#3184: Discourse refuses mail (Relay access denied)
--------------------------------+---------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Keywords:
--------------------------------+---------------------------
I've tried replying to a message received by Discourse triggered by a
message to the new GFOSS-IT category and got back:
{{{
host discourse.osgeo.org[140.211.15.13] said: 454 4.7.1
<1XXXXf915599a60e598698687d@discourse.osgeo.org>:
Relay access denied (in reply to RCPT TO command)
}}}
I've anonymized the actual address, but there should be enough info to dig
into the logs and I can give more detail in private if needed.
Do rely-by-email need be enabled on a per-category basis or is this a new
Discourse/Email issue ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3184>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by robe):
strk,
Yes it is by category. Usually we have it so that you have to be a member
of the group to create or reply. You have not joined the GFOSS.it group.
Though it looks like it allows anyone to reply, but not sure if that holds
for email.
Can you try joining the GFOSS.it group and then try replying again.
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by strk):
I've now joined the group and re-sent the email, crafted by copying the
same destination address and In-Reply-To headers, but the bounce back
arrived after 5 days so I'm not sure if the destination address is still
valid.
This is the thread I was replying to, my message is still not visible at
the time of writing this comment: https://discourse.osgeo.org/t/un-
messaggio-di-benvenuto-fissato-in-alto/28167
Looking at my SMTP logs it still shows relay denied:
> May 13 18:02:33 hst.kbt.io postfix/smtp[1161618]: 5712E3C0006:
to=<xxxe598698687d@discourse.osgeo.org>,
relay=discourse.osgeo.org[140.211.15.13]:25, delay=1.8,
delays=0.34/0.07/1.2/0.26, dsn=4.7.1, status=deferred (host
discourse.osgeo.org[140.211.15.13] said: 454 4.7.1
<xxxe598698687d@discourse.osgeo.org>: Relay access denied (in reply to
RCPT TO command))
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3184#comment:2>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by strk):
Response code 454, from Discourse, is a request to retry.
The response comes from postfix on osgeo9 and the mail never reaches
Discourse service itself.
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by robe):
@strk,
We had discussed this before here is the ticket #3068 and it's still open.
Now I remember, yes the MX record for discourse.osgeo.org is set to
meet.osgeo.org which is ip:
140.211.15.5.
So it seems for some reason your dns is trying to go thru 140.211.15.13
which explains why it never reaches discourse.osgeo.org and show in the
mail logs there.
I'm trying to remember why I opted not to use the main web ip of osgeo9
(the main one) for discourse mail. But anyway I suspect
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by robe):
submitted before I finish. Anyway I suspect the issue is your dns is for
some reason pulling an old cache and not using our DNS entry.
Before the issue was because I had the IP different when I started and
changed it and the dns had not propagated, now I think it's just DNS cache
issue on your side.
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by strk):
It is not just my side, even osgeo7 fails to find the MX record for
discourse.osgeo.org
I do agree this is about #3068 *but* maybe we should avoid introducing a
new MX just for the Discourse service and reuse what we have already ? Or
why do we need an MX at all ? Can't we just forward port 25 of osgeo9 to
the discourse service for the moment ?
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by robe):
We need an MX to receive mail for discourse.
I remembered the reason I couldn't use the main osgeo9 IP is because it is
being used for lxd proxy ports, and when I tried to NAT it, it didn't work
cause it was used for proxy or I couldn't figure out how to do both proxy
and NAT. Eventually I plan to change it to all NAT.
The issue with proxy, is unless a service supports it (such as nginx proxy
pass), it can not see the true ip and resolve dns of the sending party.
In these cases you need a natted IP and I already had to do NAT for jitsi
cause it was using udp or some such thing that didn't work via proxy.
So I put the discourse.osgeo.org mail receiver under the only Natted ip
meet.osgeo.org.
In an ideal world, we'd have the mail server, natted, and it would receive
all the mail, and redirect to discourse, or we'd change discourse to use
IMAP or POP which would be stored on the main mail server.
Note we are going to have the same battle with gitea.
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: closed
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution: duplicate
Keywords: |
--------------------------------+----------------------------
Changes (by strk):
* status: new => closed
* resolution: => duplicate
Comment:
I confirm that installing my own name server and restarting postfix
finally gets aware of the MX (meet.osgeo.org) and delivers the email, so
this ticket is really just a consequence of the bug reported in #3068
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: reopened
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Changes (by strk):
* status: closed => reopened
* resolution: duplicate =>
Comment:
I'll actually re-open this because this is the most user-facing issue and
it is good for it to stay open until fixed.
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: reopened
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by robe):
I tried running
{{{
host -t mx discourse.osgeo.org
}}}
on several different servers across several networks and it correctly
returns for mx:
{{{
discourse.osgeo.org mail is handled by 1 meet.osgeo.osuosl.org.
discourse.osgeo.org mail is handled by 10 meet.osgeo.org.
}}}
meet.osgeo.osuosl.org really is same as meet.osgeo.org, but reverse
pointer of the ip points to meet.osgeo.osuosl.org. meet.osgeo.osuosl.org
I added today and showed up immediately on all servers and some mx tools
on web I looked at.
@rduivenvoorde is having the same issue as strk did and strk thinks it's a
cloudflare DNS issue.
I'm still not convinced it's a cloudflare dns issue.
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: reopened
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by rduivenvoorde):
@strk where are you placing cloudflare in this picture? On the osgeo.org
side or on my internet provider side (freedom.nl)?
For what it is worth, on my laptop in my local network I get this:
{{{
[richard@west ~]$ host -t mx discourse.osgeo.org
discourse.osgeo.org mail is handled by 10 meet.osgeo.org.
discourse.osgeo.org mail is handled by 1 meet.osgeo.osuosl.org.
[richard@west ~]$ host -t mx meet.osgeo.org
meet.osgeo.org has no MX record
[richard@west ~]$ host meet.osgeo.org
meet.osgeo.org has address 140.211.15.5
}}}
I do not have access to a server in the freedom.nl zone/network
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3184: Discourse refuses mail (Relay access denied)
--------------------------------+----------------------------
Reporter: strk | Owner: sac-tickets@…
Type: task | Status: reopened
Priority: normal | Milestone: Unplanned
Component: SysAdmin/Discourse | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by strk):
It's your SMTP server that needs to find the correct MX record for
discourse.osgeo.org in order for mail to be delivered correctly. It looks
like your local network resolves it fine. Mine does not.
Details of which other servers fail might be better reported in #3068
--
Ticket URL: <#3184 (Discourse refuses mail (Relay access denied)) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.