[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
On Thu, Mar 09, 2023 at 01:21:02PM -0500, postfix--- via Postfix-users wrote: > > I am still seeing DKIM fails and two DKIM-Signatures. > > Is this correct? Haven´t seen this with other mails but I cannot rule out a > > config issue on my side. Is someone else observing that? > > Yes there will be two DKIM signatures due to the configuration of the mailing > list. > The first DKIM signature is from the email author to the mailing list. > The second DKIM signature is added by the mailing list when it is resent to > everyone on the list. > > The SPF will pass, because the email is from the list and matches the SPF > records. > The first DKIM signature created by the author will fail because the mailing > list altered the email adding a footer and reply-to headers. > The second DKIM signature will pass because it was signed by the list before > sending to you. > > With the SPF pass, and one DKIM pass, DMARC should pass and the email should > be accepted as legit. That's not exactly right. The DMARC policy of the original sender no longer applies because the From: header address is no longer that of the original sender. The From: header address is now postfix-mum...@postfix.org. If the postfix.com domain had a DMARC policy, then it would apply, but it doesn't have one. There is only SPF and DKIM. But that should suffice unless there are mail providers that annoyingly distrust anything without DMARC. cheers, raf ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
Unfortunately, due to company policy, I can only work with RPM packages from either the default repo or EPEL and nothing else. I know several other companies that have the same rule. Its not something that I can change, so I work with what I have. On Fri, 10 Mar 2023 11:14:14 -0500 PGNet Dev via Postfix-users wrote: > > The problem with dkimpy/dkimpy-milter, is that they don't exist in > > enterprise distros (Alma, Rocky, Oracle) via EPEL. > FWIW, it's a trivial install with python/pip, and plays nicely in a venv. > works a charm here. > > rpm spec's also straightforward. > > here's one for Fedora, > > > https://src.fedoraproject.org/rpms/python-dkimpy/blob/rawhide/f/python-dkimpy.spec > > none's built for EPEL atm, but the infrastructure is there, > > https://src.fedoraproject.org/rpms/python-dkimpy > > any interested party could certainly chime in there > > should be similar for dkimpy-milter ... > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
On Fri, 2023-03-10 at 17:35 +0200, mailmary--- via Postfix-users wrote: > > Looking at the opendkim/opendmarc right now, they appear dead over the past 2 > years or so, which is sad really. > It's not sad at all. It's a testament to the stability of the project. Sure, both projects could use some polishing maybe, but that is not something that is "sad" -Jim P. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
Thanks. As of a few minutes ago there's a dkimpy 1.1.1, although there aren't any changes that will affect you one way or the other if you're using it for dkimpy-milter. thx, Name: dkimpy Version: 1.1.1 Name: dkimpy-milter Version: 1.2.3 the 'hardest' part is that my pip-installed pkgs don't notify on maintenance updates! o/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
On 3/10/23 11:13, Curtis Maurand via Postfix-users wrote: On 3/7/23 15:36, Bernardo Reino via Postfix-users wrote: rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault (so far ;-) I've been running rspamd for nearly a year and I've been very happy with it. It's a huge improvement over amavis/spamassassin. It is very fast. Same. I've been running it for something over five years, I don't remember exactly, ever since DSpam (which was EFFING FANTASTIC) succumbed to terminal bit-rot due to lack of maintenance. (I was getting 99.997% overall filtering accuracy with DSpam.) -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958 ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
On 3/8/23 15:30, Scott Techlist via Postfix-users wrote: On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote: So what's the option for a more upto date version of DKIM milter for debian? rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault (so far ;-) I'm STILL trying to figure out rspamd's documentation enough to understand how to enable and configure all of those, so that I can have one milter instead of four. I too would be grateful for a pointer to a decent how-to/guide on setting it up. I'm still using amavis and clamd. Always apprehensive to change horses. I use it with ispconfig on devuan (debian bullseye without systemd). It's works very well. It was easy to set up and configure. A lot of the configuration can be done through it's web interface. Setting scores marking and rejecting are done via the ispconfig interface. I agree that it's documentation is cryptic and not for the faint of heart. They surely don't stick to the KISS method. -- Curtis https://curtis.maurand.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
The problem with dkimpy/dkimpy-milter, is that they don't exist in enterprise distros (Alma, Rocky, Oracle) via EPEL. FWIW, it's a trivial install with python/pip, and plays nicely in a venv. works a charm here. rpm spec's also straightforward. here's one for Fedora, https://src.fedoraproject.org/rpms/python-dkimpy/blob/rawhide/f/python-dkimpy.spec none's built for EPEL atm, but the infrastructure is there, https://src.fedoraproject.org/rpms/python-dkimpy any interested party could certainly chime in there should be similar for dkimpy-milter ... ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
On 3/7/23 15:36, Bernardo Reino via Postfix-users wrote: On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote: So what's the option for a more upto date version of DKIM milter for debian? rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault (so far ;-) I've been running rspamd for nearly a year and I've been very happy with it. It's a huge improvement over amavis/spamassassin. It is very fast. --Curtis -- Curtis https://curtis.maurand.com ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
The problem with dkimpy/dkimpy-milter, is that they don't exist in enterprise distros (Alma, Rocky, Oracle) via EPEL. The popularity of opendkim/opendmarc is due to their packages being available via EPEL. Looking at the opendkim/opendmarc right now, they appear dead over the past 2 years or so, which is sad really. I hope the project owners decide to either close the projects or give them away to someone else. There is no reason to beat a dead horse. On Fri, 10 Mar 2023 10:19:40 -0500 PGNet Dev via Postfix-users wrote: > ime, dkimpy/dkimpy-milter are great alternatives to opendkim stagnation/bloat > > here, in production on Fedora boxes, > > Name: dkimpy > Version: 1.1.0 > > Name: dkimpy-milter > Version: 1.2.3 > > have been working with postfix with no issues at all, at least for my use > cases. > > much appreciated! > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
* Scott Kitterman via Postfix-users : That would be great. I started dkimpy-milter for two reasons: I wanted to experiment with the new DKIM crypto types that lead to RFC 8463 and there didn't seem to be much activity with opendkim maintenance (this is, of course, ironic given how well I did with dkimpy-milter maintence recently). I did finally get a new release out recently and as far as I can tell with the updates to pymilter, dkimpy, and dkimpy-milter the crashes from non-ASCII/ UTF-8 data are a ting of the past (if someone knows otherwise, please file bugs). ime, dkimpy/dkimpy-milter are great alternatives to opendkim stagnation/bloat here, in production on Fedora boxes, Name: dkimpy Version: 1.1.0 Name: dkimpy-milter Version: 1.2.3 have been working with postfix with no issues at all, at least for my use cases. much appreciated! ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server
On Wednesday, March 8, 2023 1:52:47 AM EST Patrick Ben Koetter via Postfix- users wrote: > * Scott Kitterman via Postfix-users : > > ... > > > > For Debian, if someone can find/test patches, I can get them into Debian's > > package. I assume other distributors are similar. Feel free to update > > the Debian bug with information. It's unfortunate we don't have a better > > maintained solution. > > In Germany the German government is preparing an initiative to foster open > source projects that are considered to be vital for e.g. the security of > people when they are on the internet. > > At eco e.v., Germanies lobby organization for businesses on the internet, > we are currently investigating if opendkim and opendmarc could receive > grant from the government. > > openspf, opendkim and opendmarc have been very useful when the IETF created > the RFCs, because you need "rough consensus and running code", and the > programs always served to provide the latter, but then, after they had > become the de facto standard applications, no one took on the task of > "software gardening" and so bugs that had been discovered did not get fixed > and new functionality has not been added. That's one of the reasons it has > become harder to run a modern mail platform on your own if you are not a > major player. That would be great. I started dkimpy-milter for two reasons: I wanted to experiment with the new DKIM crypto types that lead to RFC 8463 and there didn't seem to be much activity with opendkim maintenance (this is, of course, ironic given how well I did with dkimpy-milter maintence recently). I did finally get a new release out recently and as far as I can tell with the updates to pymilter, dkimpy, and dkimpy-milter the crashes from non-ASCII/ UTF-8 data are a ting of the past (if someone knows otherwise, please file bugs). Scott K ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org