t instead, but enforcing this
breaks some workflows.
Unless you really want to prohibit that activity, you can't do it at the
server level.
--
Richard Damon
that it
allows other tests to means something.
--
Richard Damon
'crashes' than
the next connection will do some cleanup. Even a fairly short busy wait
should handle these cases most of the time.
--
Richard Damon
inting to the list submission address, that way if
someone is using a MUA that doesn't support the 'Reply-To-List' function
and does a Reply-All, it is likely that it will redirect the reply to
the list. (More broken MUAs might still send you a copy, if the ignore
or mishandle Reply-All.)
--
Richard Damon
a
'Reply-to-List' opiton, because of the lack of list headers, but
'Reply-All' will still work.
It just becomes a bit harder to reply back JUST to the list. Your need
Reply-All and then editing the list of recipients.
--
Richard Damon
ing messages without a Message-ID.
>>
> Maybe on smtp, but not on submission. FOr me policy there is completeley
> different
I thought one strategy to handle this was that submission would detect
lack of the message-id header and add one with a proper message-id.
--
Richard Damon
On 4/26/20 11:47 PM, Peter wrote:
> On 27/04/20 2:02 am, Richard Damon wrote:
>> On 4/26/20 8:15 AM, Peter wrote:
>>> On 27/04/20 12:00 am, Richard Damon wrote:
>>>> Except that if the sender is sending from a domain with an email
>>>> policy
>>>&
ypass the spam filter, no more
problems with the messages in the spam filter. At the same time you can
put the message into a tag, to keep things organized.
--
Richard Damon
On 4/26/20 6:41 PM, Jaroslaw Rafa wrote:
> Dnia 26.04.2020 o godz. 17:00:31 Richard Damon pisze:
>> I have never had GMail ask me to setup DMARC, they will ask you to setup
>> SPF or DKIM as a first step for delivery problems, as letting them
> Did you read https://support.goog
On 4/26/20 3:23 PM, Jaroslaw Rafa wrote:
> Dnia 26.04.2020 o godz. 08:00:56 Richard Damon pisze:
>> This is exactly what DMARC is intended to indicate. Configuring a domain
>> with DMARC says that it is intended that message only be accepted if
>> they come directly fr
On 4/26/20 8:15 AM, Peter wrote:
> On 27/04/20 12:00 am, Richard Damon wrote:
>> Except that if the sender is sending from a domain with an email policy
>> that effectively says, "This domain is intended to send sensitive
>> information, please do not accept messages
designed for things like
Banks to be able to send out messages that the recipients can trust came
from them and not a scammer. (A scammer could fake this out with a
'look-alike' domain, but that leaves a strong back trail to the scammer,
who tend to want to hid in the darkness of the web.
--
Richard Damon
t, when you are using a mailing list, the list owner has the right to
decide what gets sent on THEIR mailing list.
--
Richard Damon
torry not to try
>
SPF does NOT break from a properly configured mailinglist, as SPF
doesn't check just from, but can also use sender/envelope-from, which a
proper mailing-list should set to itself, so SPF will pass.
DMARC/SPF, which only validates to the From: header will break.
--
Richard Damon
the message comes from
doesn't match the From of the message, but with DMARC if EITHER SPF or
DKIM pass, the message is to be considered to pass.
A Domain with strict DMARC, and which doesn't DKIM sign messages, will
fail with any form of remailer, so would fail for this application.
--
Richard Damon
need to be reminded about operating instructions. (This list's
subject matter is fairly technical, so not apt to draw less technically
adept subscribers).
--
Richard Damon
OL (without
informing their users of the consequences), and then them telling
mailing list operators that the mailing lists had to deal with the
damage, as they needed to adopt this for 'reasons'.
--
Richard Damon
leave Yahoo, but unlikely enough to really
matter to them, and might drive more traffic to Yahoo Groups (which at
the time was making them money, and got around the problem because it
was part of Yahoo).
--
Richard Damon
at declared 20% of your legitimate email as spam and
just discarded it. This is not a bad equivalent to the providers using a
method that declares mailinglist using the traditional methods that have
been used for decades as 'forgers'.
--
Richard Damon
ages in a way to break DKIM, so messages
that were DKIM signed to the From: Domain will still pass DMARC DKIM, so
will pass DMARC (unless the domain doesn't DKIM sign messages, which
would be very unusual for highly restricted DMARC).
--
Richard Damon
tions along the way done by the relays does not invalidate who
the author is, so the From should be retain.
Basically, this means that those domains that use DMARC, especially at
the higher levels, should not use those types of relays, which makes
some sense for the original intent of DMARC.
--
Richard Damon
vectors, that they couldn't keep up
with other measures to try and block it. The adoption of DMARC for a
general email provider is basically an acknowledgement that they have
problems maintaining a safe and secure email system. IF they advertise
it as a feature, and explain what it means you can't do, then maybe it
isn't, but if they don't inform you that they are not suitable for many
mailing lists and the like, then likely THEY are the one with a problem.
--
Richard Damon
On 11/21/19 11:47 PM, Wesley Peng wrote:
> Richard Damon wrote:
>> That is a question to ask them. Basically the strict DMARC policy is
>> designed for transactional email, where spoofing is a real danger. The
>> side effect of it is that addresses on such a domain really sh
On 11/21/19 11:21 PM, Wesley Peng wrote:
> Richard Damon wrote:
>> The typical options for the mailing list are
>>
>> 1) Just not allow people from such domains to post to the list (the
>> reject option you mention)
>>
>> 2) Rewrite the from address from peop
sociated
with the sender. It can also make it harder to reply just to the sender.
3) Rewrite the message by wrapping it as an attachment, with the outer
message being from the list. This has the problem that many clients
won't handle the message in a useful manner.
--
Richard Damon
am
> box. Rejecting mail is an extreme measure, see RFC 5321 (7.9):
> "considerable care should be taken and balance maintained if a site
> decides to be selective about the traffic it will accept and process."
>
> Gregory
--
Richard Damon
ybe 10-20%)
of ordinary messages that look to be plain text, are base64 encoded, so
reject them if you are willing to lose that much legitimate email. (And
those messages are full according to the RFCs)
--
Richard Damon
blocks 587 or 465 unless they
don't allow you to run servers and just block most server ports.
--
Richard Damon
s likely being the most common)
--
Richard Damon
uery match and the
> search goes on until it "meets" REJECT. In my opinion that's exactly
> what's going on here in my case.. . Is that not right? Am I wrong?
>
>
> -Original Message-
> From: Richard Damon
> To: postfix-users@postfix.org
> Sent: Sun
t is
> replaced.
>
> man header_checks:
>
> DESCRIPTION
>
> Each message header or message body line is compared against a
> list of
> patterns. When a match is found the corresponding action is
> executed,
> and the matching process is repeated for the next message
> header or
> message body line.
>
> Thus, it stops at the first match. If the Subject line matches first,
> then that rule determines the result.
>
> Wietse
--
Richard Damon
On 4/20/19 8:08 AM, Reto wrote:
> On Sat, Apr 20, 2019 at 07:31:06AM -0400, Richard Damon wrote:
>> Where the issue comes is with DMARC, which restricts the DKIM protocol
>> to be aligned with the From line of the message, and thus the MLM can't
>> make the message pass
On 4/19/19 11:22 PM, Bill Cole wrote:
> On 19 Apr 2019, at 22:50, Richard Damon wrote:
>
>> Note also, these RFCs are just Standards Track, which says that they are
>> not yet 'full standards' but still evolving, and I believe that one of
>> the issues that needs
27; but still evolving, and I believe that one of
the issues that needs to be worked out is to figure out how to improve
their interoperability for general emails with traditional mailing lists.
--
Richard Damon
s on mass mailings
that REQUIRE instructions on how to unsubscribe be included in the message)
--
Richard Damon
thorized to send email for that domain. (If they also signed
the message with DKIM, it likely would make it through).
The solution is that when you forward email from domains you don't
control to a domain you don't control, you need to at least re-write the
from address to something you control, otherwise it looks too much like
possible scamming.
--
Richard Damon
would have support for a given number of years, and others have more
limited support (like for only a limited time after any subsequent
release). Make only 1 LTS per year, and then you have 3 years from 3 LTS
releases + 1 most current release.
--
Richard Damon
And what is special about your phone that postfix should use to allow
it, but not other IPs?
--
Richard Damon
s
much more than you need, but once you need things beyond that it shows
its abilities.
--
Richard Damon
On 11/24/18 10:24 AM, André Rodier wrote:
> On 2018-11-24 15:16, Richard Damon wrote:
>> On 11/24/18 9:41 AM, André Rodier wrote:
>>> Hello,
>>>
>>> I have a program (SOGo), installed on my mail server, that send emails
>>> using the
you need any header to enable this support,
just a compliant MUA.
--
Richard Damon
ll the MUAs used internally, and make
sure you add the message in a way that they all handle reasonably (some
MUAs will take any multisection message and display all but the first
part as attachments, and don't handle email messages as attachments well.
--
Richard Damon
Email address (and user name to authenticate email) not matching the log in
user name, totally not spoofing in my book, and in fact can be ‘required’ by
some security guidelines. (You publicize your email address, it really
shouldn’t be part of your security credentials, that just vastly cuts do
that forces it to use the Header From:
--
Richard Damon
limit 'soft'.
Of course, the issue now becomes that most of the 'free email' systems
aren't quality system, so the above promise isn't kept, and some stuff
is just dropped.
--
Richard Damon
you get what you pay for.
Their user agreements basically disavow any implication that the service
will be reliable or fit for use. The silent dropping of messages is
basically expected behavior.
--
Richard Damon
On 9/1/17 6:23 AM, Tom Browder wrote:
On Thu, Aug 31, 2017 at 21:44 Richard Damon <mailto:rich...@damon-family.org>> wrote:
...
One point of information about Gmail, which may want you to change
your
test setup a bit. Gmail suppresses duplicate messages (as
determined b
mail
interactions, you need two Gmail accounts.
--
Richard Damon
ould expect that a simple MTA, whose job it is
to just deliver the mail as directed, to not need to get 'into' the message.
--
Richard Damon
ept at the RCPT TO, and then
reject at End of Data having it just reject everything as spam?
--
Richard Damon
now that IPv6 address is 'the
same' as the listed IPv4 address.
--
Richard Damon
e preferred
method to handle DMARC
issues with mailing list, as proposed by the DMARC group and the major
mail systems
that are causing the DMARC problem.
--
Richard Damon
On 12/14/14, 10:10 PM, James B. Byrne wrote:
> On Sun, December 14, 2014 20:05, Richard Damon wrote:
>> DMARC says that if a domain requests DMARC protection then any
>> message that has a RFC5322 domain pointing to it, must be
>> verifiable as coming from that domain, thu
stion of what are you willing to do to make things "work"
and who are you willing to make bear the brunt of problems.
--
Richard Damon
es reliably
delivered, and for some strange reason the spammers aren't doing things
to clearly mark there messages as spam.
--
Richard Damon
e that postfix recoded the message
and have the legacy server (or whatever) undo the encoding before
checking the signature.
--
Richard Damon
information, there is a set of domains set aside
specifically for this sort of use case, example.com, example.org,
example.net (in fact, just about any example.*). Being set aside for
this purpose, it is clear to readers that it is being a placeholder, and
doesn't accidentally step on som
ply-To to point to where they can read email, something allowed by the
RFCs). The second just causes inconvenience for the poster, since they
will receive the message at their Reply-To address, and if they really
wanted to, they could set up the posting address to be really send only
to not get replies back on it.
--
Richard Damon
On 1/12/13 8:49 AM, Wietse Venema wrote:
> Richard Damon:
>> On 1/11/13 9:51 AM, Wietse Venema wrote:
>>> Robert Moskowitz:
>>>> On 01/11/2013 09:07 AM, Wietse Venema wrote:
>>>>> Robert, please configure your mail reader to respect the REPLY-TO
>
f ignoring Reply-To.
A bit like earlier you were explaining how email addresses like
"@"@example.com aren't a good idea because it isn't well supported,
Reply-To's on mailing list are often enough broken that counting on them
to work can be somewhat futile.
--
Richard Damon
itzky.com>
<20120216203810.gw14...@harrier.slackbuilds.org>
<021b01ccecfd$a47f7800$ed7e6800$@tecserver.com>
<4f3d8c48.2010...@whyscream.net> <4f3d964c.9040...@thelounge.net>
In-Reply-To: <4f3d964c.9040...@thelounge.net>
Which causes this thread to be placed as part of the thread on "forcing
MX lookups" if you enable sort by threaded.
--
Richard Damon
On 12/22/11 3:59 AM, Reindl Harald wrote:
> On 22.12.2011 04:24, Richard Damon wrote:
>> I also have one web hosting provider that basically does NOT provide
>> outgoing SMTP service, they specifically state that they expect you to
>> be using your ISPs SMTP server to be s
e
outside world claiming to be from them is likely a spoof and rejectable.
--
Richard Damon
icate that header lines are continued, it seems very natural
that it would be used in a Mail Transport Agent to have its config file
set up.
--
Richard Damon
at if your mail server says it name is
mailer.example.com, that a rDNS lookup of its IP should evaluate to
mailer.example,com, and it should be reachable at the IP that is gotten
from a DNS lookup mailer.example.com.
--
Richard Damon
65 matches
Mail list logo
