Thanks for tracking this down. I also forwarded the issue to the Haskell Infrastructure Admins issue tracker: https://github.com/haskell-infra/haskell-admins/issues/5 On Mon, Nov 22, 2021 at 03:10:46AM -0500, Viktor Dukhovni wrote:
On Mon, Nov 22, 2021 at 07:33:43AM +0000, Tom Smeding wrote:
I got at least one message from Tom Ellis in the Logging conversation, one from Joachim Durchholz, and some more. I'm definitely not included in the conversation personnally.
I have no idea what might be going wrong, but I think it's not forgetting to reply to all.
[ TL;DR haskell.org DNS is misconfigured ]
I guess I can put my SMTP/DNS guru hat on and explain what is happening. Here's some (cryptic) data from my logs:
Nov 22 01:42:13 straasha postfix/smtpd[52426]: disconnect from unknown[145.40.99.54] ehlo=2 starttls=1 mail=1 --> rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
Nov 22 02:19:13 straasha postfix/smtpd[52686]: disconnect from unknown[2604:1380:4641:a100::5] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Nov 22 02:35:10 straasha postfix/smtpd[53049]: disconnect from unknown[2604:1380:4641:a100::5] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Nov 22 02:42:51 straasha postfix/smtpd[53100]: disconnect from unknown[145.40.99.54] ehlo=2 starttls=1 mail=1 --> rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
The first and last message were rejected: "rcpt=0/1, data=0/1" mean that "RCPT TO" and "DATA" commands were refused. The middle two messages were accepted.
The reason is DNS misconfiguration of the of mta1.haskell.org:
$ set -- mta1.haskell.org misc-services-origin-migration.haskell.org $ brief() { dig +noall +ans +nocl +nottl "$@"; } $ echo; for fwd; do brief -t a $fwd; brief -t aaaa $fwd; done
mta1.haskell.org. A 145.40.99.54
$ brief() { dig +noall +ans +nocl +nottl "$@"; } $ set -- 145.40.99.54 2604:1380:4641:a100::5 $ echo; for rev; do brief -t ptr -x $rev; done
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.a.1.4.6.4.0.8.3.1.4.0.6.2.ip6.arpa. PTR misc-services-origin-migration.haskell.org.
Only the IPv6 address has a PTR record, and even then it does not forward resolve. SMTP clients with no PTR records are routinely refused service. My mail server tolerates lack of forward mappings, but the PTR is required.
The correct DNS configuration would be:
forward zone: mta1.haskell.org. A 145.40.99.54 mta1.haskell.org. AAAA 2604:1380:4641:a100::5
reverse IPv6 zone 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.a.1.4.6.4.0.8.3.1.4.0.6.2.ip6.arpa. PTR mta1.haskell.org.
reverse IPv4 zone 54.99.40.145.in-addr.arpa. PTR mta.haskell.org.