Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Thu 26 Nov 2020 at 09:34:25 (+), Joe wrote: > On Wed, 25 Nov 2020 21:57:10 -0600 David Wright wrote: > > > Perhaps the problem is similar to the one I had with this list > > (hence the change I made above). What happened was that my posts' > > Envelope-from (set to the same as my From address above) was being > > changed by my mail hosting service to an address on their outgoing > > mail gateway. AIUI Debian immediately tries to establish an email > > connection to that address on port 25 to verify it exists, but the > > outgoing gateway apparently is not an incoming mail receiver, and > > is not listening on port 25. So Debian rejects the post. > > > There should/need be no Envelope-From header in an email as sent, it is > inserted by the receiving SMTP server as a copy of the sending address > as used in the SMTP transaction, something which is not a sent header > and that would not otherwise be available to the end recipient. When you say "no Envelope-From header", I guess your asking me to make it clearer in my post that I'm not discussing the email headers at all, but only the envelope. However, in order to find out what the Envelope-from of an email was, you have to examine the headers for clues. Exim uses the term Envelope-from, as seen in your own posts, and I guess that the number of names "it" has been given reflects the uses to which it's put. The wiki page lists: return path, reverse path, envelope from, envelope sender, MAIL FROM, 5321-FROM, return address, From_, Errors-to, etc [sic], and the page's own name: Bounce address. The page continues: "It is not uncommon for a single document to use several of these names. All of these names refer to the email address provided with the MAIL FROM command during the SMTP session. Ordinarily, the bounce address is not seen by email users and, without standardization of the name, it may cause confusion." > An SMTP sending server does not need to also receive email. Large > businesses often use separate servers for send and receive, and often > contract out one or both functions to different companies e.g. mass > mailers and spam cleaning services. It should not be assumed that the > MX record for a domain matches its sending address. Yes, that's the case here. AFAICT there are three hosts involved in providing my service: an outgoing, an incoming, and the one hosting my IMAP and SMTP servers. (There may be others involved in, say, scanning that I don't know about.) > What Debian's mail server might well do is to look up the sending > server's HELO/EHLO, sending address and IP address in public DNS, and > refuse or delay emails with missing or incorrect records. Exim4 by > default has rules (thought not enabled by default) for checking these > things with a view to refusing transactions with spammers. Yes, some of that information may be difficult to control oneself (I think you also said that), and it's not always clear exactly how it was used (ie which bits did they look up, and where) in order to accept or reject it. AFAICT, in my case, Debian couldn't get a satisfactory response to its RCPT TO command to what you've termed the "sending address" (which is what I've been calling the Envelope-from). I don't have any idea why the Envelope-from that I set should be changed to something else in the transfer to bendel.debian.org, so that's something for me to research when I have the time and inclination. Debian-user is the only address where I have this problem with submission. Contemporaneous postings to a gnu.org list show no change in Envelope-from in the equivalent transfer from my gateway to eggs.gnu.org, the list's incoming host, nor even next transfer to lists.gnu.org, the list processor itself. What's really difficult to tell is whether there's something in the responses from Debian-user that's causing the change at my gateway. For example, there may be some unseen exchanges between the two ends in connection with greylisting. Cheers, David.
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Thu 26 Nov 2020 at 08:52:30 (+), mick crane wrote: > On 2020-11-26 03:57, David Wright wrote: > > > What sort of rejections and/or bounces have you had? > > It showed up that mails to getmail list that uses Exim were refused as > unsubscribed whereas before was OK. I take it that was late last year when your Envelope-from appears to have changed. > I "think" I then subscribed with noctiluc...@sky.com which worked for > a bit but then from list to me bounced. Is noctiluc...@sky.com an email address that you can/do use, or is it just an account with Sky? > "Remote host said: 554 5.7.9 Message not accepted for policy reasons" Was that response from a List → you-at-Sky message? If so, shouldn't you ask Sky, particular if you have had success before with sending to this address (as you wrote "worked for a bit"). > using Sky/Yahoo SMTP it seems to add "Return-Path:" as being > noctiluc...@sky.com. That should indicate that you used noctiluc...@sky.com as your Envelope-from. Was this a concious decision, or did you just find it to be so? That setting might be obligatory when using their SMTP server. (For example, it is with my ISP's.) > Then subscribed to getmail list "from" gmail and other hosted domain > address > and welcomed as subscribed as "noctiluc...@sky.com". I don't know what any of these organisations use to determine the "subscribed address". Rather than subscribing by sending an email (which might contain other, confusing addresses) you can usually find a web page with a subscription box. Typically, the list then sends an email to the address you typed, as a challenge for you to respond to, proving that the address is correct and the subscription desired. If you ignore it, then the subscription gets cancelled and you can have another go. > I only know enough about this stuff to get it working and then > promptly forget. Yeah—that's not usually a recipe for success. > Unsure of the etiquette of using other SMTP servers. Obviously for you to be able to use some random SMTP server, you'd need some sort of credentials for authorisation/authentication, as well as being able to connect to the appropriate ports through your ISP (which is not guaranteed). If you've logged into some webmail system to read your emails, it's likely that they use those login credentials to allow you to send as well (subject to their T). > This is all using local, not the newest, roundcube for reading/sending. I've not used roundcube. I take it that "using local" means that you've got something like apache running on your own machine (rather than using a web service provided by some website). In which case, you've probably had to set up some hostnames, ports, and credentials for your ISP's POP and SMTP servers. I don't know whether any of this helps with whatever problems you've been having. Cheers, David.
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Wed, 25 Nov 2020 21:57:10 -0600 David Wright wrote: > Perhaps the problem is similar to the one I had with this list > (hence the change I made above). What happened was that my posts' > Envelope-from (set to the same as my From address above) was being > changed by my mail hosting service to an address on their outgoing > mail gateway. AIUI Debian immediately tries to establish an email > connection to that address on port 25 to verify it exists, but the > outgoing gateway apparently is not an incoming mail receiver, and > is not listening on port 25. So Debian rejects the post. > There should/need be no Envelope-From header in an email as sent, it is inserted by the receiving SMTP server as a copy of the sending address as used in the SMTP transaction, something which is not a sent header and that would not otherwise be available to the end recipient. An SMTP sending server does not need to also receive email. Large businesses often use separate servers for send and receive, and often contract out one or both functions to different companies e.g. mass mailers and spam cleaning services. It should not be assumed that the MX record for a domain matches its sending address. What Debian's mail server might well do is to look up the sending server's HELO/EHLO, sending address and IP address in public DNS, and refuse or delay emails with missing or incorrect records. Exim4 by default has rules (thought not enabled by default) for checking these things with a view to refusing transactions with spammers. -- Joe
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On 2020-11-26 03:57, David Wright wrote: What sort of rejections and/or bounces have you had? It showed up that mails to getmail list that uses Exim were refused as unsubscribed whereas before was OK. I "think" I then subscribed with noctiluc...@sky.com which worked for a bit but then from list to me bounced. "Remote host said: 554 5.7.9 Message not accepted for policy reasons" using Sky/Yahoo SMTP it seems to add "Return-Path:" as being noctiluc...@sky.com. Then subscribed to getmail list "from" gmail and other hosted domain address and welcomed as subscribed as "noctiluc...@sky.com". I only know enough about this stuff to get it working and then promptly forget. Unsure of the etiquette of using other SMTP servers. This is all using local, not the newest, roundcube for reading/sending. cheers mick -- Key ID4BFEBB31
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Wed 25 Nov 2020 at 00:08:27 (+), mick crane wrote: > On 2020-11-23 12:19, Andrei POPESCU wrote: > > On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote: > > > I was interested to read that Flo, the OP, uses separate mail > > > collection, sendmail and thunderbird. Some of the replies sound like > > > this is a common practice. > > > > > > What are the advantages of this set of processes over letting tbird do > > > it all? - or any other client for that matter? > > > > It makes it easier to switch between different e-mail clients if the > > sending and/or receiving is handled externally, e.g. one might use a > > graphical e-mail client in general and a text mode client occasionally. > > > > Such a setup also typically uses standard locations for the storage (as > > opposed to e-mail client specific), which makes it easier to add more > > functionality (e.g. serve local e-mail via IMAP) or replace individual > > components. > > As I can make out if you try to do the useful stuff on your home network > like having Dovecot doing your mail it is really a bodge if you are > not advertising those services on the internet. Apart from any security considerations, you'd need to be running your server 24/7 if it's going to receive mail from random MTAs across the globe. We run our modem and routers 24/7 (and my old modem burnt out recently after 7 years) but I'm not prepared to run my old computers like that. > I am I suppose in the domain of Sky who provide my wired connection so > I use sky/yahoo SMTP server as part of service but they add to > outgoing email "Reply-Path" being my Sky user account in the headers > which seems to be confusing exim email lists and results in rejected > or bounced emails recently. We only see the accepted emails, of course, and I can see that you changed something late last year in the way you submit your posts. I'm not sure why that change would cause rejection or bounces. I had to make a similar change more recently. Submitting to my ISP now necessitates using an ISP account as the Envelope-from in order to authorise a submission (even though the connection has already been authenticated with the same ISP account *and* password). That works fine at home, though it's untested when travelling. > I'd like to sort it out to avoid that if I knew what they were doing. > I like things as they are when it is working and really, really don't > want to go the whole hog of advertising email services. I think it is > some relatively new thing where they are double authenticating or > something but ideally I don't know why SMTP server does just pass > message along and not add items to the header except they received it > and passed it along to the recipient. Perhaps the problem is similar to the one I had with this list (hence the change I made above). What happened was that my posts' Envelope-from (set to the same as my From address above) was being changed by my mail hosting service to an address on their outgoing mail gateway. AIUI Debian immediately tries to establish an email connection to that address on port 25 to verify it exists, but the outgoing gateway apparently is not an incoming mail receiver, and is not listening on port 25. So Debian rejects the post. Hence my change in mail submission for this list, from using my email hosting service to my ISP instead. What sort of rejections and/or bounces have you had? Cheers, David.
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Wed, 25 Nov 2020 00:08:27 + mick crane wrote: > On 2020-11-23 12:19, Andrei POPESCU wrote: > > On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote: > >> So does htis get a new subject in the list? > >> > >> Good afternon All > >> > >> I was interested to read that Flo, the OP, uses separate mail > >> collection, sendmail and thunderbird. Some of the replies sound > >> like this is a common practice. > >> > >> What are the advantages of this set of processes over letting > >> tbird do it all? - or any other client for that matter? > > > > It makes it easier to switch between different e-mail clients if the > > sending and/or receiving is handled externally, e.g. one might use a > > graphical e-mail client in general and a text mode client > > occasionally. > > > > Such a setup also typically uses standard locations for the storage > > (as opposed to e-mail client specific), which makes it easier to > > add more functionality (e.g. serve local e-mail via IMAP) or > > replace individual components. > > As I can make out if you try to do the useful stuff on your home > network like having Dovecot doing your mail it is really a bodge if > you are not advertising those services on the internet. As I've posted elsewhere, I run my own servers and don't open the email ports to the world (other than SMTP). I use ssh with port forwarding to reach email from outside, or occasionally OpenVPN. > I am I suppose in the domain of Sky who provide my wired connection > so I use sky/yahoo SMTP server as part of service but they add to > outgoing email "Reply-Path" being my Sky user account in the headers > which seems to be confusing exim email lists and results in rejected > or bounced emails recently. > I'd like to sort it out to avoid that if I knew what they were doing. > I like things as they are when it is working and really, really don't > want to go the whole hog of advertising email services. I think it is > some relatively new thing where they are double authenticating or > something but ideally I don't know why SMTP server does just pass > message along and not add items to the header except they received it > and passed it along to the recipient. As it happens outside your control, there's not a lot you can do about it other than hire an email service that is fairly professional i.e. not a domestic service whose primary client base is children (of all ages). A lot of domestic providers insist that you send using one of their email addresses, which doesn't suit everyone. I lease a few domains and I expect to use them for my email addresses. -- Joe
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On 2020-11-23 12:19, Andrei POPESCU wrote: On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote: So does htis get a new subject in the list? Good afternon All I was interested to read that Flo, the OP, uses separate mail collection, sendmail and thunderbird. Some of the replies sound like this is a common practice. What are the advantages of this set of processes over letting tbird do it all? - or any other client for that matter? It makes it easier to switch between different e-mail clients if the sending and/or receiving is handled externally, e.g. one might use a graphical e-mail client in general and a text mode client occasionally. Such a setup also typically uses standard locations for the storage (as opposed to e-mail client specific), which makes it easier to add more functionality (e.g. serve local e-mail via IMAP) or replace individual components. As I can make out if you try to do the useful stuff on your home network like having Dovecot doing your mail it is really a bodge if you are not advertising those services on the internet. I am I suppose in the domain of Sky who provide my wired connection so I use sky/yahoo SMTP server as part of service but they add to outgoing email "Reply-Path" being my Sky user account in the headers which seems to be confusing exim email lists and results in rejected or bounced emails recently. I'd like to sort it out to avoid that if I knew what they were doing. I like things as they are when it is working and really, really don't want to go the whole hog of advertising email services. I think it is some relatively new thing where they are double authenticating or something but ideally I don't know why SMTP server does just pass message along and not add items to the header except they received it and passed it along to the recipient. mick -- Key ID4BFEBB31
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
I use Fetchmail to fetch my mail every five minutes from Newsguy. This means that my mail is never on anyone else's server for more than a few minutes. Fetchmail hands it off to Exim which passes it through Mailagent and Spamassassin and then delivers it to my inbox. Outgoing mail is delivered to Newsguy by Exim running in smarthost mode (one of the menu choices when installing Exim). Mail to my domains is forwarded to Newsguy. I get most of the benefits of running my own email server without having to administer an Internet-facing server. I have full control of filtering and sorting, can use any MUA, and needn't have a connection up to read or send mail. Messages I compose while the link is down go out when it comes up. All my saved mail is right here on my machine where I can look through it at will but no one else can. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote: > So does htis get a new subject in the list? > > Good afternon All > > I was interested to read that Flo, the OP, uses separate mail > collection, sendmail and thunderbird. Some of the replies sound like > this is a common practice. > > What are the advantages of this set of processes over letting tbird do > it all? - or any other client for that matter? It makes it easier to switch between different e-mail clients if the sending and/or receiving is handled externally, e.g. one might use a graphical e-mail client in general and a text mode client occasionally. Such a setup also typically uses standard locations for the storage (as opposed to e-mail client specific), which makes it easier to add more functionality (e.g. serve local e-mail via IMAP) or replace individual components. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote: > So does htis get a new subject in the list? It would appear so. I guess you could also have removed the Re: from the subject line. > I was interested to read that Flo, the OP, uses separate mail > collection, sendmail and thunderbird. Some of the replies sound like > this is a common practice. > > What are the advantages of this set of processes over letting tbird do > it all? - or any other client for that matter? Disadvantages of using your email client to send might include: . sending is relatively instant as the client is dispatching it to the same machine, not the remote smarthost, . exim will retry sending if your smarthost is busy/unavailable, . it keeps logs, . it send emails on behalf of other processes, like cron jobs, where your client is not involved. I don't collect emails in Flo's sense, as I use IMAP rather than POP. So my INBOX is merely mutt's cache of individual emails, rather than a live mailfile. The actual server is somewhere around Manchester/Stockport. > Would it save me from my fairly regular 'can't find profile' errors? I don't use TB, which is where I assume you're getting those from. Cheers, David.
Why use an email client AND sendmail/popa3d - Does this avoid the hijack?
So does htis get a new subject in the list? Good afternon All I was interested to read that Flo, the OP, uses separate mail collection, sendmail and thunderbird. Some of the replies sound like this is a common practice. What are the advantages of this set of processes over letting tbird do it all? - or any other client for that matter? Would it save me from my fairly regular 'can't find profile' errors? Original post: Subject: Problem with /var/mail file > 2GB with pop3 Resent-Date:Thu, 19 Nov 2020 21:52:35 + (UTC) Resent-From:debian-user@lists.debian.org Date: Thu, 19 Nov 2020 22:42:53 +0100 From: Flo To: debian-user@lists.debian.org I am using Debian Buster, Thunderbird, Sendmail and popa3d to get emails. The mail files for each account are stored at /var/mail. No it has come to that point that such a file exceeded 2GB. And 'Get Messages' doesn't work anymore. Does anyone know about this issue? Any hints to solve it? I could try a different pop3 server? Any help is appreciated. Thanks, Flo -- Keith Bainbridge ke1thozgro...@gmx.com