Hello.
I'm trying to set up a new procmail recipe to automatically file this
mailing list's traffic into its own folder - because my old procmail
recipe (filtering by TO: postfix-users@postfix.org) has proven to be
not 100% effective (somehow, some posts to the mailing list are
addressed to postfi
Josh Good:
> 1. Why the mailing list software is not configured to add a List-Id
> header?
Perhaps that's because the configuration was last updated in 2005,
at a time that List-Id was not as widely used. Let's see if this
message will have a List-Id header.
There are no footers, because to do th
Josh Good skrev den 2017-02-12 01:53:
1. Why the mailing list software is not configured to add a List-Id
header?
good question :)
2. Why this mailing list has never used subject tags, and very early
in its infancy it even stopped injecting a footer into the posts? It's
obvious that was not
On 2017 Feb 11, 20:27, Wietse Venema wrote:
> Josh Good:
> > 1. Why the mailing list software is not configured to add a List-Id
> > header?
>
> Perhaps that's because the configuration was last updated in 2005,
> at a time that List-Id was not as widely used. Let's see if this
> message will have
Josh Good skrev den 2017-02-12 02:40:
And I don't mean to be an annoyance, but why no subject [tags]?
this would break dkim
On 2017 Feb 12, 02:33, Benny Pedersen wrote:
> Josh Good skrev den 2017-02-12 01:53:
>
> >2. Why this mailing list has never used subject tags, and very early
> >in its infancy it even stopped injecting a footer into the posts? It's
> >obvious that was not done to accommodate for DMARC, so why was
Josh Good:
> On 2017 Feb 11, 20:27, Wietse Venema wrote:
> > Josh Good:
> > > 1. Why the mailing list software is not configured to add a List-Id
> > > header?
> >
> > Perhaps that's because the configuration was last updated in 2005,
> > at a time that List-Id was not as widely used. Let's see if
I agree about the DKIM signing. I get regularly authentication failures
(forensic reports) when posting to this list. Propably because my domain is set
to require mandatory DKIM signing and postfix list server isn't.
However, I don't think there should be any subject tags.
smime.p7s
Description
Josh Good skrev den 2017-02-12 02:51:
It would break the original sender's DKIM, if any. But then the mailing
list host could DKIM sign all messages just before sending them to the
list subscribers.
how should dkim handle this ?, how should dmarc handle it ?, how should
arc handle it ?
how
Sebastian Nielsen skrev den 2017-02-12 02:55:
I agree about the DKIM signing. I get regularly authentication
failures (forensic reports) when posting to this list. Propably
because my domain is set to require mandatory DKIM signing and postfix
list server isn't.
in that case you have mailrelays
On 2017 Feb 12, 03:00, Benny Pedersen wrote:
> >In the post-Snowden era, cryptographically signing ALL is the way to
> >go.
> >Remember, NSA not only "spies", it also "impersonates" when it needs to
> >do so (if it can do it). So yes, it makes sense for a mailing list to
> >DKIM sign the posts it
b00-c3954c22e...@sebbe.eu>
In-Reply-To: <20170212015134.gb18...@naleco.com>
References: <20170212005312.ga12...@naleco.com>
<1cf4d7a776ca97544eb0d21d36253...@junc.eu> <20170212015134.gb18...@naleco.com>
Subject: Re: Why no List-ID header in the postfix-users posts?
MIME-Ver
On 12/02/2017 00:53, Josh Good wrote:
Hello.
I'm trying to set up a new procmail recipe to automatically file this
mailing list's traffic into its own folder - because my old procmail
recipe (filtering by TO: postfix-users@postfix.org) has proven to be
not 100% effective (somehow, some posts to
On Sun, Feb 12, 2017 at 02:40:09AM +0100, Josh Good wrote:
> And I don't mean to be an annoyance, but why no subject [tags]?
This list carefully avoids modifying the message headers and body.
Therefore, this list requires no ugly DMARC work-around hacks. I
am sure that we should keep it that way
On 2017 Feb 12, 03:13, Sebastian Nielsen wrote:
> Theres no relay between me and postfix. And this is the report:
>
> Feedback-Type: auth-failure
> Version: 1
> User-Agent: OpenDMARC-Filter/1.3.2
> Auth-Failure: dmarc
> Authentication-Results: mx01.nausch.org; dmarc=fail header.from=sebbe.eu
> Ori
From: Sebastian NielsenSent: Saturday, February 11, 2017 5:56 PMTo: postfix-users@postfix.orgSubject: Re: Why no List-ID header in the postfix-users posts?I agree about the DKIM signing.
Sebastian Nielsen skrev den 2017-02-12 03:13:
Theres no relay between me and postfix. And this is the report:
spf strict
https://dmarcian-eu.com/dmarc-inspector/sebbe.eu
why ?
note you get dkim pass ?
On Sun, 2017-02-12 at 01:53 +0100, Josh Good wrote:
> Hello.
>
> I'm trying to set up a new procmail recipe to automatically file this
> mailing list's traffic into its own folder - because my old procmail
> recipe (filtering by TO: postfix-users@postfix.org) has proven to be
> not 100% effective
On 11 Feb 2017, at 21:53, li...@lazygranch.com wrote:
Further, how does DKIM prove the message wasn't altered? To my
knowledge, SPF proves the message came from a qualified server and
DKIM proves the FQDN is a match.
DKIM signs a hash of the canonicalized message body and the set of
headers
On 2017 Feb 11, 18:53, li...@lazygranch.com wrote:
>
>How would a get a print out of email uses that fail DKIM, SPF, or
>both?
>
>A few months ago there was chatter about how to rewrite the subject
>header to indicate the SPF and DKIM status. Unfortunately nothing
>further.
>
So technically integrity is assured from server to server, but not between
clients and server.
Original Message
From: Bill Cole
Sent: Saturday, February 11, 2017 7:08 PM
To: Postfix users
Reply To: Postfix users
Subject: Re: Why no List-ID header in the postfix-users posts?
On 11 Feb
On 2017 Feb 11, 19:18, li...@lazygranch.com wrote:
> So technically integrity is assured from server to server, but not between
> clients and server.
That is correct. DKIM is for MTA-to-MTA integrity.
I you want end-to-end (in-the-flesh sender to in-the-flesh recipient)
integrity, you need to u
OK, so I sent a message to the list which was rejected, I got a NDR like
this:
This message was sent by a program, not by a human person.
Your submission to the postfix-users mailing list was blocked because
your address is not subscribed, or because the subm
On 12/02/2017 02:44, Viktor Dukhovni wrote:
On Sun, Feb 12, 2017 at 02:40:09AM +0100, Josh Good wrote:
And I don't mean to be an annoyance, but why no subject [tags]?
This list carefully avoids modifying the message headers and body.
Therefore, this list requires no ugly DMARC work-around hack
On 12.02.2017 03:13, Sebastian Nielsen wrote:
> Theres no relay between me and postfix. And this is the report:
>
> Feedback-Type: auth-failure
> Version: 1
> User-Agent: OpenDMARC-Filter/1.3.2
> Auth-Failure: dmarc
> Authentication-Results: mx01.nausch.org; dmarc=fail header.from=sebbe.eu
> Orig
On 2017 Feb 12, 07:53, Dominic Raferd wrote:
>
> To go back to a point made by OP about SPF being 'good', it seems to me
> that SPF is fundamentally and irretrievably flawed - and frankly should
> be dropped.
Wow! Those are big words.
> The fact that it works in 99.5% of situations just makes
Josh Good - your DKIM signaturesare showing up as invalid.
On 2017-02-12 7:54 AM, Josh Good wrote:
On 2017 Feb 12, 07:53, Dominic Raferd wrote:
To go back to a point made by OP about SPF being 'good', it seems to me
that SPF is fundamentally and irretrievably flawed - and frankly should
be dro
On 2017 Feb 12, 08:14, John Allen wrote:
> Josh Good - your DKIM signaturesare showing up as invalid.
I don't see how that is possible, given that I currently do not do DKIM
signing of my posts to this list.
Perhaps did you mean to say that my posts to the list are getting a
DMARC result of fail
Josh Good wrote:
> On 2017 Feb 11, 19:18, li...@lazygranch.com wrote:
>> So technically integrity is assured from server to server, but not between
>> clients
>> and server.
>
> That is correct. DKIM is for MTA-to-MTA integrity.
There are no widely used MUA implementations making use of DKIM but
On 2017 Feb 12, 16:17, Michael Ströder wrote:
> Josh Good wrote:
> > On 2017 Feb 11, 19:18, li...@lazygranch.com wrote:
> >> So technically integrity is assured from server to server, but not between
> >> clients
> >> and server.
> >
> > That is correct. DKIM is for MTA-to-MTA integrity.
>
> The
Josh Good wrote:
> On 2017 Feb 12, 16:17, Michael Ströder wrote:
>> Josh Good wrote:
>>> On 2017 Feb 11, 19:18, li...@lazygranch.com wrote:
So technically integrity is assured from server to server, but not between
clients
and server.
>>>
>>> That is correct. DKIM is for MTA-to-MTA
On 12 February 2017 at 12:54, Josh Good wrote:
> On 2017 Feb 12, 07:53, Dominic Raferd wrote:
>>
>> To go back to a point made by OP about SPF being 'good', it seems to me
>> that SPF is fundamentally and irretrievably flawed - and frankly should
>> be dropped.
>
> Wow! Those are big words.
>
>> T
On 2017 Feb 12, 18:32, Dominic Raferd wrote:
> On 12 February 2017 at 12:54, Josh Good wrote:
>
> > Well, yes, SPF breaks old-style forwarding. This is well known and
> > undisputed.
> >
> > Many old-style SMTP "customs" no longer apply, like open relays, etc.
> >
> > Old-style forwarding is nowad
Josh Good:
> Old-style forwarding is when the forwarding MTA forwards the message
> re-using the original Return-Path in the SMTP envelope, instead of using
> its own address in the Return-Path. Because if the forwarding MTA uses
> its own address in the Return-Path while forwarding the email, SPF
wie...@porcupine.org skrev den 2017-02-12 20:59:
DKIM works just fine across multiple hops of forwarding as long as
one does not modify the message in transit (someone said that DKIM
is hop-by-hop; they don't understand what DKIM does). If anyone's
DKIM verifier fails on this posting, let me kno
> > Further, how does DKIM prove the message wasn't altered? To my knowledge,
> > SPF proves the message came from a qualified server and DKIM proves the FQDN
> > is a match.
>
> DKIM signs a hash of the canonicalized message body and the set of headers
> specified in the signature. Modify the bo
On 2017 Feb 12, 08:39, Kiss Gabor (Bitman) wrote:
> > > Further, how does DKIM prove the message wasn't altered? To my knowledge,
> > > SPF proves the message came from a qualified server and DKIM proves the
> > > FQDN
> > > is a match.
> >
> > DKIM signs a hash of the canonicalized message body
On 12.02.2017 08:39, Kiss Gabor (Bitman) wrote:
> Maybe DKIM verification should ignore list tags in the subject
> if the first attempt was unsuccesful.
> I.e. I could imagine a smarter canonicalization.
There can be no "interpretation" of what the signing party distributes.
I deliberately use DK
38 matches
Mail list logo
