RE: [CentOS] Re: DKIM
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karanbir Singh Sent: Thursday, September 25, 2008 11:47 AM To: CentOS mailing list Subject: Re: [CentOS] Re: DKIM Toby Bluhm wrote: > BTW - very informative thread. > I wonder if someone might take the bits of info in this thread and put it into a wiki page around Mail Servers and perhaps start a best practices section... Would http://wiki.centos.org/HowTos#head-49a3d6a9a0c95cff0676b0209eae985780e41678 be a good place to consolidate under ? JohnStanley Writes: An excellent thought Second That! Bob does indeed have some pretty decent notes up on his site. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Toby Bluhm wrote: > Scott Silva wrote: > . > . > . >> A "one stop shop" on everything CentOS. >> > > > I like that approach better. A new list for email only would probably > lead to email threads on *both* lists, users being reminded to take the > discussion to the other list, etc. We have no application specific lists yet (not counting centos-virt, true), and I don't think we should have. E-Mail is the same on *every* unix and sometimes even on windows. So someone having problems with sendmail or exim or postfix should go to the lists specific for those applications. I know I also put some fuel into this fire, but I think we should let this thread die. As Karanbir said: There were some really interesting issues in this thread, so if someone wants to come up and put a summary of this thread on the CentOS Wiki, nobody will stop him or her. Cheers, Ralph pgpeRhRCC9Ij5.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
John Hinton wrote: > Toby Bluhm wrote: > > Scott Silva wrote: > > > > > > A "one stop shop" on everything CentOS. > > > > I like that approach better. A new list for email only would > > probably lead to email threads on *both* lists, users being > > reminded to take the discussion to > > the other list, etc. > > My point is we go unhelped by CentOS. There is no way I'm going to > post mail issues to this list. And this list would become unusable if > we started this. Talking about spam filters, milters and on and on > and on. Look what just happened. One single very simple question of > the thousands to be dealt with and the thread went crazy... at which > point it was suggested that we end this thread. So, basically, posts > about 'all' things email are NOT welcomed on this list and should > not be. The only reason this thread went nuts was because it got onto the topic of SPF records. This is one of those topics that lots of people have rather strong feelings about and threads discussing it almost always seem to go out of control. The suggestion to end the thread generally comes when an argument starts going around in circles resolving nothing. Generic mail questions are always welcome here. Of course, more specific questions should be directed to the proper MTA-specific mailing list. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
John R Pierce wrote: Les Mikesell wrote: Mail isn't supposed to be rejected for this, but some places probably do. A more correct approach is to have one name with the A record and the matching ptr and make all of the other names CNAMEs. no, no, no! CNAMES are discouraged as they create additional work for everyone else's DNS servers. Is there an RFC to that effect? I didn't realize DNS lookups were a scarce resource. the only time its proper to use a CNAME is when you are referencing a host on someone else's network who's addressing and management is beyond your control and you won't get notifications if its changing. I suppose something like this is overkill, though... Non-authoritative answer: www.redhat.com canonical name = www.redhat.com.edgekey.net. www.redhat.com.edgekey.net canonical name = www.redhat.com.edgekey.net.globalredir.akadns.net. www.redhat.com.edgekey.net.globalredir.akadns.net canonical name = e86.b.akamaiedge.net. Name: e86.b.akamaiedge.net Address: 64.215.167.112 for email, all the various domains should have MX records with the mail server's "true" name. MX records don't have much to do with the system sending mail. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Toby Bluhm wrote: Scott Silva wrote: . . . A "one stop shop" on everything CentOS. I like that approach better. A new list for email only would probably lead to email threads on *both* lists, users being reminded to take the discussion to the other list, etc. My point is we go unhelped by CentOS. There is no way I'm going to post mail issues to this list. And this list would become unusable if we started this. Talking about spam filters, milters and on and on and on. Look what just happened. One single very simple question of the thousands to be dealt with and the thread went crazy... at which point it was suggested that we end this thread. So, basically, posts about 'all' things email are NOT welcomed on this list and should not be. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Les Mikesell wrote: Mail isn't supposed to be rejected for this, but some places probably do. A more correct approach is to have one name with the A record and the matching ptr and make all of the other names CNAMEs. no, no, no! CNAMES are discouraged as they create additional work for everyone else's DNS servers. the only time its proper to use a CNAME is when you are referencing a host on someone else's network who's addressing and management is beyond your control and you won't get notifications if its changing. for email, all the various domains should have MX records with the mail server's "true" name. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Ralph Angenendt wrote: Your problem - if you actually want to solve it instead of tossing the blame to others like yahoo is... # host mail.creativeprogramdesigners.com mail.creativeprogramdesigners.com has address 72.35.68.58 # host 72.35.68.58 58.68.35.72.in-addr.arpa domain name pointer creativeprogramdesigners.com. the forward doesn't match the reverse - it's that simple. Why not just fix it? Because it is *NOT* needed. I have several machines which have lots of A records for just one ip address. But only one name when I do a reverse lookup. Anyone checking for that shouldn't be allowed to receive mail. Mail isn't supposed to be rejected for this, but some places probably do. A more correct approach is to have one name with the A record and the matching ptr and make all of the other names CNAMEs. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Scott Silva wrote: . . . A "one stop shop" on everything CentOS. I like that approach better. A new list for email only would probably lead to email threads on *both* lists, users being reminded to take the discussion to the other list, etc. -- Toby Bluhm Alltech Medical Systems America, Inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > Karanbir Singh wrote: > >> Toby Bluhm wrote: > >>> BTW - very informative thread. > >>> > >> > >> I wonder if someone might take the bits of info in this thread and > >> put it into a wiki page around Mail Servers and perhaps > start a best > >> practices section... > >> >From hotmail, thought this would be helpful to the thread...or the wiki. Rep actually mentions the program they use. Hello Bob, My name is Anja from Windows Live Hotmail Domain Support. I understand that you have changed the servers you are sending your mail from and now messages are being delivered to the Junk Mail Folder in Hotmail accounts. I have investigated the IPs that you have mentioned and only see connections from the IPs 72.35.68.58 and 72.35.68.61. For today, we do see filtering only on the IP 72.35.68.61. ( I only tested from a few virtualhosts on hotmail, some got through no problem.) Hotmail bases its spam rating on the content of a message and the reputation of the sending IP address. When an IP is new, it will not have built a reputation yet. Therefore, it may happen that it is filtered more severely than a well used IP with a good reputation. However, if you keep following the industry best practices a good reputation will be built quickly and filtering will stop. (reputationtakes time) We may be able to help you over the beginning issues that you are experiencing, however, before we can do that we would like you to publish SPF records for each of your sending domains. This technology allows SmartScreen to better track emails from your IP, weeding out spoofed messages. In turn, this will help to improve the reputation of your IP address. You can find additional information on creating SPF records at http://www.microsoft.com/senderid. We have also published a document on email delivery at http://www.microsoft.com/postmaster. (microsoft uses a different standard thqn regular spf, spf/pra or something like that. Where yahoo wants domain keys, google wants regular spf...again, all about time for new ip addresses, even if you have these things) Once you have published SPF records for all your sending domains, please contact us again and we will further investigate the issue. Best regards, Anja Windows Live Hotmail Domain Support ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Karanbir Singh wrote: Toby Bluhm wrote: BTW - very informative thread. I wonder if someone might take the bits of info in this thread and put it into a wiki page around Mail Servers and perhaps start a best practices section... Would http://wiki.centos.org/HowTos#head-49a3d6a9a0c95cff0676b0209eae985780e41678 be a good place to consolidate under ? This has been an excellent thread. Yet this thread has been only one tiny aspect of good email practices. Yet many folks 'respectfully' did not understand a lot that was corrected in several of the posts in just this one very basic aspect of email. This leads me to ask for a CentOS mailing list for email For webserver/mailserver admins, it seems that email is by far the largest issue, spanning everything from DNS to server loads to choosing (and the configuration of) many applications... some not upstream packages. It's easy to get into a mess and not have a good way back to the base. MailScanner comes to mind. Great software, but dependency hell. I found that I could have used many Perl packages from the Dag repo instead of how MailScanner chose to do its install. This resulted in a much cleaner install with regards to package management. If there had been a CentOS email, mailing list, much of this could have been headed off and perhaps more wiki's would spring out of it? Yet again, the above is just one other tiny aspect of reliable email service on a CentOS server. When I go off to other software and to their mailing list, the answers are more about 'how to get it to work' instead of 'how to get it to best co-exist within CentOS'. In fact, many hate rpm and insist on totally sidestepping it. Yes, sometimes it's a PITA, but most of the time staying within upstream keeps me out of trouble which is why I guess most of us are using CentOS in the first place. This was what led to my thought for a CentOS specific mailing list for email. Yes, there is a huge amount of data out there, just like this thread. But these types of threads clog a general list and I've always hesitated to post any email issues here. Yet, it is extremely difficult to drill down a search to the good information with regards to CentOS specific help or good practices with regards to email. Google anyway you want you either miss what's good or get way the heck to much information that is not helpful to CentOS, in spite of using CentOS as a part of the search yes, even in quotes. And, on a list like this you get to know who to trust. General searches often times yield idiotic suggestions or old practices. The target is constantly moving. Large providers are constantly making 'new rules'. My clients don't care, they just want to be able to send an email to their clients no matter the receiving system. So I again ask for this list... I wonder how many feel that it would be worth the trouble? But I don't really want to ask anything more of the CentOS team, as they are IMO doing plenty right now. I am very appreciative. John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Toby Bluhm wrote: BTW - very informative thread. I wonder if someone might take the bits of info in this thread and put it into a wiki page around Mail Servers and perhaps start a best practices section... Would http://wiki.centos.org/HowTos#head-49a3d6a9a0c95cff0676b0209eae985780e41678 be a good place to consolidate under ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM - Read Yahoo's FAQ
Scott Silva wrote: > An entry from localhost is very common on a webmail server. It shouldn't > break anything, it is just a relay. Enough time has been wasted on the DKIM thread so I'm not reading the main thread but what was Hoffman thinking looking up my headers on a webmail client? I'm not the one sending Yahoo email from a home server. Its crystal clear what needs to be done. Wait till he sends mail to AOL or Hotmail. Thanks, Josh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > Karanbir post was brief and to the point. yours is a personal attack. > Even if Bob missed your excellent recommendation, there is no > reason to get mad. > ___ I gotta agree that we need to close this thread. It seems whether a mailing list or a forum thread that lasts too long starts going off topic and gets personal. It is very easy to misinterpret what someone meant to say, either in jest or authority. And as it grows, the original need is lost. The originail need was Do you use dkim and how did you implement it? I think we found that DKIM is optional and not a realy need. On top of it we found, with argument, that spf is needed, but can cause mail problems. Lets just end it. I think a lot of good information came out of it and a lot of people with different knowledge areas all inputted. Karanbir said lets drop it, so lets drop it. No one meant to offend anyone, but it is not helping anymore. I will check out spf in full, and not use dkim. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Josh Donovan wrote: Karanbir Singh wrote: Bob Hoffman wrote: Yeato hell with yahoo. I will just make all members use a different email service. Aint worth the effort. I think this conversation is at a point where it would make more sense on a yahoo / email specific list. Agreed! Its amazing to see the childishness of not being able to get one's server in order, ignoring Yahoo's FAQ's and then this kind of BS. Karanbir post was brief and to the point. yours is a personal attack. Even if Bob missed your excellent recommendation, there is no reason to get mad. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
mouss wrote: . . . I don't like Josh mail, yours is worst. I dunno about that. I mean after a long thread where you try to make sure you are doing the right thing on your end before going upstream to complain, you get to be called childish, ignorant and full of BS. I'd be pissed too. BTW - very informative thread. -- Toby Bluhm Alltech Medical Systems America, Inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Bob Hoffman wrote: I think this conversation is at a point where it would make more sense on a yahoo / email specific list. Agreed! Its amazing to see the childishness of not being able to get one's server in order, ignoring Yahoo's FAQ's and then this kind of BS. Thanks, Josh. Um, no one has ignored yahoos mail practices. My server is set up correctly. I even took the step of adding spf. I talked to others with the same issue that use dkim It is still grey listed. After talking with yahoo, they indicate the change of ip addresses/server/hostname as main indicator. They asked for the old and the new ips, server, hostname to verify. But of course you do not read. So, you can stick your childishness up you arse and kiss mine while you are at it. this is really inappropriate. many people here have tried to help you with what is really _your_ problem and is clearly off topic here. while I don't like Josh mail, yours is worst. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM - Read Yahoo's FAQ
Josh wrote >Agreed! Its amazing to see the childishness of not being >able to get one's server in order, ignoring Yahoo's >FAQ's and then this kind of BS. > > Looking at the headers of the mail you have just sent from a > yahoo client you have not followed to the letter Yahoo's > requirements 4-7. 4- consistent headers- there is nothing wrong with the headers. ...check. 5- can spam act..went there, nothing in my headers or mail suggests it ..check 6- mail authentication- no domain keys here, yahoo does not require except for bulk mailings, as per their faqs, spf and dkim taken off as useless and mail breaking. 7- reverse dns- not a dynamic ip...check. So...we agree to disagree that each thinks the other does not know what is happening. Lets leave it at that. Although your email headers have issues.might want to look into that localhost 127.0.0.1 thing. That is a red flag. All those different mailservers from the same domain. Golly. Received: from n27.bullet.mail.ukl.yahoo.com (n27.bullet.mail.ukl.yahoo.com [87.248.110.144]) Received: from [217.146.182.177] by n27.bullet.mail.ukl.yahoo.com with NNFMP; 25 Sep 2008 12:07:03 - Received: from [87.248.110.117] by t3.bullet.ukl.yahoo.com with NNFMP; 25 Sep 2008 12:07:03 - Received: from [127.0.0.1] by omp222.mail.ukl.yahoo.com with NNFMP; 25 Sep 2008 12:07:03 - Received: from [79.65.135.77] by web28215.mail.ukl.yahoo.com via HTTP; Thu, 25 Sep 2008 12:07:03 GMT X-Mailer: YahooMailWebService/0.7.218.2 From: Josh Donovan <[EMAIL PROTECTED]> ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM - Read Yahoo's FAQ
Bob Hoffman wrote: > Um, no one has ignored yahoos mail practices. > My server is set up correctly. > I even took the step of adding spf. > I talked to others with the same issue that use dkim > It is still grey listed. > > After talking with yahoo, they indicate the change of ip > addresses/server/hostname as main indicator. > They asked for the old and the new ips, server, hostname to > verify. > > But of course you do not read. > > So, you can stick your childishness up you arse and kiss > mine while you are > at it. Looking at the headers of the mail you have just sent from a yahoo client you have not followed to the letter Yahoo's requirements 4-7. http://lists.centos.org/pipermail/centos/2008-September/065243.html Feel free to use the Contact Yahoo Customer Care button below the FAQ. Stop being belligerent on a public mailing list. People have issues other than Yahoo mail to discuss. Thanks, Josh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > > > I think this conversation is at a point where it would make > more sense > > on a yahoo / email specific list. > > Agreed! Its amazing to see the childishness of not being able > to get one's server in order, ignoring Yahoo's FAQ's and then > this kind of BS. > > Thanks, > Josh. > Um, no one has ignored yahoos mail practices. My server is set up correctly. I even took the step of adding spf. I talked to others with the same issue that use dkim It is still grey listed. After talking with yahoo, they indicate the change of ip addresses/server/hostname as main indicator. They asked for the old and the new ips, server, hostname to verify. But of course you do not read. So, you can stick your childishness up you arse and kiss mine while you are at it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Karanbir Singh wrote: > Bob Hoffman wrote: > > > > Yeato hell with yahoo. I will just make all > members use a different > > email service. Aint worth the effort. > > I think this conversation is at a point where it would make > more sense > on a yahoo / email specific list. Agreed! Its amazing to see the childishness of not being able to get one's server in order, ignoring Yahoo's FAQ's and then this kind of BS. Thanks, Josh. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Craig White wrote: > well it's not just yahoo as I know for certain that AOL also requires > reverse DNS to match just like all the mail servers that I maintain also > require matching reverse DNS. > > Your problem - if you actually want to solve it instead of tossing the > blame to others like yahoo is... > > # host mail.creativeprogramdesigners.com > mail.creativeprogramdesigners.com has address 72.35.68.58 > > # host 72.35.68.58 > 58.68.35.72.in-addr.arpa domain name pointer > creativeprogramdesigners.com. > > the forward doesn't match the reverse - it's that simple. Why not just > fix it? Because it is *NOT* needed. I have several machines which have lots of A records for just one ip address. But only one name when I do a reverse lookup. Anyone checking for that shouldn't be allowed to receive mail. Ralph pgpyLyoGXcYn7.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Scott Silva wrote: > on 9-24-2008 2:23 PM Ralph Angenendt spake the following: >> I get it via mail.centos.org which clearly isn't a server you would >> allow to send mails out as @hoffman.com when you set up SPF for your >> domain. So if I drop mails which don't have a "correct" SPF record - >> I'd drop that mail. >> >> Although your domain has correct SPF records. > > But shouldn't a forwarder add its own envelope and a set of received headers? Envelope-To, yes. It doesn't touch the envelope From. And you don't get to see the received headers in the smtp dialog. Ralph -- Ralph [EMAIL PROTECTED] | .."Text processing has made it possible Bayerischer Rundfunk...80300 München | to right-justify any idea, even one Programmbereich.Bayern 3, Jugend und | .which cannot be justified on any other Multimedia.Tl:089.5900.16023 | ..grounds." -- J. Finnegan, USC pgp47LwalQSgo.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Craig White wrote: On Wed, 2008-09-24 at 19:00 -0400, Bob Hoffman wrote: And to follow up on the whole Domain keys. I found at least 30 people online who have the same issue, but they have working DKIMs but still being junked. Yeayahoo...whee. well it's not just yahoo as I know for certain that AOL also requires reverse DNS to match just like all the mail servers that I maintain also require matching reverse DNS. Your problem - if you actually want to solve it instead of tossing the blame to others like yahoo is... # host mail.creativeprogramdesigners.com mail.creativeprogramdesigners.com has address 72.35.68.58 # host 72.35.68.58 58.68.35.72.in-addr.arpa domain name pointer creativeprogramdesigners.com. the forward doesn't match the reverse - it's that simple. Why not just fix it? as already said, there is no need for name->ip->name to "match". so-called FcrDNS is ip->name->ip. and in Bob's case, it matches. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
On Wed, 2008-09-24 at 19:00 -0400, Bob Hoffman wrote: > And to follow up on the whole Domain keys. > I found at least 30 people online who have the same issue, but they have > working DKIMs but still being junked. > > Yeayahoo...whee. well it's not just yahoo as I know for certain that AOL also requires reverse DNS to match just like all the mail servers that I maintain also require matching reverse DNS. Your problem - if you actually want to solve it instead of tossing the blame to others like yahoo is... # host mail.creativeprogramdesigners.com mail.creativeprogramdesigners.com has address 72.35.68.58 # host 72.35.68.58 58.68.35.72.in-addr.arpa domain name pointer creativeprogramdesigners.com. the forward doesn't match the reverse - it's that simple. Why not just fix it? Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
And to follow up on the whole Domain keys. I found at least 30 people online who have the same issue, but they have working DKIMs but still being junked. Yeayahoo...whee. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Bob Hoffman wrote: Update, spf did nothing for yahoo. Spf made gmail a little happier. Yahoo is getting through to my server, it just takes from 1 to 10 minutes right now. Yeato hell with yahoo. I will just make all members use a different email service. Aint worth the effort. I think this conversation is at a point where it would make more sense on a yahoo / email specific list. -- Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
Update, spf did nothing for yahoo. Spf made gmail a little happier. Yahoo is getting through to my server, it just takes from 1 to 10 minutes right now. Yeato hell with yahoo. I will just make all members use a different email service. Aint worth the effort. That'll show em whose boss lol ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> can you try after changing your hostname from > "mail.creativeprogramdesigners.com" to "bobhoffman.com". I > mean the name that appears in your greeting: > > $ telnet bobhoffman.com 25 > ... > 220 mail.creativeprogramdesigners.com ESMTP Sendmail ... > > You can only have one hostname for the server. There are multiple websites on it. Each site should have its own mail domain and the fact that you see that in the telnet tells you it is working right. The mail.creati...com is from when the mail server gets it from my home computer. Unfortunately that is the way the mail works. That host is getting it and then moving it along. And yep...just started a few yahoo accounts. They cannot get any mail out ot my server and all mail going in is junk. Yahoo it self can send me mails as I asked them to in the account set up. I think this is soley a yahoo issue and nothing to do with dkim, spf, or anything else. I think they are killing any mail to my server and greylisting anything from it. Dang you yahoo Lol. I will let you know if I ever get it resolved. Thanks for all the input. I just think this is out of my hands completely now other than a letter begging yahoo to help...a real snail mail letter.. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Bob Hoffman wrote: Apparently now when I send an email from my yahoo account to the server, it just disappears. So now yahoo is eating the mail going to me. can you try after changing your hostname from "mail.creativeprogramdesigners.com" to "bobhoffman.com". I mean the name that appears in your greeting: $ telnet bobhoffman.com 25 ... 220 mail.creativeprogramdesigners.com ESMTP Sendmail ... Wonderful. life is wonderful, isn't it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > > > Egads. > Are you positive that your server isn't eating it? > I whitelisted yahoo in spam assassin. Now some of the domains can send mail and get junked, but the bobhoffman mail does not even get that far anymore. I think yahoo must be worried as to the new ip addresses for my site. Maybe the new ip addresses were once spam. I keep asking them in mails and they keep sending me a form answer to the faq that does not answer. Other than yahoo, all is well though...this is definitely a yahoo thing I believe. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
Apparently now when I send an email from my yahoo account to the server, it just disappears. So now yahoo is eating the mail going to me. Wonderful. Egads. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
RobertH wrote: prove what? if the machine with an rDNS of bobhoffman.com sends mail from <[EMAIL PROTECTED]>, and is the MX of this domain, would anybody think this is a forgery? Mouss... I mean Ratatouille :-) I'm feeling hungry now! Answer: Possibly Depends on many factors doesn't it? Let me restate it: I don't care if it's a forgery. it's his site/domain/network. if I get spam, he has to fix the problem. he can't tell me: "a spammer forged my domain". the answer would be "a spammer _owned_ your machine". gmail do what they call a "guessed spf": if the client rdns matches the sender domain, they consider that the client is "authorized" (as if it was listed in an SPF record). I can't say for yahoo, as speculation won't help Bob here. but I don't have an SPF record and my mail to yahoo users is delivered. to say it another way: I think that clients with an rdns in the sender domain should be considered as "authorized" (like if they were in an SPF record). if the owner doesn't want, he can still firewall them. but in any case, he is responsible of any spam that gets out of these. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Scott Silva wrote: > on 9-24-2008 11:41 AM Ralph Angenendt spake the following: >> Scott Silva wrote: >>> AFAIR yahoo only looks for proper SPF records and then looks at >>> content so far. My users interact with them all the time. >> >> Out of curiosity: What happens if you don't have SPF records? >> >> Ralph > Initially when I had to deal with sending to yahoo I would get a mix of > mail dumping into the receivers spam box to downright rejections. Then it > moved completely to rejections. I have exec's that send mail to all the > big providers, usually to lawyers and lobbyists that are either too > clueless or too cheap to have a better mail system. Aol and yahoo at the > time just wanted SPF records and reverse DNS that resolves. I really love it. There were times, when more spam had correct spf records than ham had. And SPF breaks mails in funny ways, especially for mailing lists or just plain email forwarding. Yes, there's SRS which tries to unbreak that but that's like trying to staple the staple on the dirty handkerchief you used for the large flesh wound to stop the bleeding. The only problem SPF can solve is that it is easier for the *sender* to make it harder for others to use his domain name in forgeries. It doesn't solve any other problem. And people who reject mails because of SPF are plain stupid (IMNSHO). It can be used to score, yes, but it really doesn't do what most people think it does. DKIM looks like it is better thought through - at least it doesn't break mail as spectacularly as SPF does. Reverse DNS - I love it. Rejecting mails because of broken or non-existant DNS violates the mail RFCs, though. In my eyes obsessive anti spam regulations destroys that part of email which spammers didn't destroy yet. Ralph pgp4xliHOc74d.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
I guess spf would help deal with the whole [EMAIL PROTECTED] or [EMAIL PROTECTED] issues. Sending from an application is not hard for the return, from and to and all that. But the received from headers are gotten by the receiving client going to sendmail for a helo/ehlo. However apache is the user that sent it and it is the user the ehlo will look for. Since there is no way to magically make apache deal with all the virtual hosts, it is a constant problem with many webmasters. No one wants to see that in the headers anywhere. However, maybe the spf can allow [EMAIL PROTECTED] in the dns of each domain name...thus no redflags. I can see no other good alternative for that yet. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > prove what? > > if the machine with an rDNS of bobhoffman.com sends mail from > <[EMAIL PROTECTED]>, and is the MX of this domain, would anybody think > this is a forgery? > Mouss... I mean Ratatouille :-) Answer: Possibly Depends on many factors doesn't it? I know you are on other lists like SA so I am not sure why you are leading us down the infinite possibilities path... ...seeing as you are quite excellent at *nix and *net administration and implementations. :-) - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> Besides, in the OP case, SPF will change nothing for mail > getting out of his server, since his sender domain matches > his client domain (this is what gmail calls "guessed SPF"), > and in addition, his client is the MX of his domain, so he is > not going to forge his own domain on his own server. > > Read a few dozen sites since the last post. The reason behind spf is as follows...i guess. SPF says 'this domain and this ip sendmails' and you should say 'reject any mails you (yahoo, gmail, etc) receive that are not from 'this domain or this ip' The ip can be one or many. The domains can be one or many. What they are looking for is 'are you helping them weed out their own spam?' If someone forges your address, yahoo will then go to your site and find out that only 'this ip and this mail server' can send mail. If the mail they got is not agreeing with that, they crush it. This tells yahoo you are somewhat trying to help and then they whitelist it, so to speak. Not doing this will tell yahoo you want 'any mail from anywhere with my email address or domains' to be accepted. Since they do not like that, immediate greylist. So, it is about helping them deal with forgeries and not much else. Many servers ignore or do not use it. From what I read, you should have it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > you'll be beaten to death by SPF fans. Isn't beating someone to death is too good for them in regards to spf fights? ;-> U actually, spf records can possibly just help the cause in general. There is no reason for people to get all bent outta shape in regards to SPF or DKIM or whatever. It is just another potentially helpful tool in a toolbox. Pick the tool up if you need or want to or do not if you don't. - rh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Bob Hoffman wrote: AFAIR yahoo only looks for proper SPF records and then looks at content so far. My users interact with them all the time. Out of curiosity: What happens if you don't have SPF records? Ralph Initially when I had to deal with sending to yahoo I would get a mix of mail dumping into the receivers spam box to downright rejections. Then it moved completely to rejections. I have exec's that send mail to all the big providers, usually to lawyers and lobbyists that are either too clueless or too cheap to have a better mail system. Aol and yahoo at the time just wanted SPF records and reverse DNS that resolves. Been reading about this stuff for hours. I gotta say that spf might be the thing to try first. It does not prove who you are, but it is supposed to make the big mail companies feel warm and fuzzy to know you are trying to prove you 'are you'. prove what? if the machine with an rDNS of bobhoffman.com sends mail from <[EMAIL PROTECTED]>, and is the MX of this domain, would anybody think this is a forgery? SO I will do that first (especially since it does not require any installation stuff) On a side note...just got the RHEL annoucement. Huge kernel patch coming...woof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Ralph Angenendt wrote: Scott Silva wrote: AFAIR yahoo only looks for proper SPF records and then looks at content so far. My users interact with them all the time. Out of curiosity: What happens if you don't have SPF records? you'll be beaten to death by SPF fans. other than that, nothing. I will put SPF records when outblaze does! $ host -t txt mail.com mail.com has no TXT record and since we're talking about yahoo: $ host -t txt yahoo.com yahoo.com has no TXT record Besides, in the OP case, SPF will change nothing for mail getting out of his server, since his sender domain matches his client domain (this is what gmail calls "guessed SPF"), and in addition, his client is the MX of his domain, so he is not going to forge his own domain on his own server. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> >> AFAIR yahoo only looks for proper SPF records and then looks at > >> content so far. My users interact with them all the time. > > > > Out of curiosity: What happens if you don't have SPF records? > > > > Ralph > Initially when I had to deal with sending to yahoo I would > get a mix of mail dumping into the receivers spam box to > downright rejections. Then it moved completely to rejections. > I have exec's that send mail to all the big providers, > usually to lawyers and lobbyists that are either too clueless > or too cheap to have a better mail system. Aol and yahoo at > the time just wanted SPF records and reverse DNS that resolves. > Been reading about this stuff for hours. I gotta say that spf might be the thing to try first. It does not prove who you are, but it is supposed to make the big mail companies feel warm and fuzzy to know you are trying to prove you 'are you'. SO I will do that first (especially since it does not require any installation stuff) On a side note...just got the RHEL annoucement. Huge kernel patch coming...woof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: DKIM
Scott Silva wrote: > AFAIR yahoo only looks for proper SPF records and then looks at content > so far. My users interact with them all the time. Out of curiosity: What happens if you don't have SPF records? Ralph pgpG3d5Y7sflS.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Re: DKIM
> > > > No, I do not want to install postfix, thank you - /ninja'd ya > AFAIR yahoo only looks for proper SPF records and then looks > at content so far. My users interact with them all the time. Good enough to go on. To start. I will pound out some spf's for the dns and see if it does anything. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
