#WiiLink Account Creation Support

Hello there. I attempted to create the account NSLSvcAcct on WiiLink24's account service as a custodial account for a hackerspace that has tons of retro consoles. I did not receive the email, but have now resolved the issue. Unfortunately, I need the account creation email resent.

Found the emails when I filtered by time. Disregard email issue, entirely my fault. Overly restrictive policies on my email server. However, I need the confirmation email resent... Seems to have aged out.

Is something up with the support@wiilink.ca email server?

Your server (well, Postale) returned the error.

Yeah, something's up, lol. Tried confirming my account by going through the reset password flow and didn't get the emails either, until they all came in a flood just now.

It's 3 AM, I had too much to drink, and I probably shouldn't be touching anything rn, lol.

Hey, at least I know my server isn't the only one having issues. (and maybe it's not my fault I didn't get the emails, lol, maybe they were very delayed through no fault of my own...)

One of the servers down the chain on WiiLink's side is not healthy.

https://account.wiilink.ca/ is NXDOMAINing now. And it's not my DNS server's fault! (oh no, is Cloudflare dying again...)

Oy. Your URLs on the site are inconsistent, lol. That's why it's NXDOMAINing, it's actually on accounts, but a link I clicked at https://just-eat.wiilink.ca/login directed me to an invalid URL.

And I kept using this window, lol. Issue occurs when you try to press the Food Delivery Settings button.

I should contribute.

Something something SPF and DMARC is misconfigured on WiiLink. "unverified sender", too tired.

a few notes on everything in this thread:

• we know the support email is broken, i have raised this internally but it clearly didn't get seen to, i'll bring it up again
• accounts emails sometimes take ages to be sent, we have been unable to determine the cause for this
• i'm unsure about the 502 error you showed, and have been unable to reproduce it
• we're aware the just eat page doesn't have the correct link back to the accounts page, i believe this has been fixed but the changes haven't been pulled on the server yet

Ever tried using a better email service? My personal Authentik deployments use Azure Communications Services to deliver email for password resets and other things. I was using Mailtrap, but was upset at its limitations.

IDK. I'd love to contribute in the ops side.

Now if the mail delivery issue is on the Authentik side, I'd question how loaded those servers are.

https://stackoverflow.com/questions/78214575/why-is-the-add-button-disabled-in-azure-email-communication-services-mailfrom-ad
(if you're test piloting it, you need to make a support ticket to add more sender addresses, btw. by default, they only give you DoNotReply@yourdomain, but it's easy to request the quota increase.)

You also gotta look at your SPF/DMARC records. Emails will get rejected by many mail servers if the senders identity can't be validated. (Exactly what happened on my mail server, I had a reject rule.) Without SPF/DMARC, it's trivial to spoof an email as from another domain.

So basically any email server can send email saying it's "wiilink.ca" because of the SoftFail at the end.

That significantly lowers your trust from many mail servers.

Basically, your SPF record is "mail should only come from servers listed in MX records, but you can accept mail anyways if it's not".

IDK all your infra and idk if you all are even willing to listen to me, lol. But just my two cents on your delivery issues.

Your overly lax SPF records could cause delivery issues.

TL;DR: Email is tricky, lol.

@agile adder Just a pingo because I'm not sure if mention was on or off when I replied. Apologies for double ping if it was. I'd like to contribute with ops support.

Remember, the sender in an email can be set to anything. Think of it as the return address on the envelope. You can put anything in there, as long as the sending mail server accepts it.

https://github.com/CanIPhish/spf-bypass

Lets say your emails are actual pieces of mail.
SPF says "if the ZIP code (mail server) stamped by the post office on the envelope doesn't match the return address or these ZIP codes, what should you do with it"
DKIM says "real mail should be signed with this key"
DMARC says "if the key and/or ZIP don't match up with what's on the return address, what should you do with it"?

Your SPF record basically is "mail should come from MX records only but reduce trust if not, don't reject (SoftFail)".
Your DKIM records tell "real messages are signed with this key, but reduce trust if not". (MXToolbox is bad at checking this)
Your DMARC record (as evaluated by MXToolbox) basically says "if a message fails SPF or DKIM, do nothing, but send an aggregate report after the fact to dmarc-reports@wiilink.ca".
(you also have more than one according to MXToolbox, potentially causing conflicts. it's sometimes wrong tho)

Your combination of records are severely lowering your server's trust signals.

yeah i get how dmarc works from my own domain (despite me having it completely misconfigured because of how i leverage cloudflare for free smtp)

i've forwarded this internally for someone who has access to these things to sort out, i had no idea our emails were this egregiously misconfigured

and yeah, we've confirmed through testing that it's almost definitely on the authentik side

i.e. they send through the authentik commandline but not any button in the interface

we use AWS SES for emails to my knowledge

Ouch. Yeah, then troubleshooting gets hairier.

I'd love to contribute to ensure that WiiLink is up as much as possible and is as efficient and scalable as possible.

Been a supporter for a long time. Ever since it was RC24 and ran by Larsen. You all are doing God's work, lol.

I keep requesting a verification email and it never gets sent to my inbox; please help!

Wait like 10-15 minutes and check your spam.

Authentik is taking forever to send emails, and all of their emails are marked as spam by many email providers because of the aforementioned issues.