| *** mrunge_ is now known as mrunge | 07:23 | |
| opendevreview | JaromÃr Wysoglad proposed openstack/governance master: Add aetos to telemetry project https://review.opendev.org/c/openstack/governance/+/946744 | 08:26 |
|---|---|---|
| *** dansmith is now known as dansmith_pto | 16:52 | |
| timburke | i sent an email yesterday about swift's ops-feedback session happening tomorrow, but i haven't seen it show up in the discuss archives -- is it still held for moderation? | 16:54 |
| gouthamr | fungi: ping on timburke's question ^ | 18:42 |
| gouthamr | timburke: #opendev is usually a great channel for infra questions, ETOOMANYCHANNELS :D | 18:42 |
| timburke | thanks | 19:27 |
| fungi | gouthamr: timburke: i went through messages held for moderation when i woke up this morning (about 6 hours ago) and there wasn't anything from you | 19:29 |
| timburke | weird -- thanks for checking. maybe i'll try again from my gmail instead of work email... | 19:30 |
| fungi | i can check th mta server logs to see if anything every reached the server | 19:30 |
| fungi | timburke: was it sent from your nvidia.com address? | 19:31 |
| timburke | yup | 19:31 |
| fungi | huh, looks like the lists server is deferring acceptance with "Temporary DNS error while checking SPF record. Try again later." | 19:34 |
| timburke | funky -- i'll try to find someone on our end to let know | 19:35 |
| fungi | though if i manually check txt records for the domain from the server i see: nvidia.com descriptive text "v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all" | 19:35 |
| fungi | which is kinda a funky spf record, but presumably valid (i won't pretend to be able to parse that dsl with my own thinkmeat) | 19:36 |
| fungi | the error from our mta seems more like a cached dns resolution failure | 19:37 |
| fungi | trying to see if i can tell what in exim's spf checker could lead to those errors | 19:38 |
| fungi | though looks like it could be as simple as the mail-bn8nam12on20623.outbound.protection.outlook.com host trying to deliver that message not matching the spf expression | 19:39 |
| timburke | oh, interesting... trying https://www.kitterman.com/spf/validate.html i see something about "DNS: Truncated UDP Reply, SPF records should fit in a UDP packet, retrying TCP", followed by the same sort of "TempError SPF Temporary Error: DNS DNS SERVFAIL" | 19:41 |
| fungi | timburke: yeah, that's coming directly from our exim config: https://opendev.org/opendev/system-config/src/branch/master/playbooks/roles/base/exim/templates/exim4.conf.j2#L521 | 19:42 |
| fungi | the message i see in our logs i mean | 19:42 |
| fungi | though we merely cargo-culted it from the default exim config on debian/ubuntu | 19:42 |
| fungi | so does seem like something about nvidia.com's spf record has changed for the worse recently | 19:43 |
| fungi | we're fairly accepting of inbound messages, this is more of a pathological condition because of something with the dns lookup | 19:43 |
| fungi | ironically, if there wasn't an spf record at all your messages would have gone through | 19:44 |
| timburke | all right, well, i'll try the gmail approach first -- seems most expedient. will follow up with IT on my side. thanks for the help fungi! | 19:48 |
| fungi | timburke: any time. if this persists we can probably work out some sort of alternative solution too | 19:49 |
| fungi | i'm still not entirely convinced that the issue is actually a change in the domain's spf records, but it seems likely | 19:49 |
| timburke | :-/ i bet i need to subscribe from gmail before i can post, huh... | 21:27 |
| timburke | at the same time, i'm not entirely sure how my nvidia account is subscribed -- i don't remember my password, and when i try to reset, i get an email like "However, we do not have any record of such an account in our database." | 21:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!