Re: [mailop] DMARC processing

[Jesse Thompson via mailop]

On Tue, Dec 19, 2023, at 7:20 PM, Tara Natanson via mailop wrote:
> On Tue, Dec 19, 2023 at 3:29 PM Eduardo Diaz Comellas via mailop 
>  wrote:
>> Hi all,
>> 
>> Thanks all for the suggestions.  I will give a try to some of them to 
>> see if they are a good fit for our usage case.
>> 
>> We handle around 300 domains, most of them with 5-10 mailboxes... so the 
>> volume of reports can get pretty wild.
> 
> I've been working to bring my corporate domains into compliance over the last 
> few years.  We used both Valimail and Dmarcian.  I'd say, if you're managing 
> A LOT of domains it is totally worth paying a service to help with the 
> parsing.  The dashboards and ability to drill down into things is VERY 
> USEFUL. They help you parse out which sources are likely forwards and spoofs 
> etc. so you can focus on the sources of legitimate mail and work to bring 
> them into compliance.  They can also help you come up with a strategy for how 
> to attack the problem.  It is not small, and as you dig it just gets bigger. 

+1
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Tara Natanson via mailop]

On Tue, Dec 19, 2023 at 3:29 PM Eduardo Diaz Comellas via mailop <
mailop@mailop.org> wrote:

> Hi all,
>
> Thanks all for the suggestions.  I will give a try to some of them to
> see if they are a good fit for our usage case.
>
> We handle around 300 domains, most of them with 5-10 mailboxes... so the
> volume of reports can get pretty wild.
>
>
I've been working to bring my corporate domains into compliance over the
last few years.  We used both Valimail and Dmarcian.  I'd say, if you're
managing A LOT of domains it is totally worth paying a service to help with
the parsing.  The dashboards and ability to drill down into things is VERY
USEFUL. They help you parse out which sources are likely forwards and
spoofs etc. so you can focus on the sources of legitimate mail and work to
bring them into compliance.  They can also help you come up with a strategy
for how to attack the problem.  It is not small, and as you dig it just
gets bigger.

Tara Natanson
Constant Contact


> Best regards.
>
> El 19/12/23 a las 18:16, Slavko via mailop escribió:
> > Dňa 19. decembra 2023 15:29:43 UTC používateľ Mark Alley via mailop <
> mailop@mailop.org> napísal:
> >> Is that on Github somewhere? I'd be glad to add it to the list.
> > Thanks, but no, it is not published (officially).
> >
> > But if someone (small/personal/family domains) is interested,
> > i can share it.
> >
> > regards
> >
> >
> --
> Eduardo Díaz Comellas
> Ultreia Comunicaciones, S.L.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft rejecting their own headers

[Randolf Richardson, Postmaster via mailop]

I wouldn't want to see their breakfast! ;)

> Maybe they have just started eating their own dog food V2.0 at MS? ;->
> 
> SCNR.
> 
> Best,
> 
> -C.
> 
> > Am 15.12.2023 um 11:37 schrieb Laurent S. via mailop :
> > 
> > It seems Microsoft made very recently a change. Since then, we get a 
> > whole bunch of reject with this message:
> > 
> >> 554 5.6.211 Invalid MIME Content: Single text value size (32820) 
> > exceeded allowed maximum (32768) for the 
> > 'X-Microsoft-Antispam-Message-Info-Original' header.
> > 
> > The company I work for does some e-mail handling where our clients would 
> > keep their MX at microsoft and route some inbound mails through our 
> > infra by connectors.
> > 
> > What is stupid is that the header that causes the reject upon reinject 
> > is written BY THEM! How about not writing such crazily long report on a 
> > single header?
> > 
> > We are now implementing a reject on the same header length for this 
> > service, but I suppose our customer will realize soon that they are 
> > missing some mails and will, as usual, put the blame on us instead of 
> > microsoft.
> > 
> > Regards,
> > Laurent
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ECDSA DKIM validation?

[Gellner, Oliver via mailop]

> On 19.12.2023 at 12:19 Alessandro Vesely via mailop wrote:
>
> On Tue 19/Dec/2023 09:21:55 +0100 Taavi Eomäe wrote:
>> Considering how Gmail and quite a few widespread DKIM implementations still 
>> don't support EdDSA DKIM, I wouldn't get my hopes too high.
>
>
> Won't any Google insider shred some lite on why a generally technically sound 
> company lags like that?

I‘m not an insider but I could imagine that DKIM signatures which use EdDSA and 
ECDSA are solutions to a problem that has not yet been discovered.
2048 bit RSA keys are small *enough* and fast *enough*. As long as they can be 
considered secure it’s a waste of resources to run a dual DKIM setup for years 
or possibly decades.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Eduardo Diaz Comellas via mailop]

Hi all,

Thanks all for the suggestions.  I will give a try to some of them to 
see if they are a good fit for our usage case.


We handle around 300 domains, most of them with 5-10 mailboxes... so the 
volume of reports can get pretty wild.


Best regards.

El 19/12/23 a las 18:16, Slavko via mailop escribió:

Dňa 19. decembra 2023 15:29:43 UTC používateľ Mark Alley via mailop 
 napísal:

Is that on Github somewhere? I'd be glad to add it to the list.

Thanks, but no, it is not published (officially).

But if someone (small/personal/family domains) is interested,
i can share it.

regards



--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP smuggling

[Marco Moock via mailop]

Am 19.12.2023 um 17:20:20 Uhr schrieb Slavko via mailop:

> Please, understand i properly, that it is no vulnerabiliy in SMTP
> itself, but in (some) implementations/servers only?

According to the stuff I read, sendmail and Postfix (and more) are
affected, for sendmail a patched version exists and the behavior can be
controlled in accessdb for specific hosts if needed.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP smuggling

[ml+mailop--- via mailop]

On Tue, Dec 19, 2023, Slavko via mailop wrote:

> Please, understand i properly, that it is no vulnerabiliy in SMTP itself,
> but in (some) implementations/servers only?

The RFC is very precise about line endings and "end of message".
Some (legacy) MTAs try to be "nice" and accept other line endings
which can be abused in certain situations.

-- 
Please don't Cc: me, use only the list for replies, even if the
mailing list software screws up the Reply-To header.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP smuggling

[Slavko via mailop]

Dňa 19. decembra 2023 12:31:11 UTC používateľ Mark Alley via mailop 
 napísal:
>Hey all, recently saw this mail server SMTP vulnerability that popped up on
>a blog yesterday. Sharing here for those interested.

Please, understand i properly, that it is no vulnerabiliy in SMTP itself,
but in (some) implementations/servers only?

thanks


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Slavko via mailop]

Dňa 19. decembra 2023 15:29:43 UTC používateľ Mark Alley via mailop 
 napísal:
>Is that on Github somewhere? I'd be glad to add it to the list.

Thanks, but no, it is not published (officially).

But if someone (small/personal/family domains) is interested,
i can share it.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Bernardo Reino via mailop]

On Tue, 19 Dec 2023, Eduardo Diaz Comellas via mailop wrote:

I'm starting to deploy DMARC records in all our managed domains, but we don't 
have any specific tool to parse and extract meaningful information from the 
reports.


Do you have any recomendations?


I process such reports using a shell script which unpacks, etc. the received 
e-mail/attachment and uses dmarc-cat (https://github.com/keltia/dmarc-cat) to
provide human-readable output, which is then sent to a specific mailbox/folder, 
where I can read/check the reports if/when I want.


For low volume this is OK (IMHO), but if you have lots of reports you want 
something that looks at them automatically and maybe alerts you based on the 
report.


Good luck.
-- Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Mark Alley via mailop]

Is that on Github somewhere? I'd be glad to add it to the list.

On 12/19/2023 9:20 AM, Slavko via mailop wrote:

Dňa 19. decembra 2023 15:02:15 UTC používateľ Mark Alley via 
mailop  napísal:

https://dmarcvendors.com/#Self-Hosted_Solutions

I use own python script (piped from exim), which extracts report's
attachment, stores XML in directories (by month) and reports are
shown/parsed by nginx and its autoindex & xslt module.

regards

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Alexandre Schmit-Baverel via mailop]

Here at Sarbacane, we use https://github.com/domainaware/parsedmarc to
parse it in Json, then feed it to an ELK (elastic / Kibana) with a
dashboard we built.
Its basic but convenient as an ESP when you want to control all these data.


[image: Alexandre Schmit-Baverel]

*Alexandre Schmit-Baverel*
Responsable Délivrabilité
03 28 32 80 40
[image: linkedin]

[image:
instagram]

[image:
tiktok]

[image:
youtube]

[image:
facebook]

[image:
twitter]


[image: Campagne notoriéte 2]



Le mar. 19 déc. 2023 à 16:20, 'Peter E. Fry via mailop' via Sarbacane -
Délivrabilité  a écrit :

> On Tuesday 19/12/2023 at 3:12 am, Eduardo Diaz Comellas via mailop wrote:
>
> Hi,
>
> I'm starting to deploy DMARC records in all our managed domains, but we
> don't have any specific tool to parse and extract meaningful information
> from the reports.
>
> Do you have any recomendations?
>
>
> Most (all?) of the reports are compressed.  I just (decompress them and)
> read them in a text editor, but then my volume is small (miniscule).  As an
> initial solution I'd probably just decompress the day's reports and grep
> them for "fail".
> I rarely read them now (only new domains, and there aren't many that send
> reports).
>
> Peter E. Fry
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Slavko via mailop]

Dňa 19. decembra 2023 15:02:15 UTC používateľ Mark Alley via mailop 
 napísal:
>https://dmarcvendors.com/#Self-Hosted_Solutions

I use own python script (piped from exim), which extracts report's
attachment, stores XML in directories (by month) and reports are
shown/parsed by nginx and its autoindex & xslt module.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Peter E. Fry via mailop]

On Tuesday 19/12/2023 at 3:12 am, Eduardo Diaz Comellas via mailop  
wrote:

Hi,

I'm starting to deploy DMARC records in all our managed domains, but 
we
don't have any specific tool to parse and extract meaningful 
information

from the reports.

Do you have any recomendations?




Most (all?) of the reports are compressed.  I just (decompress them 
and) read them in a text editor, but then my volume is small 
(miniscule).  As an initial solution I'd probably just decompress the 
day's reports and grep them for "fail".
I rarely read them now (only new domains, and there aren't many that 
send reports).



Peter E. Fry
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Mark Alley via mailop]

https://dmarcvendors.com/#Self-Hosted_Solutions

- Mark Alley

On 12/19/2023 2:47 AM, Eduardo Diaz Comellas via mailop wrote:

Hi,

I'm starting to deploy DMARC records in all our managed domains, but 
we don't have any specific tool to parse and extract meaningful 
information from the reports.


Do you have any recomendations?

Best regards

--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Opti Pub via mailop]

https://github.com/domainaware/parsedmarc


On Tue, Dec 19, 2023 at 9:50 AM Scott Mutter via mailop 
wrote:

> If DMARC reports could be sent in JSON format, they would be more easily
> parseable.
>
> At least, that's my opinion.
>
> On Tue, Dec 19, 2023 at 2:47 AM Eduardo Diaz Comellas via mailop <
> mailop@mailop.org> wrote:
>
>> Hi,
>>
>> I'm starting to deploy DMARC records in all our managed domains, but we
>> don't have any specific tool to parse and extract meaningful information
>> from the reports.
>>
>> Do you have any recomendations?
>>
>> Best regards
>>
>> --
>> Eduardo Díaz Comellas
>> Ultreia Comunicaciones, S.L.
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Scott Mutter via mailop]

If DMARC reports could be sent in JSON format, they would be more easily
parseable.

At least, that's my opinion.

On Tue, Dec 19, 2023 at 2:47 AM Eduardo Diaz Comellas via mailop <
mailop@mailop.org> wrote:

> Hi,
>
> I'm starting to deploy DMARC records in all our managed domains, but we
> don't have any specific tool to parse and extract meaningful information
> from the reports.
>
> Do you have any recomendations?
>
> Best regards
>
> --
> Eduardo Díaz Comellas
> Ultreia Comunicaciones, S.L.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] o365 outbound senders.. Strange Failures sending .. widespread reports

[Bill Cole via mailop]

On 2023-12-19 at 01:12:56 UTC-0500 (Tue, 19 Dec 2023 07:12:56 +0100)
Benny Pedersen via mailop 
is rumored to have said:


EHLO after STARTTLS, clearly bots only


Nope. Vide:

Dec 19 08:31:47 shiny postfix/smtpd[94038]: disconnect from 
mxout1-he-de.apache.org[95.216.194.37] ehlo=2 starttls=1 mail=1 rcpt=1 
data=1 quit=1 commands=7



EHLO after STARTTLS is normal and proper. See the RFC.

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SMTP smuggling

[Mark Alley via mailop]

Hey all, recently saw this mail server SMTP vulnerability that popped up on
a blog yesterday. Sharing here for those interested.

https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

-Mark Alley
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ECDSA DKIM validation?

[Slavko via mailop]

Dňa 19. decembra 2023 11:11:28 UTC používateľ Alessandro Vesely via mailop 
 napísal:

>Won't any Google insider shred some lite on why a generally technically sound 
>company lags like that?

Especially, when they de facto require DKIM ...

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ECDSA DKIM validation?

[Alessandro Vesely via mailop]

On Tue 19/Dec/2023 09:21:55 +0100 Taavi Eomäe wrote:
Considering how Gmail and quite a few widespread DKIM implementations still 
don't support EdDSA DKIM, I wouldn't get my hopes too high.



Won't any Google insider shred some lite on why a generally technically sound 
company lags like that?



Best
Ale
--



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC processing

[Alessandro Vesely via mailop]

On Tue 19/Dec/2023 09:47:15 +0100 Eduardo Diaz Comellas via mailop wrote:


I'm starting to deploy DMARC records in all our managed domains, but we don't 
have any specific tool to parse and extract meaningful information from the 
reports.


Do you have any recomendations?



The most basic thing is to transform XML reports into HTML tables[*].  That 
lets you glance at messages quickly.  Not so practical if you have hundreds or 
more reports every day.  The next step is to sum up those figures and deliver a 
daily total, or filter them by exception.  However, having an idea of what each 
report generator sends doesn't hurt.


Best
Ale
--

[*] For example, I use this style sheet:
http://www.tana.it/sw/dmarc-xsl/

More tools here:
https://dmarc.org/resources/code-and-libraries/




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ECDSA DKIM validation?

[Bastian Blank via mailop]

On Tue, Dec 19, 2023 at 10:21:55AM +0200, Taavi Eomäe via mailop wrote:
> Considering how Gmail and quite a few widespread DKIM implementations still
> don't support EdDSA DKIM, I wouldn't get my hopes too high.

Please note that ECDSA != EdDSA.  And EdDSA stuff only turned up in FIPS
a short while ago.  Some organizations are really reluctant to implement
stuff not showing up there.

Bastian

-- 
Those who hate and fight must stop themselves -- otherwise it is not stopped.
-- Spock, "Day of the Dove", stardate unknown
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ECDSA DKIM validation?

[Marc Bradshaw via mailop]

It's getting better, but RSA will be with us for some years yet.

On Tue, 19 Dec 2023, at 7:03 AM, Michael W. Lucas via mailop wrote:
> Hi,
> 
> Last I checked a few years ago, validation of ECDSA DKIM keys was
> still iffy on deployed servers. Has the situation improved? Can we
> recommend ECDSA DKIM yet without ruining people's day?
> 
> Thanks,
> ==ml
> 
> -- 
> Michael W. Lucas https://mwl.io/
> author of: Absolute OpenBSD, SSH Mastery, git commit murder,
> Absolute FreeBSD, Butterfly Stomp Waltz, Forever Falls, etc...
> ### New books: DNSSEC Mastery, Letters to ed(1), $ git sync murder ###
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 

--

  Marc Bradshaw
  marcbradshaw.net

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] DMARC processing

[Eduardo Diaz Comellas via mailop]

Hi,

I'm starting to deploy DMARC records in all our managed domains, but we 
don't have any specific tool to parse and extract meaningful information 
from the reports.


Do you have any recomendations?

Best regards

--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ECDSA DKIM validation?

[Taavi Eomäe via mailop]

Considering how Gmail and quite a few widespread DKIM implementations 
still don't support EdDSA DKIM, I wouldn't get my hopes too high.




smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop