Re: Undeliverable: Re: Backend handling replication slot stuck using 100% cpu, unkillable
| От | Stephen Frost |
|---|---|
| Тема | Re: Undeliverable: Re: Backend handling replication slot stuck using 100% cpu, unkillable |
| Дата | |
| Msg-id | ZLAHPqFt5pRuYi1P@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: Undeliverable: Re: Backend handling replication slot stuck using 100% cpu, unkillable (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-www |
Greetings, * Tom Lane (tgl@sss.pgh.pa.us) wrote: > Daniel Gustafsson <daniel@yesql.se> writes: > >> On 3 Jul 2023, at 15:05, hubert depesz lubaczewski <depesz@depesz.com> wrote: > >> forwarding error mail that I'm getting when > >> I'm sending to pgsql-bugs. > > > This is fairly common, IIUC GMail believes that the list sending email as you > > is violating the SPF configuration for @depesz.com. > > I get similar gripes on a routine basis from diogojoliveira and some > other addresses. As near as I can tell, the actual problem is that > these people have arranged to forward list mail from their subscribed > account to gmail, and the forwarding is being done in a way that > makes it have the original sender's envelope FROM (... not the > list's envelope FROM, nor the forwarding person's). But it's visibly > coming from the forwarding machine. If there's a hard SPF policy for > the envelope sender's domain, kaboom! There's certainly up-sides and down-sides to rewriting FROM and From lines. Generally speaking, the kind of forwarding that doesn't change the email at all works pretty well and is exactly what the mailing lists do and is what gmail recommends when forwarding to them, because it doesn't end up breaking DKIM. The issue is that when the emails aren't DKIM signed then there's no way to verify that they haven't been changed by the forwarder and when there's an SPF rule saying to bounce those emails, that's what happens. It's also possible to set up ARC on the forwarder to provide assurance that the forwarder validated the email when it arrived and to claim that to the end system, but that only works if the end system trusts the forwarding system and that doesn't tend to happen across organizations (gmail may trust its own ARC signatures and so email that goes from a random system to gmail and which gmail validates and then forwards on while adding their ARC signature but breaking DKIM can be accepted by gmail still, but my own efforts to get gmail to accept my ARC signatures has gone exactly nowhere). I've also looked into trying to not send bounces when this happens but unfortunately there doesn't seem to be an easy way to make that happen except to disable bounce reports from being generated at all, which would be far worse. For better or worse, these days if you care about delivery and avoiding bounces, you pretty much have to be doing SPF+DKIM+DMARC with all the annoyence that entails. If you don't care much about delivery then you can expect to get such bounces. Thanks, Stephen
Вложения
В списке pgsql-www по дате отправления: