Hi Johannes,

let me forward your mail to our ticket system.

With some luck, having you in CC should give you a copy of the ticket
activity. Otherwise I'll add you manually to the ticket so that you get
updated when someone replies.

I'll also add a few comments inline.

Am Donnerstag, 24. Oktober 2024, 08:44 schrieb Johannes Weberhofer:

Dear Sir or Madam!

You seem to use several SMTP servers for outgng e-mails. I receive
mailscorrectly from 2a07:de40:b27e:1209::12 (mx2.infra.opensuse.org)

Received: from mailgw.weberhofer.at (localhost.localdomain
[127.0.0.1]) by mailgw.weberhofer.at (Proxmox) with ESMTP id
945411C1AB9 forjweberhofer@weberhofer.at; Wed, 23 Oct 2024 16:01:30
+0200 (CEST) Received-SPF: pass (opensuse.org: Sender is authorized
to use 'srs0=unkm=rt=lists.opensuse.org=factory-bounces@opensuse.org'
in 'mfrom' identity (mechanism 'include:_spf.opensuse.org' matched))
receiver=mailgw.weberhofer.at; identity=mailfrom;
envelope-from="srs0=unkm=rt=lists.opensuse.org=factory-bounces@opensu
se.org"; helo=mx2.opensuse.org; client-ip="2a07:de40:b27e:1209::12"
Received: from mx2.opensuse.org (mx2.infra.opensuse.org
[IPv6:2a07:de40:b27e:1209::12]) (using TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client
certificate requested)
by mailgw.weberhofer.at (Proxmox) with ESMTPS
forjweberhofer@weberhofer.at; Wed, 23 Oct 2024 16:01:28
+0200
(CEST)

But I also reveive mails from 2a07:de40:b27e:1209::11 that announces
itself as mx1.opensuse.org, but a reverse lookup results in
mx1.infra.opensuse.org

Oops, we should fix that ;-)

Delivered-To:jweberhofer@weberhofer.at
Return-Path:SRS0=41Gv=RT=lists.opensuse.org=buildservice-bounces@opens
use.org Received-SPF: pass (opensuse.org: Sender is authorized to use
'srs0=41gv=rt=lists.opensuse.org=buildservice-bounces@opensuse.org'
in 'mfrom' identity (mechanism 'include:_spf.opensuse.org' matched))
receiver=mailgw.weberhofer.at; identity=mailfrom;
envelope-from="srs0=41gv=rt=lists.opensuse.org=buildservice-bounces@o
pensuse.org"; helo=mx1.opensuse.org;
client-ip="2a07:de40:b27e:1209::11" Received: from mx1.opensuse.org
(unknown [IPv6:2a07:de40:b27e:1209::11]) (using TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client
certificate requested)
by mailgw.weberhofer.at (Proxmox) with ESMTPS
forjweberhofer@weberhofer.at; Wed, 23 Oct 2024 22:27:31
+0200
(CEST) Received: from mailman3.infra.opensuse.org
(mailman3.infra.opensuse.org [IPv6:2a07:de40:b27e:1203::b46]) by
mx1.opensuse.org (Postfix) with ESMTP id E6E1743FA;
Wed, 23 Oct 2024 20:27:20 +0000 (UTC)

Your SPF Record misses the outgoing servers IPv6 range
(2a07:de40:b27e:1209::/64, I guess), too .

Indeed, 2a07:de40:b27e:1204::/64 is missing there.

Additionally I have recognized, that the SPF TXT-record for the main
domain, and in the included "_spf.opensuse.org" record the entry ends
with a "?all", which allows sending of all other. If possible, I'd
recommend to change that to "-all"!

That's not possible - openSUSE Members have to use their own mailserver
if they want to send mails with their @opensuse.org mail address.
"?all" is already problematic when sending to some mail providers, but
using "-all" would make the @opensuse.org mail addresses completely
unusable.

The SPF record of the list.opensuse.org domain only allows sending via
the MX servers, which do not include any IPv6 addresses. It would
possibly be better to include the (corrected) "_spf.opensuse.org"
entry instead of the MX setting.

I'm not sure if I can follow you here. The SPF record allows "mx", and
both mx1 and mx2 have v4 and v6 addresses:

host -t txt lists.opensuse.org¶

lists.opensuse.org descriptive text "v=spf1 mx ~all"

host lists.opensuse.org¶

lists.opensuse.org has address 195.135.223.50
lists.opensuse.org has IPv6 address 2a07:de40:b27e:1204::10
lists.opensuse.org mail is handled by 42 mx2.opensuse.org.
lists.opensuse.org mail is handled by 42 mx1.opensuse.org.

host mx1.opensuse.org¶

mx1.opensuse.org has address 195.135.223.51
mx1.opensuse.org has IPv6 address 2a07:de40:b27e:1204::51

host mx2.opensuse.org¶

mx2.opensuse.org has address 195.135.223.52
mx2.opensuse.org has IPv6 address 2a07:de40:b27e:1204::52

So - what exactly is the problem?

Regards,

Christian Boltz¶

Als Autofahrer würden die sich vergleichbar in einen PKW setzen der
nicht abschliessbar ist und kein Zündschloss besitzt, dazu noch ein
Zettel an der Tür, "Fahr mich, ich stehe zur Verfügung und bin
Vollgetankt." [Thomas Templin in suse-linux über unsichere Passwörter]