Re: [mailop] Post-processing Journal-Mails coming from O365, forwardedMail
Von: Matthias Leisi via mailop Gesendet: Donnerstag 9 Juli 2020 00:27 An: mailop Betreff: Re: [mailop] Post-processing Journal-Mails coming from O365, forwardedMail there is a feature in O365 that forwards mails (in/out/both..) to an archive-mailbox for long-term archiving. We grab this mails via pop. However our available mail-readers (Thunderbird, Kopano) show the original mail as attachment. This is the „envelope wrapper“ format. It contains the _final_ recipient(s) of the email (eg after aliasing, distribution list expansion etc), and contains the original email - headers and body - unchanged. The advantage is that the archiving process does not need to do any of the logic Exchange does (no further LDAP lookups etc). I understand. Are there any command line unix tools, to split off, the original mail? This makes it very hard for handling/searching/reading of these mails. Are there any tools available to just have the attachment that is the real and original mail? These messages are typically read by an email archiving solution (mailpiler, mailarchiva, cryoserver, mailstore etc) for long-term storage, full-text search and other features. We already purchased an archiving software but unfortunately can not handle "envelope wrapper" format accordingly. Thank you. Stefan ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] boing - bounces going to the wrong place
Hey, I've got a situation where Microsoft Office 365 email for a customer's domain is sending me a bounce (NDR) back. This is expected, the address in question is indeed now dead and user unknown seems like a perfectly reasonable response. However, the bounce is being sent to the reply-to address and not the return-path address. I vaguely recall this being an issue once upon a time in the olden days. Anybody know of any way to address this? The errors-to header no longer seems to be a thing. I know how to add headers to try to suppress OOO replies and other fun stuff, but I'm stumped by this one. Any suggestions? Thanks, Al Iverson -- Al Iverson // Wombatmail // Chicago Song a day! https://www.wombatmail.com Deliverability! https://spamresource.com And DNS Tools too! https://xnnd.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Post-processing Journal-Mails coming from O365, forwardedMail
> there is a feature in O365 that forwards mails (in/out/both..) to an > archive-mailbox for long-term archiving. > > We grab this mails via pop. However our available mail-readers (Thunderbird, > Kopano) show the original mail as attachment. > This is the „envelope wrapper“ format. It contains the _final_ recipient(s) of the email (eg after aliasing, distribution list expansion etc), and contains the original email - headers and body - unchanged. The advantage is that the archiving process does not need to do any of the logic Exchange does (no further LDAP lookups etc). > This makes it very hard for handling/searching/reading of these mails. > > Are there any tools available to just have the attachment that is the real > and original mail? > These messages are typically read by an email archiving solution (mailpiler, mailarchiva, cryoserver, mailstore etc) for long-term storage, full-text search and other features. — Matthias -- Matthias Leisi Katzenrütistrasse 68, 8153 Rümlang Mobile +41 79 377 04 43 matth...@leisi.net Skype matthias.leisi ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Recipient verification / MS365 inconsistent?
For some of our clients who use MS365, we noticed that recipient verification _sometimes_ fails (actually, it fails more than it succeeds). What I mean by „fail“ (lightly edited for privacy reasons): > > (EHLO and STARTTLS ...) > < 220 2.0.0 SMTP server ready > > EHLO (ourserver) > < 250 DB5EUR01FT011.mail.protection.outlook.com Hello [91.208.173.165] > > MAIL FROM: > > RCPT TO: <(random non-existing email address)@(customer)> > > DATA > > [..] > > . > < 250 2.6.0 <159424516309.19130.7744779654254529...@quar04.cleanmail.ch> > [InternalId=15603616188757, Hostname=DB7PR03MB3804.eurprd03.prod.outlook.com] > 9393 bytes in 0.135, 67.925 KB/sec Queued mail for delivery This obviously produces a bounce later on. By „succeed“, I would expect a 5xx response after the RCPT TO, which happens in maybe 1 in 10 cases, but we have not found a real pattern. According to docs, verification of RCPT TO should be enabled by setting the domain as „authoritative“ on MS365 (this setting has been confirmed). Delivery to existing accounts works as expected. Anybody else noticed this behaviour? — Matthias -- Matthias Leisi Katzenrütistrasse 68, 8153 Rümlang Mobile +41 79 377 04 43 matth...@leisi.net Skype matthias.leisi ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
On Wed, Jul 8, 2020 at 6:31 AM Vittorio Bertola via mailop < mailop@mailop.org> wrote: > > Il 08/07/2020 10:57 Laura Atkins via mailop ha > scritto: > > > > > On 7 Jul 2020, at 23:35, Brandon Long via mailop > wrote: > > And I think this discussion is underestimating the number of users already > being tracked at the DNS level by their ISPs. > I know I may be odd here working for one of the big players, but I trust > the privacy policies and statements of some of the "large centralized" > providers you > mention over my telco. > > > I expect that most of the telcos are unlikely to have any instrumentation > for tracking users beyond what is needed to ensure the service works. The > companies that are offering DoH as a service and have gone so far as to > talk about what they’re doing with the data likely have a lot more > instrumentation and the ability to track users than the telcos do. > > Also, the legal framework of the DNS provider may be different from that > of the ISP. A telco in the European Union is heavily regulated and sits > under a very strict privacy protection regime; its customers have a > contract with it, a direct communication channel and several practical ways > to enforce their data protection rights. On the other hand, the DNS > provider often is in a different part of the globe, under much less > restrictive privacy laws, with no customer support and no contract with the > end user; this indeed gives them more opportunities for uncontrolled abuse. > > Moreover, while the ISP's service is paid for by your Internet access > fees, it is often hard to understand what's the business model for global > DNS service, or why a business is spending significant amounts of money to > provide DNS resolution on a global scale for free, if they will never > monetize the data in any way. Even if it were just goodwill, it does not > seem wise to base the functioning of a vital part of any Internet access > service globally on the goodwill of a handful of companies. > In the US, most of the major ISPs are telcos or cable companies, and they do not have a great reputation for privacy, but for finding every possible way to monetize their audience. In the EU, that may well be different. And just being heavily regulated (they are in the US as well) doesn't mean that this is not allowed. Switching everyone like Mozilla plans is definitely aggressive, and sure, their primary provider has a history. I didn't find the one that Laura mentioned with some searching, but I'm aware of other issues that they've had with forwarding abuse complaints to the provider, for example. That kind of goes to my point, though, it's not DOH that is the real problem here, it's the choice to bulk move their users to a new provider. Brandon ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
> Il 08/07/2020 10:57 Laura Atkins via mailop ha > scritto: > > > > > > > > On 7 Jul 2020, at 23:35, Brandon Long via mailop > mailto:mailop@mailop.org > wrote: > > > > And I think this discussion is underestimating the number of users > > already being tracked at the DNS level by their ISPs. > > I know I may be odd here working for one of the big players, but I > > trust the privacy policies and statements of some of the "large > > centralized" providers you > > mention over my telco. > > > > > > I expect that most of the telcos are unlikely to have any instrumentation > for tracking users beyond what is needed to ensure the service works. The > companies that are offering DoH as a service and have gone so far as to talk > about what they’re doing with the data likely have a lot more instrumentation > and the ability to track users than the telcos do. > Also, the legal framework of the DNS provider may be different from that of the ISP. A telco in the European Union is heavily regulated and sits under a very strict privacy protection regime; its customers have a contract with it, a direct communication channel and several practical ways to enforce their data protection rights. On the other hand, the DNS provider often is in a different part of the globe, under much less restrictive privacy laws, with no customer support and no contract with the end user; this indeed gives them more opportunities for uncontrolled abuse. Moreover, while the ISP's service is paid for by your Internet access fees, it is often hard to understand what's the business model for global DNS service, or why a business is spending significant amounts of money to provide DNS resolution on a global scale for free, if they will never monetize the data in any way. Even if it were just goodwill, it does not seem wise to base the functioning of a vital part of any Internet access service globally on the goodwill of a handful of companies. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bert...@open-xchange.com mailto:vittorio.bert...@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
> On 7 Jul 2020, at 23:35, Brandon Long via mailop wrote: > > There seems to be a lot of mixing of the technical DOH vs the Mozilla > implementation (push everyone to > use certified providers). Ie, Chrome is defaulting to using DOH for the same > DNS provider you're already using (if they support it), which > doesn't seem like it makes much difference from the policy/privacy discussion > here. > > Of course, Chrome also probably supports the enterprise policies to set DOH > as well (though I haven't looked). > > And, especially for mobile clients, DOH means that DNS queries for Chrome > will go through the same corp proxies you're already > using, instead of leaking internal web requests to external dns providers. > Mozilla is likely the same there. > > And I think this discussion is underestimating the number of users already > being tracked at the DNS level by their ISPs. > I know I may be odd here working for one of the big players, but I trust the > privacy policies and statements of some of the "large centralized" providers > you > mention over my telco. I expect that most of the telcos are unlikely to have any instrumentation for tracking users beyond what is needed to ensure the service works. The companies that are offering DoH as a service and have gone so far as to talk about what they’re doing with the data likely have a lot more instrumentation and the ability to track users than the telcos do. At least one of the major players in the DoH space has already helped doxx women online. As a woman who has been stalked online repeatedly simply for existing and having opinions that some men disagree with, this is a serious issue that isn’t mentioned nearly enough when we’re talking about privacy. Said provider has a lot of other dodgy behavior to atone for as well. That’s just the obvious - they gave a woman’s personal away when she reported online abuse and she was chased out of her home. They’re still supporting a policy of doxxing people who complain about abuse online. This isn’t the only problem with said provider by any means, but believing that the providers who have instrumentation to track who you are by DNS are somehow much better than telcos is fantastical thinking I just don’t understand. Yeah, my telco can have the data long before I’ll give That Provider anything. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop