[pfx] Re: long header folding and DKIM fails
Remember that Postfix has supported DKIM via various milters for 15+ years without issues. So no, practically there is no problem with DKIM and header folding in Postfix. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: A functional lightweight reverse alias?
Gerben Wierda: > Aliases are nice, to receive mail. But when you reply, the address behind the > alias is exposed. I’m puzzling a bit over this statement … I also use aliases but was not aware that they would expose my real address? As a test I’m sending this message from a virtual alias (hostmaster@), different from the main address that I use here. It shouldn’t be exposed I believe. (Please ignore if I completely misunderstood.) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Are multiple white spaces allowed in a date in headers?
Michael Storz: > FWS = ([*WSP CRLF] 1*WSP) / obs-FWS > > A FWS can be a single WSP or a folded line. > > Therefore the date "Fri, 5 Jan 2024 16:48:37 -0500 (EST)" is syntactically > incorrect, because there can be only one blank between "," and "5", not two > by the syntax of RFC 5322. This is nonsense, ‘1*WSP’ means one or more WSP characters. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: removing Authentication-Results, how?
Matus UHLAR - fantomas: > Which milter is that? > Does it support trusted hosts? Yes, I think so. It’s my https://crates.io/crates/spf-milter Ciao, ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] removing Authentication-Results, how?
Matus UHLAR - fantomas: > Do you remove those headers on your servers? In my chain of milters, the very first one simply deletes incoming Authentication-Results whose authserv-id equals $myhostname … The rest of the milters can then assume that no such headers are present. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Not all errors are postfix's fault
To find out why a milter signs or does not sign, it would be helpful to see the milter’s configuration. With OpenDKIM, the setting ‘LogWhy yes’ is useful for debugging such issues. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: smtp_header_checks and opendkim
Note: OpenDKIM does not require the (ancient, obsolete) setting ‘milter_protocol = 2’. It’s a cargo cult setting. Just drop it and leave it at the default. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Recommendation for dkim signing
Viktor Dukhovni: > Though dkimpy-milter is likely the more future-proof choice, perhaps > OpenDKIM is slightly more polished at present, be it also dated ( > lacking some of the newer algorithms). > > For signing, lack of bleeding-edge algorithms is less important, so if > you're not also validating, OpenDKIM would be sufficient. The newer algorithm alluded to here is ed25519-sha256. OpenDKIM does support this algorithm for both signing and verification. However, signing configuration currently supports only one algorithm at a time, so for double-signing using rsa-sha256 and ed25519-sha256 you have to run two OpenDKIM instances. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Recommendation for dkim signing
https://crates.io/crates/dkim-milter is yet another option that I’m working on. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Possible (indirect) libspf2 security issues
OpenDMARC only uses libspf2 if (a) it was compiled with SPF support and with libspf2 includes (configure options --with-spf --with-spf2-include --with-spf2-lib) and (b) configuration parameter SPFSelfValidate is enabled. Item (a) is the case for example in the Debian and Ubuntu package, but item (b) is not the default setting. To avoid any issues with libspf2, I recommend disabling SPFSelfValidate and using a separate SPF milter. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Deny any sender address with subdomain
Gerd Hoerst: > question 1st : is it a good idea to reject any email which is not sent from a > domain (means sen...@domain.tld) any other like sen...@sub.domain.tld or > sub.sub.domain.tld is rejected ? > > at least i tried with header checks in pcre > > /^From:\.*@.*\.*\.*/ DISCARD NO SUBDOMAINS > > but this seemd not to work.. This is a terrible idea, and you will lose a lot of legitimate mail. ‘Number of dots’ in a mail domain is simply not a spam signal. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: SPF: HELO does not publish an SPF Record
Jaroslaw Rafa: > Dnia 12.04.2023 o godz. 15:43:07 Fourhundred Thecat via Postfix-users pisze: >> OK, I see. >> So should the client (mail.example.com) then have it's own SPF record, >> in addition to the domain itself (example.com) ? > > If you plan to send mail with senders addresses as > someth...@mail.example.com, then yes. If you don't, and you will be only > sending mail as someth...@example.com, you don't need to bother with SPF > record for mail.example.com at all. You don’t strictly need to, but you can, and – as you’re bothering with setting up SPF already – you should. The point is that both the HELO and MAIL FROM names can undergo SPF evaluation, so ideally you will set up an SPF record for each: … EHLO mail.example.com … MAIL FROM: … ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Integrating a new milter with Postfix
EML: > I can run the milter as a service, if necessary, instead of adding an entry > in master.cf, but this feels like the wrong way to do this. Thanks. But note that this is how milters are normally operated, eg milters installed from a distro package. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org