Forwarding is one of those damned if you do, damned if you don't things.
If you don't rewrite the envelope sender, the spf will fail, and we might
notice better that its forwarded, and we'll ding you potentially less for
forwarding spam to us.
If you do rewrite the envelope sender and do a poor
On 5/2/19 7:06 AM, Johann Klasek via mailop wrote:
Just from our perspective, SRS works well as far as I can see, at
least with a minor patched srs-socketmapd for our Sendmail environment.
https://jk.kom.tuwien.ac.at/~jklasek/Software/srs-socketmapd/ Because
not all of our e-mail addresses are
On Tue, Apr 30, 2019 at 09:08:34AM +0200, Thomas Walter via mailop wrote:
[..]
> We have a lot of students forwarding their emails to external mailboxes
> (usually freemailers even though they have more options here).
Same problem here...
and it was very annoying and support consuming.
[..]
> I
On 30/04/2019 17:08, Thomas Walter via mailop wrote:
> On 30.04.19 04:45, Noel Butler via mailop wrote: On 30/04/2019 05:35, Andreas
> Klein via mailop wrote: so the SPF
> check will fail if the FROM of the original message is retained and an
> SPF record exists for that domain.
>
> ancient FUD
Am 30. April 2019 09:08:34 MESZ schrieb Thomas Walter via mailop
:
>We have a lot of students forwarding their emails to external mailboxes
>(usually freemailers even though they have more options here).
>
>I can show you all kinds of examples where the forwarding is rejected
>in
>those cases
Am 30. April 2019 04:45:54 MESZ schrieb Noel Butler via mailop
:
>On 30/04/2019 05:35, Andreas Klein via mailop wrote:
>
>> so the SPF
>> check will fail if the FROM of the original message is retained and
>an
>> SPF record exists for that domain.
>
>ancient FUD
>
>I was a very, *very* early
On 30.04.19 04:45, Noel Butler via mailop wrote:
> On 30/04/2019 05:35, Andreas Klein via mailop wrote:
>> so the SPF
>> check will fail if the FROM of the original message is retained and an
>> SPF record exists for that domain.
>>
>
> ancient FUD
>
> I was a very, *very* early adopter of
On 30/04/2019 05:35, Andreas Klein via mailop wrote:
> so the SPF
> check will fail if the FROM of the original message is retained and an
> SPF record exists for that domain.
ancient FUD
I was a very, *very* early adopter of SPF, I always hear these claims,
but my mails always get through
In article <231a8e51-7a1d-10ea-e777-f157156e7...@akxnet.de> you write:
>The list server has no control over other's SPF records, so the SPF
>check will fail if the FROM of the original message is retained and an
>SPF record exists for that domain.
Mailing lists put their own address as the bounce
On 29 Apr 2019, at 15:55, Brandon Long via mailop wrote:
Wow, what a thread.
So, to be clear, we don't treat DKIM failure any different than if the
message lacks DKIM, at least in general
Great!
[...]
I'm surprised that no one has fixed mailman's bounce handling to be
smarter,
It is, if
Wow, what a thread.
So, to be clear, we don't treat DKIM failure any different than if the
message lacks DKIM, at least in general (its always possible there are
manual rules that do things differently that were targeted at specific
campaigns, and I'm not sure if the ML thinks differently, but
Am 28.04.2019 um 20:24 schrieb Grant Taylor via mailop:
> I think the list MTA should accept the messages with DKIM oversigned
> headers, remove said DKIM-Signature headers, pass the DKIM-less message
> into the mailing list for normal processing.
What I see from my Google DMARC reports is
On 4/28/19 11:50 PM, Kurt Andersen (b) via mailop wrote:
Mailop either needs to implement ARC (there are solutions for that which
work with Mailman 2 & 3), sign outgoing mail with its own DKIM signatures
(along with header munging), or implement SPF authentication in order
to have
On 4/29/2019 9:30 AM, Rich Kulawiec via mailop wrote:
On Sun, Apr 28, 2019 at 11:33:07AM -0600, Brielle Bruns via mailop wrote:
A slack channel would be cool regardless [...]
No, it wouldn't. You might find it instructive to read their S-1 filing,
referenced here:
Slack Warns
On Sun, Apr 28, 2019 at 11:33:07AM -0600, Brielle Bruns via mailop wrote:
> A slack channel would be cool regardless [...]
No, it wouldn't. You might find it instructive to read their S-1 filing,
referenced here:
Slack Warns Investors It's a Target for Nation-State Hacking
On Sat, 2019-04-27 at 15:09 -0400, Bill Cole wrote:
> Yes, because the signature included the Sender and List-* headers,
> probably non-existent originally, which mailing lists typically
> (including this one) add to messages they relay.
>
Like most mailing lists, mailop both modifies the
Bill,
On 28/04/2019 20:37, Bill Cole via mailop wrote:
> On 28 Apr 2019, at 13:05, Grant Taylor via mailop wrote:
>
>> On 4/27/19 11:43 PM, Bill Cole wrote:
>>> I can't say "should" because that's a site-specific/sender-specific
>>> choice.
>>
>> As is the choice to (over)sign headers, even
On Sun, Apr 28, 2019 at 8:43 PM Bill Cole via mailop
wrote:
> On 28 Apr 2019, at 21:51, John Levine via mailop wrote:
>
> > Just to be clear, we all understand that these funky DKIM signatures
> > have nothing to do with the reason that Google is rejecting mailop
> > messages, right?
>
> I think
On April 29, 2019 3:46:03 AM UTC, John Levine via mailop
wrote:
>
>Still waiting to hear when mailop.org adds its SPF record.
Didn't it take almost 2 years the last time we waited on mailop.org to fix a
cert?
-Jim P.
On mobile so pls excuse any brevity, typos, lack of taste, crudeness, down
In article <69632fdf-2440-4480-8afe-5cbf36aa0...@billmail.scconsult.com> you
write:
>HOWEVER: if I understand Simon's description of the rejection events
>correctly, the trigger was specifically a message with a broken DKIM
>signature which had not had its From munged (because the DMARC record
Just to be clear, we all understand that these funky DKIM signatures
have nothing to do with the reason that Google is rejecting mailop
messages, right?
R's,
John
>On 4/28/19 12:38 PM, Chris Adams via mailop wrote:
>> So should mailing lists reject such messages?
>
>No. Absolutely not.
>
>The
On 4/28/19 12:38 PM, Chris Adams via mailop wrote:
So should mailing lists reject such messages?
No. Absolutely not.
The DKIM specification states that a failed DKIM-Signature validation
should be treated like a lack of a DKIM-Signature.
I think the list MTA should accept the messages
In article <20190428183815.ga30...@cmadams.net>,
Chris Adams via mailop wrote:
>Once upon a time, Grant Taylor via mailop said:
>> On 4/28/19 11:35 AM, John Levine via mailop wrote:
>> >Oversigning those headers is silly.
>>
>> Oversigning may be /silly/. But it's still the sending site's
On 28 Apr 2019, at 13:05, Grant Taylor via mailop wrote:
On 4/27/19 11:43 PM, Bill Cole wrote:
I can't say "should" because that's a site-specific/sender-specific
choice.
As is the choice to (over)sign headers, even non-existent headers;
List-*, Sender, etc.
Qualitatively different
Once upon a time, Grant Taylor via mailop said:
> On 4/28/19 11:35 AM, John Levine via mailop wrote:
> >Oversigning those headers is silly.
>
> Oversigning may be /silly/. But it's still the sending site's choice.
So should mailing lists reject such messages? If they're going to add
headers
On 4/28/19 11:35 AM, John Levine via mailop wrote:
Oversigning those headers is silly.
Oversigning may be /silly/. But it's still the sending site's choice.
Let's say you send out a DKIM signed message without Sender and
List-Foo, and then an extremely malicious mailing list grabs your
In article you write:
>On Sun, 28 Apr 2019, Simon Lyall via mailop wrote:
>> Well since that email just triggered another round of bounces I've just
>> updated mailop's mailman config to mung all email addresses (hopefully,
>> this email is a test).
>
>Well the good news is that worked. The bad
> Another issue in that is the choice to send mail over IPv6. This has
> well-known risks of running into more draconian filtering than sticking
> with IPv4, and the operators of the mailing lists system have clearly
> NOT considered those risks or their mitigation.
> Mailing list managers should
On 4/28/2019 5:20 AM, Simon Lyall via mailop wrote:
On Sun, 28 Apr 2019, Simon Lyall via mailop wrote:
Well since that email just triggered another round of bounces I've
just updated mailop's mailman config to mung all email addresses
(hopefully, this email is a test).
Well the good news is
In article ,
Grant Taylor via mailop wrote:
>On 4/27/19 1:09 PM, Bill Cole wrote:
>> Yes, because the signature included the Sender and List-* headers,
>> probably non-existent originally, which mailing lists typically
>> (including this one) add to messages they relay.
>
>Thus the Sender and
On 4/28/2019 9:56 AM, Bill Cole via mailop wrote:
On 28 Apr 2019, at 2:19, Brielle Bruns wrote:
On 4/27/2019 11:19 PM, Bill Cole wrote:
Basically DKIM on my EXIM server is configured in the default way
which Debian’s config file sets it up once you provide it with the
necessary keys for
On 4/28/19 10:21 AM, Bill Cole via mailop wrote:
Or just set bounce_score_threshold to a sane value?
Doing that simply moves the line. It doesn't actually solve the problem.
It may work for most normal day-to-day sending values. But any time you
have a contentious topic, like this one,
On 4/27/19 11:43 PM, Bill Cole wrote:
I can't say "should" because that's a site-specific/sender-specific choice.
As is the choice to (over)sign headers, even non-existent headers;
List-*, Sender, etc.
It's a thing that could be done with some effort, the right tools, and
properly trained
On 28 Apr 2019, at 7:20, Simon Lyall via mailop wrote:
On Sun, 28 Apr 2019, Simon Lyall via mailop wrote:
Well since that email just triggered another round of bounces I've
just updated mailop's mailman config to mung all email addresses
(hopefully, this email is a test).
Well the good news
On 28 Apr 2019, at 2:19, Brielle Bruns wrote:
On 4/27/2019 11:19 PM, Bill Cole wrote:
Basically DKIM on my EXIM server is configured in the default way
which Debian’s config file sets it up once you provide it with the
necessary keys for signing. If it’s got something that they need
to fix
On 28.04.19 13:20, Simon Lyall via mailop wrote:
> On Sun, 28 Apr 2019, Simon Lyall via mailop wrote:
>> Well since that email just triggered another round of bounces I've
>> just updated mailop's mailman config to mung all email addresses
>> (hopefully, this email is a test).
>
> Well the good
On 28/04/2019 21:20, Simon Lyall via mailop wrote:
> On Sun, 28 Apr 2019, Simon Lyall via mailop wrote:
>
>> Well since that email just triggered another round of bounces I've just
>> updated mailop's mailman config to mung all email addresses (hopefully, this
>> email is a test).
>
> Well
On Sun, 28 Apr 2019, Simon Lyall via mailop wrote:
Well since that email just triggered another round of bounces I've just
updated mailop's mailman config to mung all email addresses (hopefully,
this email is a test).
Well the good news is that worked. The bad news is that gmail just bounced
Brielle Bruns writes:
> EXIM is generating that list based on RFC 4871 (Section 5.5 lists
> recommended).
There's a discrepancy in the wording, though.
The RFC says, about the list given: "The following header fields SHOULD
be included in the signature, if they are present in the message being
On Sun, 28 Apr 2019, Brielle Bruns wrote:
For a long time, I refused to insert DKIM headers on the grounds it
created situations like this. But, you can thank certain large
providers who make some hurdles if you don't have DKIM signed messages.
Well since that email just triggered another
On 4/27/2019 11:19 PM, Bill Cole wrote:
Basically DKIM on my EXIM server is configured in the default way
which Debian’s config file sets it up once you provide it with the
necessary keys for signing. If it’s got something that they need to
fix to make it behave better, I’m all for getting
On 27 Apr 2019, at 19:49, Grant Taylor via mailop wrote:
On 4/27/19 1:09 PM, Bill Cole wrote:
Yes, because the signature included the Sender and List-* headers,
probably non-existent originally, which mailing lists typically
(including this one) add to messages they relay.
Thus the Sender
On 27 Apr 2019, at 19:00, Brielle wrote:
I guess I’m a bit confused at what you mean.
Your signature:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=2mbit.com;
s=default;
h=To:In-Reply-To:References:Message-Id:Subject:Date:Mime-Version:
On 4/27/19 1:09 PM, Bill Cole wrote:
Yes, because the signature included the Sender and List-* headers,
probably non-existent originally, which mailing lists typically
(including this one) add to messages they relay.
Thus the Sender and List-* headers were oversigned.
Signing the
I guess I’m a bit confused at what you mean.
I’ll note I run my own mail server, DNS, etc.
Basically DKIM on my EXIM server is configured in the default way which
Debian’s config file sets it up once you provide it with the necessary keys for
signing. If it’s got something that they need to
On 27 Apr 2019, at 13:02, Grant Taylor via mailop wrote:
On 4/27/19 3:54 AM, Simon Lyall wrote:
The below message was bounced by everyone (I assume) in the list
whose address is hosted by gmail.
I would be surprised if it was just Gmail.
Date: Wed, 24 Apr 2019 08:44:58 -0600
From: Brielle
On 4/27/19 11:16 AM, John Levine wrote:
I wouldn't. Gmail has made it quite clear that on their v6 mail
servers they will only accept mail that is SPF or DKIM authenticated.
If you don't authenticate, send to their v4 mail servers. I don't
know anyone else who does that.
Hum.
I suspect
In article
you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>On 4/27/19 3:54 AM, Simon Lyall wrote:
>> The below message was bounced by everyone (I assume) in the list whose
>> address is hosted by gmail.
>
>I would be surprised if it was just Gmail.
I wouldn't. Gmail has made it quite clear that on
On 4/27/19 3:54 AM, Simon Lyall wrote:
The below message was bounced by everyone (I assume) in the list whose
address is hosted by gmail.
I would be surprised if it was just Gmail.
Date: Wed, 24 Apr 2019 08:44:58 -0600
From: Brielle Bruns
Subject: Re: [mailop] The utility of spam folders
I've gone though and manually re-enabled all (hopefully) of the gmail
users. I saw a few gmail addresses not disabled so possible not all were
affected.
Simon.
On Sat, 27 Apr 2019, Simon Lyall wrote:
FYI
The below message was bounced by everyone (I assume) in the list
whose address is
FYI
The below message was bounced by everyone (I assume) in the list
whose address is hosted by gmail.
Date: Wed, 24 Apr 2019 08:44:58 -0600
From: Brielle Bruns
Subject: Re: [mailop] The utility of spam folders
Error message similar to this:
SMTP error from remote mail server after end
51 matches
Mail list logo
