Re: [mailop] Opinions? Email Abuse over TOR Network? (spamtraps)
On Tue, 18 Feb 2020, Matt Palmer via mailop wrote: great, but it's an unfortunate side-effect of providing anonymity. Frankly, if you were feeling up to the job of scripting it, pre-emptively putting all Tor exit nodes which allow connections to port 25 in your RBL would not be a bad idea (exit nodes and their exit policies are publicly available, so you could scrape the list and maintain RBL entries based on it). Asking tcp/25 only might be more complex, but there's a starting point: https://www.dan.me.uk/dnsbl ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] ADMIN: Mailop in 2020
* Graeme Fowler via mailop : > On 12 Feb 2020, at 16:39, I wrote: > > Step 2 is about to happen: I’m about to change the registered nameservers > > for the domain. > > When I wrote "about to happen" I did not factor in some really strange > behaviour from OpenSRS, which we've now managed to get round. > > The domain's nameservers have now been changed, and we'll be making some > other changes as time allows over the next few days. The first and most > significant change is that the domain's zone will be fully DNSSEC enabled. We passed that milestone today: $ dig +dnssec SOA mailop.org ; <<>> DiG 9.14.10 <<>> +dnssec SOA mailop.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47663 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;mailop.org.IN SOA ;; ANSWER SECTION: mailop.org. 3600IN SOA mailop.org. hostmaster.mailop.org. 69 7200 600 1209600 1800 mailop.org. 3600IN RRSIG SOA 13 2 3600 20200319151453 20200218141453 12161 mailop.org. sdHPO+Xug6Vgrmv96Bfx5Lhx1biPlFJ25KOgTXAIPh3zSF/U5BKMsWV9 eCJJO9D2naERvnmlGJ5yu/qmhhBeTw== ;; Query time: 4836 msec ;; SERVER: 172.16.128.1#53(172.16.128.1) ;; WHEN: Di Feb 18 16:25:30 CET 2020 ;; MSG SIZE rcvd: 192 Next stop: mailman 3 incl. ARC support. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
On 18/02/2020 09:37, Paul Smith via mailop wrote: > From past experience of technical mailing lists changing to forums, > I'd expect participation in a forum to drop dramatically. Mailing list > messages get pushed to members, forums require you to go and look. > Even if new posted messages are emailed to members, then it still > requires the member to click on a link, login etc before replying. > From experience, fewer people will do that. I was in a very active > mailing list with multiple messages daily. It changed to a forum a > couple of years ago. Now, it's unusual for there to be as many as one > message a month. This. This works as a mail list. Let's not fix what ain't broke. -- Mark Rousell ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
On 17 Feb 2020, at 19:03, Scott Mutter via mailop wrote: > Regarding the suggestion for "content/questions/answers/links to put on the > website" - have you ever considered making this mailing list into a forum? If we as a community can’t make use of a mailing list to sort out interoperability problems, then as a community we have failed :) Graeme ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
I definitely agree with this, I go through my email, but hardly ever log on to forums, its just too much of a pita. Forms are useful, but mailing lists are better unless you get replies to replies ... too to many levels. On Tue, 18 Feb 2020 05:00:24 -0500, Bjoern Franke via mailop wrote: > > > > > From past experience of technical mailing lists changing to forums, I'd > > expect participation in a forum to drop dramatically. Mailing list > > messages get pushed to members, forums require you to go and look. Even > > if new posted messages are emailed to members, then it still requires > > the member to click on a link, login etc before replying. From > > experience, fewer people will do that. I was in a very active mailing > > list with multiple messages daily. It changed to a forum a couple of > > years ago. Now, it's unusual for there to be as many as one message a month. > > This is the same experience I had with a community which tried to switch > to a Discourse forum. Discourse is even capable of sending mails with > List-ID / References in the header, but still has some issues. > > And mailinglist mails can be read even by a client on a mobile phone and > have only SMTP/IMAP traffic and no overhead for loading several stuff > from CDNs etc. > > Regards > Bjoern > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici wb2una cov...@ccs.covici.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
> > Google Groups ;) > Until Google refuses again to accept your mail ;) ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
Dnia 18.02.2020 o godz. 09:37:07 Paul Smith via mailop pisze: > > If you can find a system which allows forum replies to be sent by > email (basically a forum and mailing list in parallel), then that > works OK, but they're not that common AFAIAA. Google Groups ;) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Recipe vs fake From: header?
On 18/02/2020 09:47, Andrew C Aitchison via mailop wrote: I thought DKIM was supposed to flag such messages; do these phishing emails satisfy DKIM ? DKIM checks that the message matches the DKIM signature - ie that it hasn't been modified since sending. That's it. So, for instance, your message has this DKIM signature DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aitchison.me.uk; s=mythic-beasts-k1; h=Subject:To:From:Date; bh=c8HNHZV6ldDX0jjiGqekUv0kzjSL24pv2r0BoCkgGgk=; b=bjif8/qAk7FQ1MftQ89Fdbp9ej SySu0EglcpImChNAvp0fwZBuiuMh4PKtVq4FG66kz7w7yag/eNk72Y7WmmTbecY0uE6gsEagdqBof eeY7je/ZWixIh8zXaW3UAOe3+ZoSWGczcH0UZ5o+F2SrSeZjkbKZ4AUie2DD/+wH3t6F9FV1JYEmD RreDzx37oyMn/UDoA9dVqXaA06iMigM2h2JVyOSCTx9Q0yl3z7zVS8diAR1ANOs3kxRR+ce3PfxBo dHwdGscn19aiWf1V55LGxCXHPCD9K6bH0KTfTr09uT2/7Kb2L2femWwy6nop0MzjicM74v3S9Oxve 00OyLyYg==; The recipient gets the DKIM public key at 'mythic-beasts-k1._domainkey.aitchison.me.uk' (calculated from the 's' and 'd' values in the DKIM-Signature line) and checks the message's signature matches that If the DKIM signature had a different 'd=..' value, then the public key could be retrieved from anywhere - it doesn't have to relate to the FROM header's domain at all. So, I could send a message with your email address in the From field, with the DKIM-Signature being DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=pscs.co.uk; s=some-gibberish; h=. and it would pass the DKIM check. DMARC requires the DKIM 'd' domain value (or the SPF Mail-From domain) to relate to the FROM message header. So, DMARC is what you need (along with DKIM and SPF, to give DMARC something to work with) -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
> > From past experience of technical mailing lists changing to forums, I'd > expect participation in a forum to drop dramatically. Mailing list > messages get pushed to members, forums require you to go and look. Even > if new posted messages are emailed to members, then it still requires > the member to click on a link, login etc before replying. From > experience, fewer people will do that. I was in a very active mailing > list with multiple messages daily. It changed to a forum a couple of > years ago. Now, it's unusual for there to be as many as one message a month. This is the same experience I had with a community which tried to switch to a Discourse forum. Discourse is even capable of sending mails with List-ID / References in the header, but still has some issues. And mailinglist mails can be read even by a client on a mobile phone and have only SMTP/IMAP traffic and no overhead for loading several stuff from CDNs etc. Regards Bjoern ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Recipe vs fake From: header?
I thought DKIM was supposed to flag such messages; do these phishing emails satisfy DKIM ? On Tue, 18 Feb 2020, Benoit Panizzon via mailop wrote: Hi List Lately, our customers are getting an increased amount of phishing emails, or emails containing malware with legit looking From: headers from either banks, or even from our own customer support. SPF would block the From email addresses if also used as envelope sender. But the, from the customers perspective 'hidden' envelope sender is different and does match SPF. So we get complaints why we let such emails with faked From: header through our content filter. As we use MIMEDefang as filter, we can easily match From and envelope sender and do something with it, like increasing spam score. But: * A lots of ESP sending Newsletters, have different From and Envelope Sender to manage bounces. * Mailinglists use different From headers. * SRS So another thought was to append the String 'Possible fake sender' to the From: Header string. But also this would match an awful lot of legitimate newsletters and possibly break DKIM signatures. Has anyone come up with a clever recipe for this issue? Mit freundlichen Grüssen -Benoît Panizzon-___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Suggestions for mailops.org website - forum?
On 17/02/2020 19:03, Scott Mutter via mailop wrote: Regarding the suggestion for "content/questions/answers/links to put on the website" - have you ever considered making this mailing list into a forum? I just like discussion forums a lot better than I do discussion mailing lists. In my opinion, it's easier to contribute within a forum environment than it is within a mailing list environment. From past experience of technical mailing lists changing to forums, I'd expect participation in a forum to drop dramatically. Mailing list messages get pushed to members, forums require you to go and look. Even if new posted messages are emailed to members, then it still requires the member to click on a link, login etc before replying. From experience, fewer people will do that. I was in a very active mailing list with multiple messages daily. It changed to a forum a couple of years ago. Now, it's unusual for there to be as many as one message a month. If you can find a system which allows forum replies to be sent by email (basically a forum and mailing list in parallel), then that works OK, but they're not that common AFAIAA. -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Recipe vs fake From: header?
On 18/02/2020 09:03, Benoit Panizzon via mailop wrote: SPF would block the From email addresses if also used as envelope sender. But the, from the customers perspective 'hidden' envelope sender is different and does match SPF. Has anyone come up with a clever recipe for this issue? This is one thing that DMARC is intended to solve. DMARC checks the header 'From' address matches either the DKIM signature domain or the SPF domain. -- Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53 Sign up for news & updates at http://www.pscs.co.uk/go/subscribe ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Recipe vs fake From: header?
Hi List Lately, our customers are getting an increased amount of phishing emails, or emails containing malware with legit looking From: headers from either banks, or even from our own customer support. SPF would block the From email addresses if also used as envelope sender. But the, from the customers perspective 'hidden' envelope sender is different and does match SPF. So we get complaints why we let such emails with faked From: header through our content filter. As we use MIMEDefang as filter, we can easily match From and envelope sender and do something with it, like increasing spam score. But: * A lots of ESP sending Newsletters, have different From and Envelope Sender to manage bounces. * Mailinglists use different From headers. * SRS So another thought was to append the String 'Possible fake sender' to the From: Header string. But also this would match an awful lot of legitimate newsletters and possibly break DKIM signatures. Has anyone come up with a clever recipe for this issue? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop