only my own.
Re: (Score:2)
Have you tried RoundCube [roundcube.net]? It's not perfect, but it's better than (for example) SquirrelMail, and has a reasonably active development group. It's about the best I've found, at least among those that are truly web-based (as opposed to downloading a "lightweight" flash client).
hosted gmail (Score:4, Informative)
It is definitely Sourceforge's problem (Score:5, Informative)
Greetings,
We're aware of the difficulties in the interaction
between
our mailing list services and Gmail. Our network operations
team
is currently aware of the issue and is working with Gmail
administration on a resolution.
-Jay Bonci
Systems Programmer Analyst,
Sourceforge.net
Somebody posted a SMTP dialog to one of the bug reports:
Example:
telnet mail.sourceforge.net 25
Trying 66.35.250.206...
Connected to mail.sourceforge.net.
Escape character is '^]'.
220 mail.sourceforge.net ESMTP Exim 4.44 Sat, 30 Sep
2006 01:12:02 -0700 sc8-sf-mx1.sourceforge.net
HELO aisa.fi.muni.cz
250 mail.sourceforge.net Hello 14397 at aisa.fi.muni.cz [147.251.48.1]
mail from:
250 OK
rcpt to:
451-Could not complete sender verify callout
451-Could not complete sender verify callout for <anyone@gmail.com>
451-The mail server(s) for the domain may be temporarily unreachable, or
451-they may be permanently unreachable from this server. In the latter case,
451-you need to change the address or create an MX record for its domain
451-if it is supposed to be generally accessible from the Internet.
451 Talk to your mail administrator for details.
QUIT
221 mail.sourceforge.net closing connection
Connection closed by foreign host.
Sourceforge's mail server is doing a callback to gmail.com, to verify the sender address is accepted by gmail.com. This check is screwing up. It's Sourceforge's problem. Callback verify is not covered by any RFC, so SF has gone above and beyond the standards, it is their responsibility to make sure their SMTP service is interoperable with standard servers, not the other way around. Google can provide logs of the failed callbacks, but that's all the burden they should assume. It's SF's problem to fix.
Re: (Score:3, Informative)
mail from: <anyone@gmail.com>
250 OK
rcpt to: <firebird-net-provider@lists.sourceforge.net>
451-Could not complete sender verify callout
451-Could not complete sender verify callout for <anyone@gmail.com>
451-The mail server(s) for the domain may be temporarily unreachable, or
451-they may be permanently unreachable from this server. In the latter case,
451-you need to change the address or create an MX record f
Re:It is definitely Sourceforge's problem (Score:4, Informative)
On the other hand, there is nothing in any RFC that prohibits you from doing callbacks.
Unfortunately the above post misses critical information about the callback itself. What mail address is it using as a source?
Usually, callbacks use "MAIL FROM:<>" and the RFCs explicitly state that you MUST accept this. But, some mailservers reject mail from <>. That could be a problem, but in this case the problem is in the called server that does not implement a MUST item.
The mailserver I manage at work uses callbacks. It almost never causes problems. In cases where the sending server refuses MAIL FROM:<> it tries to use MAIL FROM:<mailer-daemon@domain>.
The only known problem occurs when the called server first accepts MAIL FROM:<> and then rejects the RCPT TO: with an error referring back to the <> source.
This is done by the broken "Spamfilter for ISP" by LOGSAT. But this one has other SMTP protocol bugs, so just don't use it.
And then of course there are some mailinglists that simply send their mail from a nonexistant address. Presumably to avoid having to do list maintenance.
I consider this antisocial, and have no problem with blocking their mail.
Re: (Score:2)
They are probably doing a VRFY <person@place> on another connection, which is part of the RFCs, but which is often turned off by MTAs.
Back in the dusty beginnings of time when I was working on mail, the same MTAs that turned off VRFY always said they'd accept RCPT To:<person@place>, so as to be able to avoid any microsecond-consuming checking (;-))
--dave
Re: (Score:2)
We use the response to the RCPT TO: as verification if the email address is valid.
As no data is sent, the receiving server should abandon the message.
Not much of a surprise. (Score:2)
Google mail forwards. (Score:3, Interesting)
IT'S FIXED!!! (Score:3, Informative)
This problem has been going on for a whole week, and now the very morning that this complaint appears on slashdot is the same morning that the problem is fixed. Coincidence? Or is it that the impending publicity motivated someone to reprioritize this problem and do something about it? It's shameful that Sourceforge allowed a communications failure to persist for so long from what is undoubtedly one of their biggest email sources.
In any case I'm very happy that it seems to be working again. Are other gmail users seeing similar improvements?
my sf account never forwards (Score:3, Interesting)
Re:Why not just dump GMail? (Score:4, Insightful)
SourceForge value = GMail value (Score:2)
Re: (Score:2)
Thank you for choosing the better answer for everyone.
Seems pretty clear here (Score:2)
I'm not sure how long it would take to swap out of SourceForge, but I'd bet it would be more than a few hours. (Thus the call for "utilities"...)
Google offers Sourceforge-like services (Score:3, Interesting)
Can you expand on this a bit? (Score:2)
Re:Can you expand on this a bit? (Score:4, Informative)
Includes web space, svn hosting, a tracker, and the like.
Re: (Score:3, Insightful)
Or vice versa.
Re: (Score:2)
I'll dump Sourceforge first (Score:2)
Gmail doesn't drop any of my other, numerous, mailing lists or subscriptions, and it's spam filtering is 100.00000% percent accurate.
I suspect there are self-righteous Net Nazis on both sides. Hang your frgaile punk ego at the door and fix it.
Heretic! (Score:2)
Re: (Score:2)
Re: (Score:2)
You can stick around too.
Re: (Score:3, Funny)
So, is that Google's way of diagnosing hemroids, or of helping you find gay blind dates?
Yes, but for a different reason (Score:3, Insightful)
This is pure and simple a problem with poorly orchestrated spam controls on SF.Net's side.
Re: (Score:3)
Stop ironing your question marks. They're supposed to look wrinkled like that!
Re: (Score:2)
"Looking at my gmail account it shows a little *BETA* under the Google mail logo.
Call me stupid but using beta grade software for real world stuff could be asking for trouble by the many people using the gmail service..."
(Obligatory)
Where did you buy that 4 digit UID?