On 12/02/21 7:12 pm, Bill Cole wrote:
Mail transport often involves MTAs not under the control of the
original sender or ultimate recipient or the authorities for the
sender's domain. Traditional forwarding (e.g. ~/.forward) still exists
and many systems supporting it run Sendmail, which will
On 12/02/21 6:57 pm, Bob Proulx wrote:
Nick Tait wrote:
Nick Tait wrote:
Perhaps the advice should be: If you are using Sendmail, then (a) you
shouldn't publish a DMARC policy and (b) you shouldn't reject emails
based on failed DMARC check; but if you aren't using Sendmail then as
long as you
On 11 Feb 2021, at 23:55, Nick Tait wrote:
On 12/02/2021 5:49 pm, Nick Tait wrote:
Perhaps the advice should be: If you are using Sendmail, then (a) you
shouldn't publish a DMARC policy and (b) you shouldn't reject emails
based on failed DMARC check; but if you aren't using Sendmail then as
Nick Tait wrote:
> Nick Tait wrote:
> > Perhaps the advice should be: If you are using Sendmail, then (a) you
> > shouldn't publish a DMARC policy and (b) you shouldn't reject emails
> > based on failed DMARC check; but if you aren't using Sendmail then as
> > long as you don't mind rejecting
On 11 Feb 2021, at 23:49, Nick Tait wrote:
To me that sounds like a reason not to use Sendmail, rather than a
reason not to apply DMARC policy? ;-)
Any mail system of significant size will receive some legitimate
messages that have passed through a Sendmail machine under other
management,
On 12/02/2021 5:49 pm, Nick Tait wrote:
Perhaps the advice should be: If you are using Sendmail, then (a) you
shouldn't publish a DMARC policy and (b) you shouldn't reject emails
based on failed DMARC check; but if you aren't using Sendmail then as
long as you don't mind rejecting emails from
On 12/02/2021 8:50 am, Bill Cole wrote:
On 11 Feb 2021, at 10:25, Benny Pedersen wrote:
On 2021-02-11 15:12, Bill Cole wrote:
On 11 Feb 2021, at 4:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
opendmarc?
No. It very likely never will be,
On 11 Feb 2021, at 10:25, Benny Pedersen wrote:
On 2021-02-11 15:12, Bill Cole wrote:
On 11 Feb 2021, at 4:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
opendmarc?
No. It very likely never will be, particularly as long as Sendmail is
in
On 2021-02-11 15:12, Bill Cole wrote:
On 11 Feb 2021, at 4:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
opendmarc?
No. It very likely never will be, particularly as long as Sendmail is
in widespread use.
why ?
is it the 8bitmime problem
On 11 Feb 2021, at 4:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
opendmarc?
No. It very likely never will be, particularly as long as Sendmail is in
widespread use.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo
Hi
On Thu, Feb 11, 2021 at 12:32:25PM +0300, Eugene Podshivalov wrote:
> Is it safe enough nowadays to drop dmarc failed incoming mail with
> opendmarc?
No. You can reject them however.
Bastian
--
Prepare for tomorrow -- get ready.
-- Edith Keeler, "The City On the Edge of
Bob Proulx:
Instead of Forward-Reverse-DNS matching the newer Best Practice is to
set up SPF, DKIM, DMARC for your own outgoing mail and other
anti-abuse for incoming mail.
On 11.02.21 12:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
Viktor Dukhovni:
The actual expectation is that the EHLO name is a valid DNS hostname,
and should resolve to the IP address of the client.
On 10.02.21 23:59, Eugene Podshivalov wrote:
Postfix does not seem to be able to check this right now. Wouldn't it be
good to have such features in
On 11/02/2021 09:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
opendmarc?
I would say not. I quarantine DMARC failures but do not reject - there
are still fps because of misconfiguration by senders or mailing lists
that are not
; on behalf of Viktor Dukhovni
> *Sent:* Wednesday, February 10, 2021 18:39
> *To:* postfix-users@postfix.org
> *Subject:* Re: client and ehlo hostname mismatch
>
> > On Feb 10, 2021, at 9:38 PM, Eugene Podshivalov
> wrote:
> >
> > Are there any wise cases
ostfix.org
Subject: Re: client and ehlo hostname mismatch
> On Feb 10, 2021, at 9:38 PM, Eugene Podshivalov wrote:
>
> Are there any wise cases for a legitimate client to provide a valid ehlo
> hostname (which maps to some address) but that address will differ from
> the address it con
> On Feb 10, 2021, at 9:38 PM, Eugene Podshivalov wrote:
>
> Are there any wise cases for a legitimate client to provide a valid ehlo
> hostname (which maps to some address) but that address will differ from
> the address it connects from?
I don't know about "wise", but this is not uncommon.
Are there any wise cases for a legitimate client to provide a valid ehlo
hostname (which maps to some address) but that address will differ from the
address it connects from?
чт, 11 февр. 2021 г. в 01:01, Bob Proulx :
> Eugene Podshivalov wrote:
> > Then what is the sense of doing this if the
Eugene Podshivalov wrote:
> Then what is the sense of doing this if the name can be whoever else's name?
For anti-spam and anti-abuse software. It's all available for the
anti-spam to use to decided how to classify the message. Perhaps not
as a hard block as that would definitely have false
On Thu, Feb 11, 2021 at 12:15:32AM +0300, Eugene Podshivalov wrote:
> > Viktor Dukhovni:
> > Postfix can check that the EHLO name resolves to some IP address.
>
> Then what is the sense of doing this if the name can be whoever else's name?
Spam bots are sloppy, and typicall default to the name
>
> Viktor Dukhovni:
> Postfix can check that the EHLO name resolves to some IP address.
Then what is the sense of doing this if the name can be whoever else's name?
чт, 11 февр. 2021 г. в 00:03, Viktor Dukhovni :
> On Wed, Feb 10, 2021 at 11:59:39PM +0300, Eugene Podshivalov wrote:
>
> > >
On Wed, Feb 10, 2021 at 11:59:39PM +0300, Eugene Podshivalov wrote:
> > Viktor Dukhovni:
> > The actual expectation is that the EHLO name is a valid DNS hostname,
> > and should resolve to the IP address of the client.
>
> Postfix does not seem to be able to check this right now. Wouldn't it be
>
> Viktor Dukhovni:
> The actual expectation is that the EHLO name is a valid DNS hostname,
> and should resolve to the IP address of the client.
Postfix does not seem to be able to check this right now. Wouldn't it be
good to have such features in smtpd_helo_restrictions?
ср, 10 февр. 2021 г.
On Wed, Feb 10, 2021 at 01:20:23PM -0700, Bob Proulx wrote:
> Eugene Podshivalov wrote:
> > I've just received a spam email from a client who presented itself as
> > emx.mail.ru but its ip 117.30.137.22 resolves to
> > 22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
> >
> > Are reverse client
On Wed, 10 Feb 2021, Bob Proulx wrote:
Eugene Podshivalov wrote:
I've just received a spam email from a client who presented itself as
emx.mail.ru but its ip 117.30.137.22 resolves to
22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
Are reverse client hostname and the ehlo one not supposed
Eugene Podshivalov wrote:
> I've just received a spam email from a client who presented itself as
> emx.mail.ru but its ip 117.30.137.22 resolves to
> 22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
>
> Are reverse client hostname and the ehlo one not supposed to match?
It's been an old
On 10 Feb 2021, at 14:41, Eugene Podshivalov wrote:
Hello,
I've just received a spam email from a client who presented itself as
emx.mail.ru but its ip 117.30.137.22 resolves to
22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
Are reverse client hostname and the ehlo one not supposed to
Hello,
I've just received a spam email from a client who presented itself as
emx.mail.ru but its ip 117.30.137.22 resolves to
22.137.30.117.broad.xm.fj.dynamic.163data.com.cn
Are reverse client hostname and the ehlo one not supposed to match?
--Eugene
28 matches
Mail list logo