On Wed, Apr 22, 2026 at 05:48:48PM +0100, Adam D. Barratt wrote:

If you send e-mail using a debian.org e-mail address from any non-
debian.org hosts, then we strongly suggest that you use the mail
submission service. [SUBMIT]

Unless the MUA is able to switch automaticaly between different submission services
depending on the From field, this does not seem very practical ?

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Hi!

On Wed, 2026-04-22 at 20:05:58 +0200, Bill Allombert wrote:

On Wed, Apr 22, 2026 at 05:48:48PM +0100, Adam D. Barratt wrote:

If you send e-mail using a debian.org e-mail address from any non- debian.org hosts, then we strongly suggest that you use the mail
submission service. [SUBMIT]

Unless the MUA is able to switch automaticaly between different submission services depending on the From field, this does not seem very practical ?

You could perhaps use msmtp as a sendmail "replacement" for that MUA and
then configure it to change the submission service based on the From.

Thanks,
Guillem

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-04-22 20:05:58, Bill Allombert wrote:

On Wed, Apr 22, 2026 at 05:48:48PM +0100, Adam D. Barratt wrote:

If you send e-mail using a debian.org e-mail address from any non- debian.org hosts, then we strongly suggest that you use the mail
submission service. [SUBMIT]

Unless the MUA is able to switch automaticaly between different submission services
depending on the From field, this does not seem very practical ?

Don't most MUAs do this? mutt does, as well as Apple Mail (where each
from is tied to a specific account, which holds the right "submit"
service).

regards,
iustin

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Bill Allombert <ballombe@debian.org> writes:

On Wed, Apr 22, 2026 at 05:48:48PM +0100, Adam D. Barratt wrote:

If you send e-mail using a debian.org e-mail address from any non-
debian.org hosts, then we strongly suggest that you use the mail
submission service. [SUBMIT]

Unless the MUA is able to switch automaticaly between different
submission services depending on the From field, this does not seem very practical ?

I believe this is fairly common functionality in mail clients, isn't it? I thought this was part of the standard toolkit for supporting multiple
email accounts in the same client. (Gnus has supported this for forever,
but I realize most people don't use Gnus.)

In any case, one option on Debian is to run a local MTA and point your
mail client at that, and then configure that MTA to route your mail
however you want. There are instructions on how to do that at:

https://dsa.debian.org/user/mail-submit/

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Hi, I'm not subscribed to d-project@, please keep me in CC.

On 22/04/26 18:48, Adam D. Barratt wrote:

In order to assist with delivery of e-mail from @debian.org addresses,
we will be introducing SPF records for debian.org in the near future,
along with records for $HOST.debian.org and $SERVICE.debian.org where
those are not already present.

Thank you!

You do not need to change anything if you are already using our mail submission service [SUBMIT].

I have a question about reportbug and reportbug.debian.org.

From a delivery/SPF/DKIM point of view, what should be preferred when submitting bugs using a @debian.org account?

Is it OK to use reportbug.debian.org as MTA plus no auth and `From: somebody@debian.org`? Or would it be better to go through the
authenticated submit service `mail-submit.debian.org`?

Regards,

--
Gioele Barabucci

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

[I have incorporated some, but not all, of the suggestions GMail
offered to "improve" my message. Accordingly, I must admit this
message contains some amount of "AI slop", tho I myself remain (as
always) a dog on the Internet. (Not that anybody knows that, of
course...)]


On Wed, Apr 22, 2026 at 12:49?PM Adam D. Barratt
<adam@adam-barratt.org.uk> wrote:

In order to assist with delivery of e-mail from @debian.org addresses,
we will be introducing SPF records for debian.org in the near future,
along with records for $HOST.debian.org and $SERVICE.debian.org where
those are not already present.

[...]

Hi. As a subscriber to some number of Debian mailing lists via my
current primary email address, jayarejay@gmail.com (yes, I understand,
it's GMail, no one else cares), I wonder if this will resolve a
recurring and persistent issue: receiving bounce messages from the
Debian listmasters for mail resent through various mailing lists
hosted at lists.debian.org to my GMail.com address. The bounces seem
related to the resent messages failing DKIM and SPF validation; I do
NOT believe they are generally related to the messages being actual
spam.

To date, I've received around 180 such bounce messages (at least,
that's the number of email threads I have labelled "tech/deb/debianlistmaster"), dating back to April 2013. Looking at
the last several (75 or so) threads, I seem to be getting bounce
messages every week or two. The last 29 bounce messages were
exclusively for the debian-qa-packages list. Prior to that (working
backward to the beginning of 2025) I see occasional mentions of other
lists (debian-mentors, debian-cloud, debian-toolchain) as well, tho
the vast bulk of the bounces are still for the d-qa-p list.

I reported the first bounce or two I got to listmaster@, but nothing
seemed to happen. I'll admit that I was not as forceful about
following up on my reports as I could have been.

If it is useful or interesting, the most recent bounce message
(reported to me on April 20) can currently be found at https://lists.debian.org/bounces/m4TYYw74H+CBKSXmLk+M3w .

The headers from that message are also included below for convenience
(slightly edited to wordwrap some things more usefully and prevent the "<newline>FROM" issue, and replace tab characters by 8 spaces as GMail apparently ate them):

Thanks for your (and everyone else's) efforts on behalf of Debian and
its users (and even me!)


----- ***** Beginning of Included Headers From Bounce Message ***** -----

From MAILER-DAEMON Mon Apr 20 05:03:17 2026

Return-Path: <>
X-Original-To: bounce-debian-qa-packages=jayarejay=gmail.com@lists.debi
an.org
Delivered-To: lists-bounce-debian-qa-packages=jayarejay=gmail.com@bende l.debian.org
Received: by bendel.debian.org (Postfix)
id 42E5D205B5; Mon, 20 Apr 2026 05:03:17 +0000 (UTC)
Date: Mon, 20 Apr 2026 05:03:17 +0000 (UTC)
From: MAILER-DAEMON@bendel.debian.org (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bounce-debian-qa-packages=jayarejay=gmail.com@lists.debian.org Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="55F0D205E4.1776661397/bendel.debian.org" Content-Transfer-Encoding: 8bit
Message-Id: <20260420050317.42E5D205B5@bendel.debian.org>

This is a MIME-encapsulated message.

--55F0D205E4.1776661397/bendel.debian.org
Content-Description: Notification
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

This is the mail system at host bendel.debian.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<jayarejay@gmail.com>: host
gmail-smtp-in.l.google.com[2a00:1450:4001:c21::1b] said:
550-5.7.26 Your email has been blocked because the sender is unauthentic ated.
550-5.7.26 Gmail requires all senders to authenticate with either
SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [lists.debian.org] with ip: [2001:41b8:202:deb:216:36ff:fe40:400
550-5.7.26 2] = did not pass
550-5.7.26
550-5.7.26 For instructions on setting up authentication, go to
550 5.7.26 https://support.google.com/mail/answer/81126#authentication ffacd0b85a97d-43fe4e2d00asi15880599f8f.150 - gsmtp (in reply to end of
DATA command)

--55F0D205E4.1776661397/bendel.debian.org
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; bendel.debian.org
X-Postfix-Queue-ID: 55F0D205E4
X-Postfix-Sender: rfc822; bounce-debian-qa-packages@lists.debian.org Arrival-Date: Mon, 20 Apr 2026 04:58:46 +0000 (UTC)

Final-Recipient: rfc822; jayarejay@gmail.com
Original-Recipient: rfc822;jayarejay@gmail.com
Action: failed
Status: 5.7.26
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp;
550-5.7.26 Your email has been blocked because the sender is unauthentic ated.
550-5.7.26 Gmail requires all senders to authenticate with either
SPF or DKIM.
550-5.7.26
550-5.7.26 Authentication results:
550-5.7.26 DKIM = did not pass
550-5.7.26 SPF [lists.debian.org] with ip: [2001:41b8:202:deb:216:36ff:fe40:400 550-5.7.26
2] = did not pass
550-5.7.26
550-5.7.26 For instructions on setting up authentication, go to
550 5.7.26 https://support.google.com/mail/answer/81126#authentication
ffacd0b85a97d-43fe4e2d00asi15880599f8f.150 - gsmtp

--55F0D205E4.1776661397/bendel.debian.org
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Return-Path: <bounce-debian-qa-packages@lists.debian.org>
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id 55F0D205E4; Mon, 20 Apr 2026 04:58:46 +0000 (UTC)
X-Mailbox-Line: From debian-qa-packages-request@lists.debian.org Mon
Apr 20 04:58:46 2026
Old-Return-Path: <noreply@release.debian.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on bendel.debian.or
g
X-Spam-Level:
X-Spam-Status: No, score=-0.7 required=4.0 tests=FROMAUTOREPLY,
RCVD_IN_DNSWL_LOW,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn
=no
autolearn_force=no version=3.4.6
X-Original-To: lists-debian-qa-packages@bendel.debian.org
Delivered-To: lists-debian-qa-packages@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id 9A45820459
for <lists-debian-qa-packages@bendel.debian.org>; Mon, 20 Apr
2026 04:39:50 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-lt X-Amavis-Spam-Status: No, score=-2.71 tagged_above=-10000 required=5.
3
tests=[BAYES_00=-2, FROMAUTOREPLY=1, RCVD_IN_DNSWL_LOW=-0.7
,
USER_IN_WELCOMELIST=-0.01, USER_IN_WHITELIST=-1]
autolearn=no autolearn_force=no
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525
)
with ESMTP id tFkN0rRd9uUk
for <lists-debian-qa-packages@bendel.debian.org>;
Mon, 20 Apr 2026 04:39:44 +0000 (UTC)
Received: from quantz.debian.org (quantz.debian.org [IPv6:2607:f8f0:614:1::1274:73])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-256) server-signature RSA-PSS (2048
bits) server-digest SHA256)
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id E6CD5205C4
for <debian-qa-packages@lists.debian.org>; Mon, 20 Apr 2026
04:39:44 +0000 (UTC)
Received: from picconi.debian.org ([2a02:16a8:dc41:100::132]:41030)
by quantz.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.96)
(envelope-from <noreply@release.debian.org>)
id 1wEgQ9-00Fqg6-2h
for packages@qa.debian.org;
Mon, 20 Apr 2026 04:39:41 +0000
Received: from mitropoulos.debian.org ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:46840)
by picconi.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.96)
(envelope-from <noreply@release.debian.org>)
id 1wEgQ8-008iYQ-1m
for wf-config@packages.debian.org;
Mon, 20 Apr 2026 04:39:40 +0000
Received: via submission
from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SM
TP
CA,CN=respighi.debian.org,EMAIL=hostmaster@respighi.debian.org
(verified)
by mitropoulos.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.96)
(envelope-from <noreply@release.debian.org>)
id 1wEgQ8-009uz0-0T
for wf-config@packages.debian.org;
Mon, 20 Apr 2026 04:39:40 +0000
Received: from release by respighi.debian.org with local (Exim 4.96)
(envelope-from <noreply@release.debian.org>)
id 1wEgQ7-00B7K8-2S
for wf-config@packages.debian.org;
Mon, 20 Apr 2026 04:39:39 +0000
From: Debian testing autoremoval watch <noreply@release.debian.org>
Subject: wf-config is marked for autoremoval from testing
To: wf-config@packages.debian.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Debian: release.debian.org/autoremovals
X-Debian-Package: wf-config
Message-Id: <E1wEgQ7-00B7K8-2S@respighi.debian.org>
Date: Mon, 20 Apr 2026 04:39:39 +0000
Delivered-To: wf-config@packages.debian.org
Delivered-To: packages@qa.debian.org
X-Rc-Spam: 2008-11-04_01
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <9fRP3V4GwDM.A.6fEM.GKb5pB@bendel>
Resent-From: debian-qa-packages@lists.debian.org
X-Mailing-List: <debian-qa-packages@lists.debian.org> archive/latest/94345 X-Loop: debian-qa-packages@lists.debian.org
List-Id: <debian-qa-packages.lists.debian.org>
List-URL: <https://lists.debian.org/debian-qa-packages/>
List-Post: <mailto:debian-qa-packages@lists.debian.org>
List-Help: <mailto:debian-qa-packages-request@lists.debian.org?subject=he

List-Subscribe: <mailto:debian-qa-packages-request@lists.debian.org?subject=subscribe> List-Unsubscribe: <mailto:debian-qa-packages-request@lists.debian.org?subject=unsubscribe> Precedence: list
Resent-Sender: debian-qa-packages-request@lists.debian.org
List-Archive: https://lists.debian.org/msgid-search/E1wEgQ7-00B7K8-2S@respi ghi.debian.org
Resent-Date: Mon, 20 Apr 2026 04:58:46 +0000 (UTC)

----- ***** End of Included Headers From Bounce Message ***** -----

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Wed, 22 Apr 2026, Gioele Barabucci wrote:n

From a delivery/SPF/DKIM point of view, what should be preferred when submitting bugs using a @debian.org account?

We currently don't reject based on SPF or DKIM. [It may affect the
spamassassin score, but if you're using reportbug it won't matter
because it has enough offsetting scores.]

Is it OK to use reportbug.debian.org as MTA plus no auth and `From: somebody@debian.org`? Or would it be better to go through the
authenticated submit service `mail-submit.debian.org`?

It's better to do the latter, but you can do the former.

--
Don Armstrong https://www.donarmstrong.com

We cast this message into the cosmos. [...] We are trying to survive
our time so we may live into yours. We hope some day, having solved
the problems we face, to join a community of Galactic Civilizations.
This record represents our hope and our determination and our goodwill
in a vast and awesome universe.
-- Jimmy Carter on the Voyager Golden Record

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Le Wed, Apr 22, 2026 at 08:56:25PM +0200, Iustin Pop a ?crit :

On 2026-04-22 20:05:58, Bill Allombert wrote:

On Wed, Apr 22, 2026 at 05:48:48PM +0100, Adam D. Barratt wrote:

If you send e-mail using a debian.org e-mail address from any non- debian.org hosts, then we strongly suggest that you use the mail submission service. [SUBMIT]

Unless the MUA is able to switch automaticaly between different submission services
depending on the From field, this does not seem very practical ?

Don't most MUAs do this? mutt does, as well as Apple Mail (where each
from is tied to a specific account, which holds the right "submit"
service).

Maybe how to do this should be added to the wiki, then.
It only provides instructions for MTA (exim and postfix).

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 17941 March 1977, Bill Allombert wrote:

Unless the MUA is able to switch automaticaly between different
submission services
depending on the From field, this does not seem very practical ?

Don't most MUAs do this? mutt does, as well as Apple Mail (where each
from is tied to a specific account, which holds the right "submit"
service).

Maybe how to do this should be added to the wiki, then.
It only provides instructions for MTA (exim and postfix).

There are a LOT of MUAs... So if you give text to DSA, im pretty sure
they are happy to include it (thats how Colins exim and my postfix
stuff got there).

For Fairmail (pretty good Android MUA) its inside its Settings, Base
ones, Identities. Within an identity you can configure individual SMTP
servers for sending (and much more). Then when you send you can select
your from and it uses the settings for whichever sender you selected.
In Thunderbird (Desktop) you can configure entire accounts (though
.debian.org doesnt offer IMAP) and within an account there is a "Manage identities" button. Behind it you can add multiple identities and for
each one you can select the outgoing SMTP server when you send mail
using this identity.

(Now someone please make this text nicer so it can go on the DSA page)

--
bye, Joerg

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Hi Bill,

Don't most MUAs do this? mutt does [...]

Maybe how to do this should be added to the wiki, then.

This is what I have for Mutt (note that I use pass to store the
mail-submit password):
```
set my_debian = 'alexm@debian.org'
set my_debian_smtp = 'smtp://alexm@mail-submit.debian.org:587'
source "pass my-debian-mail-password |"
set my_debian_reply_hook = "my_hdr from: $my_debian"
reply-hook . "unmy_hdr from:"
reply-hook ~L$my_debian $my_debian_reply_hook
reply-hook ~L.*@.*\.debian\.org $my_debian_reply_hook
reply-hook ~L.*@.*\.debian\.net $my_debian_reply_hook
set my_debian_send_hook = "\
set signature = '~/.mutt/signature.debian' \
smtp_url = $my_debian_smtp \
smtp_pass = $my_debian_pass \
sendmail = ''"
send2-hook . "set signature='' sendmail=''"
send2-hook ~L$my_debian $my_debian_send_hook
send2-hook ~L.*@debian\.org $my_debian_send_hook
send2-hook ~L.*@.*\.debian\.org $my_debian_send_hook
send2-hook ~L.*@.*\.debian\.net $my_debian_send_hook
```
I'll try to send a patch to DSA for the dsa-wiki later today.
Cheers,
Alex
--
???????
??????? Alex Muntada <alexm@debian.org>
?????? Debian Developer ? log.alexm.org
???????


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

]] "Joseph R. Justice"

I wonder if this will resolve a recurring and persistent issue:
receiving bounce messages from the Debian listmasters for mail resent
through various mailing lists hosted at lists.debian.org to my
GMail.com address. The bounces seem related to the resent messages
failing DKIM and SPF validation; I do NOT believe they are generally
related to the messages being actual spam.

Yes, this should hopefully help with that, since we should have better
SPF coverage. (We should probably also consider getting those messages
DKIM signed.)

Cheers,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)