Re: [asterisk-users] OT: DMARC enabled domains on this list
On Tue, Jun 06, 2017 at 08:23:33AM -0400, James B. Byrne wrote: > > The reports are there to tell you something isn't right (like on this > > mailing list). Disabling them is only hiding the problem, people might > > be replying with the correct answer to a problem, but the OP might > > never gets that message. > > > > What DMARC reports is that somebody other than yourself is sending > email claiming to be you. And there is absolutely nothing that you > can do about it. So the question arises: What is the value in these > reports? To tell those others (in the case of legitimate mail via mailinglists) they are doing something wrong and mail redirected by said mailinglists isn't getting delivered (or like with gmail "marked as phishing and put into quarantine"). Also with increased use of DMARC (which I don't personally care for but the BIG mail operators are kind of forcing it) there will be more bounces from DMARCed senders to subscribed users which may result in the mailinglist software to incorrectly unsubcribe those recipients. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: DMARC enabled domains on this list
On Mon, June 5, 2017 15:30, Daniel Tryba wrote: > > The reports are there to tell you something isn't right (like on this > mailing list). Disabling them is only hiding the problem, people might > be replying with the correct answer to a problem, but the OP might > never gets that message. > What DMARC reports is that somebody other than yourself is sending email claiming to be you. And there is absolutely nothing that you can do about it. So the question arises: What is the value in these reports? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: DMARC enabled domains on this list
On Mon, Jun 05, 2017 at 01:08:17PM -0400, James B. Byrne wrote: > This is likely the issue surrounding mailing lists rewriting headers > and/or modifying messages bodies or simply re-transmitting messages as > the original sender from an unapproved domain. This was discussed at > length on the ITEF mailing list. Without seeing your headers and > those of a recipient it is impossible to be sure but my spidy sense > tells me this is so. Subjects (atleast) are being rewritten, a recipient can't verify the original (signed) hash to match the received message (replay protection). Only thing that is needed is a valid DKIM signature after the subject (and maybe others) has "[asterisk-users]" prepended. It appears exim 4.76 is being used, that version is recent enough to add DKIM on sending via smtp. begin transports remote_smtp: driver = smtp dkim_domain = lists.digium.com dkim_selector = auniqueid dkim_private_key= /etc/exim4/dkim/list.digium.com-private.pem dkim_canon = relaxed More info for example from: https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4 The hints to do this for only 1 domain if the smtpd is used for others are all there. > You can manage this in your DNS forward zone by turning off the DMARC > reporting request. No, I no longer recall the details. Or you can > simply direct the incoming reports to /dev/null. The reports are there to tell you something isn't right (like on this mailing list). Disabling them is only hiding the problem, people might be replying with the correct answer to a problem, but the OP might never gets that message. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: DMARC enabled domains on this list
On Fri, June 2, 2017 16:30, Doug Lytle wrote: This is likely the issue surrounding mailing lists rewriting headers and/or modifying messages bodies or simply re-transmitting messages as the original sender from an unapproved domain. This was discussed at length on the ITEF mailing list. Without seeing your headers and those of a recipient it is impossible to be sure but my spidy sense tells me this is so. You can manage this in your DNS forward zone by turning off the DMARC reporting request. No, I no longer recall the details. Or you can simply direct the incoming reports to /dev/null. As I get the digest version of the list the message sender and domain match DMARC provisions, if any are set for digium.com. HTH. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OT: DMARC enabled domains on this list
>>> On Jun 2, 2017, at 4:19 PM, Daniel Tryba dan...@tryba.nl wrote: >>> Having enabled a strict DMARC setup I noticed everytime I send a message >>> here I get all these reports of messages which fail DMARC. Since I don't >>> want people to miss my wise thoughts maybe the maintainers of this list >>> could look into DKIM signing (or any of the other ways to work around >>> spf and dmarc breaking forwards) Since I just did this myself a couple days ago, I'll see what I get with this reply. Doug -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] OT: DMARC enabled domains on this list
Having enabled a strict DMARC setup I noticed everytime I send a message here I get all these reports of messages which fail DMARC. Since I don't want people to miss my wise thoughts maybe the maintainers of this list could look into DKIM signing (or any of the other ways to work around spf and dmarc breaking forwards) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
