[xmail] Re: SPF + Win32
On Thu, 9 Dec 2004, lascjr wrote: Hi, I have the XMail 1.20 + W2K Server working fine, but i don't have success with the install of SPF Filter (xm-spf.pl). What steps did you follow to instal xm-spf.pl in XMail? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
There are filters available to do filtering with XMail based on SPF = data. However, there are two other important issues to fully supporting SPF. = One is SASL SMTP (allowing customers to send email on port 587, but only = with SMTP AUTH). You can easily bind XMail's SMTP service to both ports 25 587, but XMail does not yet have any way of setting up port 587 to be = SMTP AUTH only. The other issue is SRS (Sender Rewriting Scheme). With SRS = and SASL SMTP support, it is not practical to enable SPF within our own DNS records. It is unfortunate, because I would love to be able to fully = deploy SPF to protect all of the domains I host against forgery. At this = point, all I can do with XMail and the existing SPF filters is filter incoming email to prevent forged emails from arriving. It's a start, but more = work still needs to be done. I'm really excited for the day when XMail = supports SASL SMTP and SRS. Some people will argue that SASL SMTP and SRS could be implemented using perl or bash filters. I think that is the wrong move, since these are = core functions that need to be as fast as possible to scale properly. = Spawning separate processes instead of handling the task in process is slower, especially on Windows platforms. For more info on SRS: http://spf.pobox.com/srspng.html http://spf.pobox.com/emailfwdpng.html For more info on SASL SMTP: http://www.faqs.org/rfcs/rfc.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Tom Banting Sent: Tuesday, October 12, 2004 11:13 AM To: [EMAIL PROTECTED] Subject: [xmail] SPF Has anyone added SPF functionality to xmail? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Please explain why you think it is not practical to add the SPF record to your DNS. Publishing an SPF record in your DNS is step 1, and you do not need to do anything else if you don't feel like it. This just makes life easier for everyone who receives messages from your domains. Shiloh Jennings wrote: AUTH only. The other issue is SRS (Sender Rewriting Scheme). With SRS = and SASL SMTP support, it is not practical to enable SPF within our own DNS records. It is unfortunate, because I would love to be able to fully = - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Without SRS and SASL SMTP support, publishing SPF records for your = domains can cause problems. One potential problem is with forwarded email. = Some of your forwarded email could be blocked by other ISPs if you publish SPF records without proper SRS support within your email server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Kevin Williams Sent: Tuesday, October 12, 2004 12:16 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF Please explain why you think it is not practical to add the SPF record=20 to your DNS. Publishing an SPF record in your DNS is step 1, and you do=20 not need to do anything else if you don't feel like it. This just makes=20 life easier for everyone who receives messages from your domains. Shiloh Jennings wrote: AUTH only. The other issue is SRS (Sender Rewriting Scheme). With = SRS =3D and SASL SMTP support, it is not practical to enable SPF within our own = DNS records. It is unfortunate, because I would love to be able to fully = =3D - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Wow, I hope that's not true. The SPF site leaves me with the impression that the DNS record checking, Received-SPF header, SMTP AUTH, and SRS are all pieces which can be implemented in steps and should not fail when all steps are not yet implemented. I have the impression that if a server is rejecting messages because SRS is not implemented on the sending server, that's a bad implementation on their part and not the fault of the sender or sending server. Honestly, I don't yet see the benefit to SRS because it seems like a huge hassle, requiring servers to be re-architected. If SPF is designed to fail without SRS, then I don't see how it will ever succeed. Shiloh Jennings wrote: Without SRS and SASL SMTP support, publishing SPF records for your = domains can cause problems. One potential problem is with forwarded email. = Some of your forwarded email could be blocked by other ISPs if you publish SPF records without proper SRS support within your email server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Kevin Williams Sent: Tuesday, October 12, 2004 12:16 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF Please explain why you think it is not practical to add the SPF record=20 to your DNS. Publishing an SPF record in your DNS is step 1, and you do=20 not need to do anything else if you don't feel like it. This just makes=20 life easier for everyone who receives messages from your domains. Shiloh Jennings wrote: AUTH only. The other issue is SRS (Sender Rewriting Scheme). With = SRS =3D and SASL SMTP support, it is not practical to enable SPF within our own = DNS records. It is unfortunate, because I would love to be able to fully = =3D - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF?
Am Di, 2004-08-17 um 02.08 schrieb Nick Marino: Davide are you familiar with SPF and do you have any plans on incorporating it into Xmail? SPF: Sender Policy Framework http://spf.pobox.com/index.html Did you take a look on xmailservers homepage or have you read this mailinglists some time ago (was around 2004-05-31) ? see: http://www.xmailserver.org/xm-spf.pl - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Davide Libenzi wrote: This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? Me me: http://www.xmailserver.org/xm-spf.pl From what I have seen now from it is that a domain should have a SPF record made in DNS, if the domain does not have it a mail will always pass. As long as not all domains in the whole world do have SPF records what is the sense of this at all? -- Groeten, Peter The media .INI file refers to an unknown device name. - - Heb je een Dreambox 7000S ? - Kijk eens op http://www.dreamvcr.com - Kijk ook op http://www.lindeman.org - ICQ 22383596 - Uptime lindeman.org - 6 days, 22 hours and 6 minutes, 0 users logged in. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Peter Lindeman wrote: Davide Libenzi wrote: This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? Me me: http://www.xmailserver.org/xm-spf.pl From what I have seen now from it is that a domain should have a SPF record made in DNS, if the domain does not have it a mail will always pass. As long as not all domains in the whole world do have SPF records what is the sense of this at all? Not true. SPF can be used in 'best guess' mode for a domain with no DNS record. I'm not sure exactly how this works, but I believe that it defaults to allowing mail from any A or MX host in the sending domain. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Mon, 31 May 2004, Peter Lindeman wrote: Davide Libenzi wrote: This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? Me me: http://www.xmailserver.org/xm-spf.pl From what I have seen now from it is that a domain should have a SPF record made in DNS, if the domain does not have it a mail will always pass. As long as not all domains in the whole world do have SPF records what is the sense of this at all? Yes, I'm afraid it's something like that. OTOH adding a TXT record to your domain is not a biggie, and this helps your domains to avoid to be victims of forgery when someone sends messages to SPF enabled sites. The other step is to protect your site using SPF, like the above script helps to do. I'm currently giving it a shot on xmailserver. But there's still a long way ahead, since many domains do not use SPF. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Peter Lindeman wrote: Davide Libenzi wrote: This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? Me me: http://www.xmailserver.org/xm-spf.pl From what I have seen now from it is that a domain should have a SPF record made in DNS, if the domain does not have it a mail will always pass. As long as not all domains in the whole world do have SPF records what is the sense of this at all? Perhaps no one wants my $0.02, but I just finished my own SPF filter and DNS records so I'll speak up anyway. Given how simple it is to set up, why not? The list of domains implementing SPF is impressive, and growing rapidly. If the RFC is adopted then the reasons to implement it only increase. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Mon, 31 May 2004, Michael Luke wrote: Peter Lindeman wrote: Davide Libenzi wrote: This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? Me me: http://www.xmailserver.org/xm-spf.pl From what I have seen now from it is that a domain should have a SPF record made in DNS, if the domain does not have it a mail will always pass. As long as not all domains in the whole world do have SPF records what is the sense of this at all? Not true. SPF can be used in 'best guess' mode for a domain with no DNS record. I'm not sure exactly how this works, but I believe that it defaults to allowing mail from any A or MX host in the sending domain. O, that's what the guess option in the above script is for. Lemme try it ... - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
At 12:06 5/31/2004, you wrote: From what I have seen now from it is that a domain should have a SPF record made in DNS, if the domain does not have it a mail will always pass. As long as not all domains in the whole world do have SPF records what is the sense of this at all? Reducing bounces due to virus spew and joe jobs - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Sun, 30 May 2004, Michael Luke wrote: Hi everybody. I've just started using Xmail 1.18 and am impressed by how well it runs. Does Xmail contain features that I can use to verify Sender Policy Framework rules? http://spf.pobox.com/intro.html This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
At 13:14 5/30/2004, you wrote: On Sun, 30 May 2004, Michael Luke wrote: Hi everybody. I've just started using Xmail 1.18 and am impressed by how well it runs. Does Xmail contain features that I can use to verify Sender Policy Framework rules? http://spf.pobox.com/intro.html This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? I'm looking at it, but not moving very quickly. There are a couple of Win32 SPF libraries on the net, and libraries for C++, python, and java (didn't see any for perl... sorry). Might be worth checking into... IIRC, they're located at: http://spf.pobox.com/downloads.html - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Sun, 30 May 2004, Tracy wrote: At 13:14 5/30/2004, you wrote: On Sun, 30 May 2004, Michael Luke wrote: Hi everybody. I've just started using Xmail 1.18 and am impressed by how well it runs. Does Xmail contain features that I can use to verify Sender Policy Framework rules? http://spf.pobox.com/intro.html This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? I'm looking at it, but not moving very quickly. There are a couple of Win32 SPF libraries on the net, and libraries for C++, python, and java (didn't see any for perl... sorry). Might be worth checking into... IIRC, they're located at: http://spf.pobox.com/downloads.html You missed the first one :) Mail::SPF::Query - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
At 13:22 5/30/2004, you wrote: This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? I'm looking at it, but not moving very quickly. There are a couple of Win32 SPF libraries on the net, and libraries for C++, python, and java (didn't see any for perl... sorry). Might be worth checking into... IIRC, they're located at: http://spf.pobox.com/downloads.html You missed the first one :) Mail::SPF::Query smacks head hard DOH! :) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Sun, 30 May 2004, Davide Libenzi wrote: On Sun, 30 May 2004, Michael Luke wrote: Hi everybody. I've just started using Xmail 1.18 and am impressed by how well it runs. Does Xmail contain features that I can use to verify Sender Policy Framework rules? http://spf.pobox.com/intro.html This sounds like a perfect candidate for the new pre-data SMTP filters. Any takers? Me me: http://www.xmailserver.org/xm-spf.pl It is a mostly a cutpaste from their example, plus XMail parsing (if we want to call it in that way) logic for spool files. It works from the command line and it works when passed a spool file (both SMTP and final spool - they have different header line). It supports tons of options (many of them I do not even know the meaning :), but at the basic: $ xm-spf.pl --ip IP --sender SENDER --debug 1 It supports setting the fail/pass exit codes with --pcode and --fcode. The default fail code is 19, that is ok for SMTP filters. When called from a filter: xm-spf.pl --file @@FILE You obviously need this to have it working: http://spf.pobox.com/Mail-SPF-Query-1.997.tar.gz Note, it's a first cut, so YMMV ... - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Thu, 25 Mar 2004, Shiloh Jennings wrote: Then do an SPF filter in Perl. You don't need to do it inside XMail. You have all the info inside the spool file XMail header. No? Good point. SpamAssassin 2.70 is going to support SPF, so we could just have SA do the SPF lookups instead of XMail. That is fair. What I am more interested in at this point is whether or not forwarding is going to work correctly with XMail. http://spf.pobox.com/emailforwarders.pdf A filter cannot rewrite the XMail part of the header (the ones before the tag MAIL-DATA). A filter could rewrite another message and send it using local delivery (or even SMTP), and return an exit code that makes XMail to drop the original message w/out bounce message. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
I can see the point for worms, but spammers can simply register throw away domains to spam from and set up SPF rules that allow all from that domain. Many spammers already strictly use throwaway domains. I really see the anti-spam war as very much like the anti-virus war, anything and everything we do is designed to fight their current tactics, they evolve as quickly as needed to get the job done, and now that there is some indication that they are working together, it can only get worse. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shiloh Jennings Sent: Friday, March 26, 2004 9:51 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF The spammers are not stupid, so they don't use @[EMAIL PROTECTED] etc. anymore and SPF is useless. ;( You are missing the bigger picture. Once everybody is using SPF, the spammers will have a very difficult time trying to forge anybody's email address. This will force spammers out into the open, which will make them even easier to block. The other huge advantage of SPF is in prevention of email worms. The most popular worms use forged from addresses when they send. Those worms will get stopped dead in their tracks by SPF. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
I can see the point for worms, but spammers can simply register throw away domains to spam from and set up SPF rules that allow all from that domain. Many spammers already strictly use throwaway domains. I really see the anti-spam war as very much like the anti-virus war, anything and everything we do is designed to fight their current tactics, they evolve as quickly as needed to get the job done, and now that there is some indication that they are working together, it can only get worse. I realize that spammers seem pretty relentless, but that is hardly a reason for us to thrown in the towel and let them walk all over us. If SPF forces them to buy throw away domains, that is awesome. That forces them to spend more money than they spent so far by forging from addresses in existing domains. That is a step in the right direction if you ask me. The really low rent spammers will quit at that point, because they were finally forced to buy something in order to peddle their trash. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
-Message d'origine- De : Shiloh Jennings [mailto:[EMAIL PROTECTED] Envoy=E9 : vendredi 26 mars 2004 18:07 =C0 : [EMAIL PROTECTED] Objet : [xmail] Re: SPF =20 =20 I can see the point for worms, but spammers can simply=20 register throw away domains to spam from and set up SPF rules that allow all=20 from that domain. Many spammers already strictly use throwaway domains. I=20 really see the anti-spam war as very much like the anti-virus war, anything and everything we do is designed to fight their current tactics, they=20 evolve as quickly as needed to get the job done, and now that there is some=20 indication that they are working together, it can only get worse. =20 I realize that spammers seem pretty relentless, but that is=20 hardly a reason for us to thrown in the towel and let them walk all over us. =20 If SPF forces them to buy throw away domains, that is awesome. That forces=20 them to spend more money than they spent so far by forging from addresses=20 in existing domains. That is a step in the right direction if you ask=20 me. The really low rent spammers will quit at that point, because they were=20 finally forced to buy something in order to peddle their trash. =20 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] =20 And if a spammer need to obtain a valid address and obtain it, there is = more change to stop it faster (simply cancel they account), as abuse notifications will come back faster to the good domain admins (if they = read the claims ...) Francis - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
http://spf.pobox.com/intro.html = SPF is developing support in Postfix, Exim, Qmail, and Sendmail What about XMail? I figured I would bring this topic back up. :) AOL is already publishing SPF records for their domain. Any email server with SPF support is able to automatically filtering out forged aol.com email. The support for SPF is growing (especially with big ISPs like AOL supporting it now), and I would really like to see SPF support in an upcoming version of XMail. Any chance we might see SPF support in 1.18 or 2.x? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Thu, 25 Mar 2004, Shiloh Jennings wrote: http://spf.pobox.com/intro.html = SPF is developing support in Postfix, Exim, Qmail, and Sendmail What about XMail? I figured I would bring this topic back up. :) AOL is already publishing SPF records for their domain. Any email server with SPF support is able to automatically filtering out forged aol.com email. The support for SPF is growing (especially with big ISPs like AOL supporting it now), and I would really like to see SPF support in an upcoming version of XMail. Any chance we might see SPF support in 1.18 or 2.x? I'm sorry but my answer is the same. If I had to add piece of codes to fit all those pseudo-standards (that born today to die tomorrow), XMail would be bloated enough only for that. When/if a decent percent of the internet will support such standard, I will add the code. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Now you are getting into that chicken or egg argument :-/ I agree, I would love to see Xmail have more spam fighting capabilities in it. The only way we are going to see more usage of it on the internet is if we actually put it in place :) Sorry, wanted to add my thoughts -- this SPAM thing is really getting to me and my customers... Shawn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Davide Libenzi Sent: Thursday, March 25, 2004 6:13 PM To: XMail mailing list Subject: [xmail] Re: SPF On Thu, 25 Mar 2004, Shiloh Jennings wrote: http://spf.pobox.com/intro.html = SPF is developing support in Postfix, Exim, Qmail, and Sendmail What about XMail? I figured I would bring this topic back up. :) AOL is already publishing SPF records for their domain. Any email server with SPF support is able to automatically filtering out forged aol.com email. The support for SPF is growing (especially with big ISPs like AOL supporting it now), and I would really like to see SPF support in an upcoming version of XMail. Any chance we might see SPF support in 1.18 or 2.x? I'm sorry but my answer is the same. If I had to add piece of codes to fit all those pseudo-standards (that born today to die tomorrow), XMail would be bloated enough only for that. When/if a decent percent of the internet will support such standard, I will add the code. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- Binary/unsupported file stripped by Ecartis -- -- Type: application/x-pkcs7-signature -- File: smime.p7s - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
I really do understand your point :) But look at the amount of spam -- something needs to be done. It looks like some serious players are backing this particular idea. So what about going back the discussion that was on the list for a while about a filter at is triggered just before the data section so that a lookup like SPF or one of the others (if SPF doesn't make it). And as much as I am not a fan of MS or AOL, between the two of them they control way more than 0.001% of the mail traffic on the internet. If you add all the hotmail users and aol users, I would argue that you have more than 30% of the internet mail users just in those two groups. Plus even if just those two support SPF, that would cut down on about 50% of the SPAM, because it is those two addresses that spammers forge and use a lot of the time. Maybe it is not a perfect solution, but heck if I/we could cut out 30% of the SPAM -- that would be an awesome start :) S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Davide Libenzi Sent: Thursday, March 25, 2004 7:56 PM To: XMail mailing list Subject: [xmail] Re: SPF On Thu, 25 Mar 2004, Shawn Anderson wrote: Now you are getting into that chicken or egg argument :-/ I agree, I would love to see Xmail have more spam fighting capabilities in it. The only way we are going to see more usage of it on the internet is if we actually put it in place :) So, should I drop in code for every sub-standard that pops up here and there used at most by 0.001% of the internet? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- Binary/unsupported file stripped by Ecartis -- -- Type: application/x-pkcs7-signature -- File: smime.p7s - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Thu, 25 Mar 2004, Shawn Anderson wrote: I really do understand your point :) But look at the amount of spam -- something needs to be done. It looks like some serious players are backing this particular idea. So what about going back the discussion that was on the list for a while about a filter at is triggered just before the data section so that a lookup like SPF or one of the others (if SPF doesn't make it). Then do an SPF filter in Perl. You don't need to do it inside XMail. You have all the info inside the spool file XMail header. No? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Then do an SPF filter in Perl. You don't need to do it inside XMail. You have all the info inside the spool file XMail header. No? Good point. SpamAssassin 2.70 is going to support SPF, so we could just have SA do the SPF lookups instead of XMail. That is fair. What I am more interested in at this point is whether or not forwarding is going to work correctly with XMail. http://spf.pobox.com/emailforwarders.pdf - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
No you shouldn't but you should also look for developments which show that a standard will be accepted by the majority and incorparate that one. I have now idea how far this SPF thing is in that direction. The fact that major players are backing it suggests it might be a good idea.=20 -Oorspronkelijk bericht- Van: Davide Libenzi [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 26 maart 2004 1:56 Aan: XMail mailing list Onderwerp: [xmail] Re: SPF =20 On Thu, 25 Mar 2004, Shawn Anderson wrote: =20 Now you are getting into that chicken or egg argument :-/ =20 I agree, I=20 would love to see Xmail have more spam fighting=20 capabilities in it. =20 The only way we are going to see more usage of it on the=20 internet is=20 if we actually put it in place :) =20 So, should I drop in code for every sub-standard that pops up=20 here and there used at most by 0.001% of the internet? =20 =20 =20 - Davide =20 =20 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] =20 =20 =20 =20 =20 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
And as much as I am not a fan of MS or AOL, between the two of them they control way more than 0.001% of the mail traffic on the internet. If you add all the hotmail users and aol users, I would argue that you have more than 30% of the internet mail users just in those two groups. Plus even if just those two support SPF, that would cut down on about 50% of the SPAM, because it is those two addresses that spammers forge and use a lot of the time. Maybe it is not a perfect solution, but heck if I/we could cut out 30% of the SPAM -- that would be an awesome start :) The spammers are not stupid, so they don't use @[EMAIL PROTECTED] etc. anymore and SPF is useless. ;( - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Spamassasin doesn't do SPF? The anti-spam software I use for my main mail server does it as a content filter. (Imail with Declude Junkmail) I'm sure someone can make one or make an existing filter to use SPF, since I use Xmail for special tasks and not general mail I don't run any spam filters (anything it sees has already been filtered), and I'm not familiar enough with spamassasin to know what it can filter on. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Liron Newman Sent: Wednesday, February 18, 2004 9:16 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF Davide Libenzi wrote: On Wed, 18 Feb 2004, Don Drake wrote: I agree, this is getting a lot of attention lately... When more than 1% of the existing internet mail infrastructure will use it, I'll think about it. I do not want to add code to XMail for a non standard that might die tomorrow. A legitimate thought, but how about adding the ability to write some kind of plugin/filter that would do that outside of XMail (i.e. In-session filtering) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
That is fair. This is technology that will gain widespread support. Now it is only a matter of waiting to see which of the three competing standards (rmx, dmp, spf) is the one that actually gains widespread support. Regardless of which ever standard gains support, you may need to make some subtle changes to the forwarding options in Xmail to take advantage of the tech. A I understand it, this issue applies to each of the three. As soon as SA 2.70 is officially released, you may want to update the forwarding stuff even if you don't yet want to implement filtering based on spf. I suspect that SA is being used by at least 1% of the internet mail infrastructure. - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 9:05 PM Subject: [xmail] Re: SPF On Wed, 18 Feb 2004, Don Drake wrote: I agree, this is getting a lot of attention lately... When more than 1% of the existing internet mail infrastructure will use it, I'll think about it. I do not want to add code to XMail for a non standard that might die tomorrow. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
SpamAssassin does not do SPF. It will incorporate it in a future version. -Don -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Frolick Sent: Thursday, February 19, 2004 8:56 AM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF Spamassasin doesn't do SPF? The anti-spam software I use for my main mail server does it as a content filter. (Imail with Declude Junkmail) I'm sure someone can make one or make an existing filter to use SPF, since I use Xmail for special tasks and not general mail I don't run any spam filters (anything it sees has already been filtered), and I'm not familiar enough with spamassasin to know what it can filter on. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Liron Newman Sent: Wednesday, February 18, 2004 9:16 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF Davide Libenzi wrote: On Wed, 18 Feb 2004, Don Drake wrote: I agree, this is getting a lot of attention lately... When more than 1% of the existing internet mail infrastructure will use it, I'll think about it. I do not want to add code to XMail for a non standard that might die tomorrow. A legitimate thought, but how about adding the ability to write some kind of plugin/filter that would do that outside of XMail (i.e. In-session filtering) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
I think SA 2.70 does, but not SA 2.63. SA 2.70 is available but not considered production ready. - Original Message - From: Charles Frolick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 8:56 AM Subject: [xmail] Re: SPF Spamassasin doesn't do SPF? The anti-spam software I use for my main mail server does it as a content filter. (Imail with Declude Junkmail) I'm sure someone can make one or make an existing filter to use SPF, since I use Xmail for special tasks and not general mail I don't run any spam filters (anything it sees has already been filtered), and I'm not familiar enough with spamassasin to know what it can filter on. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Liron Newman Sent: Wednesday, February 18, 2004 9:16 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: SPF Davide Libenzi wrote: On Wed, 18 Feb 2004, Don Drake wrote: I agree, this is getting a lot of attention lately... When more than 1% of the existing internet mail infrastructure will use it, I'll think about it. I do not want to add code to XMail for a non standard that might die tomorrow. A legitimate thought, but how about adding the ability to write some kind of plugin/filter that would do that outside of XMail (i.e. In-session filtering) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
I agree, this is getting a lot of attention lately... -Don -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Orion Productions Sent: Wednesday, February 18, 2004 6:19 PM To: [EMAIL PROTECTED] Subject: [xmail] SPF http://spf.pobox.com/intro.html = SPF is developing support in Postfix, Exim, Qmail, and Sendmail What about XMail? - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
On Wed, 18 Feb 2004, Don Drake wrote: I agree, this is getting a lot of attention lately... When more than 1% of the existing internet mail infrastructure will use it, I'll think about it. I do not want to add code to XMail for a non standard that might die tomorrow. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: SPF
Davide Libenzi wrote: On Wed, 18 Feb 2004, Don Drake wrote: I agree, this is getting a lot of attention lately... When more than 1% of the existing internet mail infrastructure will use it, I'll think about it. I do not want to add code to XMail for a non standard that might die tomorrow. A legitimate thought, but how about adding the ability to write some kind of plugin/filter that would do that outside of XMail (i.e. In-session filtering) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]