New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return Path detection for "system" domain doesn't work #154
Comments
My bug #149 might be related, as I'm also trying to get return-path working with the same domain than in my config. |
After reading #149 I made some tests:
So I assume that postal should really use another domain for internal use because everything else just creates a lot of confusion. BTW: my domain systemdomain.com is not tied to a mailserver but is configured on the organisation level. So maybe this is a problem, I don't know. Generally I find it confusing that I'm able to configure domains on two different levels (organisation and mail server). |
I tried to send an email to something@psrp.borezo.info and it works as an incoming message recognized as hard bounce but can't link to a message. But Postal doesn't use psrp record in return path.
|
Messages sent to a return path can only be linked back to an original message if the bounce includes the message ID of the original message. Linking actual bounces back to their original message is a little tricky and the current method isn't ideal. An alternative is sending every message from it's own address but this can cause delays with greylisting. |
Ok, but why bounces sent to @rp.postal.borezo.info are not handled? |
Is this situation normal? https://www.dropbox.com/s/7k4i4mchz1ed1t6/2017-05-16_144056.png?dl=0 |
rp.postal.borezo.info doesn't point to any of your mail servers in postal. So postal has to throw away mails for this domain. Otherwise postal would be a open relay: https://en.wikipedia.org/wiki/Open_mail_relay |
If Postal uses rp address as Return-Path value, then he must handle bounces received on this domain. It's the expected behavior of email servers. I didn't configured psrp and bounce is handled, so the issue is not about open relay. |
there is a difference between rp.postal.borezo.info and psrp.borenzo.info and I tried to explain the difference. I'm sorry that I didn't made it understandable and I will try again: In Postal psrp.borenzo.info is a domain that is linked to a mailserver inside of Postal that has routes, rules and so on. Postal knows what to do with mails that use the psrp.borenzo.info domain: mails from this domain are bounce mails that belong to the borenzo.info domain. The domain rp.postal.borezo.info has no function in Postal, it is not linked to any mailserver in Postal therefore there are no rules, or routes that Postal could use. So Postal has nothing else to do than to throw mails away that use rp.postal.borezo.info as the domain part. This is correct behavior. If you really want to receive mails for this domain, you need to create a mailserver with the domain rp.postal.borezo.info but this would be really confusing for everyone. |
Ok i got it. |
@anhofmann So... If the DNS checks fail for I have just spotted a bug though which would cause some issues here. Postal will identify a message as being sent to a return path based solely on the prefix of the domain it is sent to. If the domain starts with |
I have pushed a fix in 4106ac6. Hopefully this will fix these issues people have been having with return paths. |
I haven't had any issues with the DNS verification of these records myself. It all works as intended. If you're still having issues with getting the "Return Path" check to go green, we may need to investigate further. |
Thank you. Can I update postal upgrade to get this fix? Or I should wait for something else or do something else? |
You can just upgrade following the instructions. At present, everyone is just using a copy of postal directly from the repository because we haven't released an official v1.0 yet. |
I used "postal auto-upgrade" and for the moment my return path setting is still grey. Config: Specifies the DNS record that you have configured. Refer to the documentation athttps://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for furtherinformation about these.mx_records: |
(but messages to rp.postal.borezo.info are accepted) |
It should be |
The domain section still says "There is no return path record at psrp.borezo.info", not "psrp.postal.borezo.info". |
They are sending from that default domain (rp.postal.borezo.info) because the return path on the domain hasn't been verified. If it had checked successfully it would start using the correct domain. |
Yes, I used the test button many times. No change.
|
Well... the Ruby Resolv::DNS.new.getresources("psrp.borezo.info", Resolv::DNS::Resource::IN::CNAME)
# => [] |
Actually, even using dig doesn't return a CNAME record.
|
Are you using some sort of CNAME flattening from Cloudflare which might be causing this? |
I'm not using anything particular : https://www.dropbox.com/s/0q41x3bbqjxfh5l/2017-05-16_184945.png?dl=0 |
CloudFlare don't return a CNAME when asked for one by the looks of it. If you do a request for the A or MX you'll get the A/MX along with the CNAME record. For example:
Postal, at present anyway, checks that it can get a CNAME record back when making a query for the CNAME. We might be able to change that to check for the associated MX record instead. For now, there is no easy workaround I'm afraid. |
Thank you, I was not aware of it. |
They answered it's a propagation issue (https://www.whatsmydns.net/#CNAME/psrp.borezo.info), I need to wait. |
Postal will only check CNAMEs. It shouldn't really be a propagation issue though. Postal queries your domain's own nameservers so unless Cloudflare's own internal propagation is very slow (their website claims < 5 seconds) it wouldn't have thought it'll be that. That website demonstrates the same thing as my |
I had 6 servers returning a CNAME when they answered and now it's 0. I think there is an issue on their side. When fixed, I'll check if postal still have the issue. |
Just to be clear. What I understand and saw on how CloudFlare works. |
Ok I'm wrong. It returns something when doing a A request but not CNAME as explained in the link you found. I need to wait for you to fix the code to allow a A check instead of CNAME. |
I don't have any urgent plans to change the check I'm afraid. We'll look into the appropriate RFCs to see what the DNS servers should be returning and whether we need to make any changes. |
CloudFlare have confirmed that this is a bug in their DNS servers.
|
Ok. I'm waiting for a CloudFlare update, they confirmed it's a bug on their side. But while I read their FAQ about flattening, I'm not sure it's a bug. |
Everything should work, it's just the verification that'll be broken. Hopefully CloudFlare will fix that soon. |
CloudFlare have now fixed this issue. |
Issue where CNAME record was not returned has been fixed by CloudFlare today. |
when I create new domains in postal the DNS check detects if there is a return path. This doesn't work for the domain that postal has in the dns settings of the postal.yml. Below are the DNS query answers (in redacted form) for different domains.
This is a return path that postal detects:
This is a return path that postal doesn't detect:
This is the dns config in my postal.yml:
my postal is on commit
9a76538f
Is this behavior in postal a problem, or is this just a minor bug? Did I made something wrong in the postal.yml?
The text was updated successfully, but these errors were encountered: