From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out03.mta.xmission.com ([166.70.13.233]:55440 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752480AbcKHWtU (ORCPT ); Tue, 8 Nov 2016 17:49:20 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: Kees Cook Cc: Oleg Nesterov , Jann Horn , Alexander Viro , Roland McGrath , John Johansen , James Morris , "Serge E. Hallyn" , Paul Moore , Stephen Smalley , Eric Paris , Casey Schaufler , Andrew Morton , Janis Danisevskis , Seth Forshee , Thomas Gleixner , Benjamin LaHaise , Ben Hutchings , Andy Lutomirski , Linus Torvalds , Krister Johansen , "linux-fsdevel\@vger.kernel.org" , linux-security-module , "security\@kernel.org" References: <1477863998-3298-1-git-send-email-jann@thejh.net> <1477863998-3298-2-git-send-email-jann@thejh.net> <20161102181806.GB1112@redhat.com> <20161102205011.GF8196@pc.thejh.net> <20161103181225.GA11212@redhat.com> <87k2cj2x6j.fsf@xmission.com> <87k2cjuw6h.fsf@xmission.com> <20161104180416.GA19221@redhat.com> <20161104184505.GA21320@redhat.com> Date: Tue, 08 Nov 2016 16:46:44 -0600 In-Reply-To: (Kees Cook's message of "Tue, 8 Nov 2016 14:02:00 -0800") Message-ID: <87bmxptwrv.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [PATCH v3 1/8] exec: introduce cred_guard_light Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Kees Cook writes: > On Fri, Nov 4, 2016 at 11:45 AM, Oleg Nesterov wrote: >> Eric, I hope you see my emails, I got the "Undelivered Mail Returned to Sender" >> ... Oleg I can receive your messages directly and through vger.kernel.org lists, but I can't receive them through the email reflector at security@kernel.org. >> This is the mail system at host mail.kernel.org. >> ... >> (expanded from ): host >> mx.xmission.com[166.70.12.20] said: 550-XM-RJCT16: SPF Failure >> (ip=198.145.29.136, frm=oleg@redhat.com, 550 result=fail) (in reply to RCPT >> TO command) >> >> right now I have no idea what does this mean. > > This is a problem for Google folks too sometimes. This is saying that > xmission.com is checking redhat.com's SPF records and refusing to let > kernel.org deliver email as if it were redhat.com (due to > security@kernel.org being an alias not a mailing list). There aren't > good solutions for this, but best I've found is to have my > security@kernel.org alias be a @kernel.org address instead of an > @google.com address... Ugh. Is even redhat configuring the redhat email to do that? I will have to look. Last I looked xmission.com was just enforcing the policy that the other mail domains were asking to be enforced on themselves. But those are policies that are incompatible with mailing lists in general. Although I do get confused about which part SPF and DKIM play in this mess. I just remember that the last several ``enhancements'' to email were busily breaking mailing lists and I thought they were completely insane. I can even find evidence that it is (or at least was) so bad that email standards comittee member's can't comminicate with each other via email lists. vger.kernel.org appears to rewrite the envelope sender to avoid problems. If xmission is doing any more than just performing what the domain of the senders of email asked them to do I will be happy to see if I can to sort it out. Eric