Re: [mailop] OpenDMARC
Hi, On some OS(s) you need to enable each on their own config file, as just installing doesn't do it, on my configuration these files are located in the "/etc/default" folder. Also make sure the port is set correctly in the file. Then, restart their service and test. -Original Message- From: "Mary via mailop" Sent: Monday, December 26, 2022 2:42pm To: mailop@mailop.org Subject: [mailop] OpenDMARC Hi everyone, Is OpenDMARC still in development? I'm having problems with amazon.de emails, they all fail with: postfix/cleanup[412056]: warning: milter inet:127.0.0.1:8893: can't read SMFIC_BODYEOB reply packet header: Connection timed out postfix/cleanup[412056]: E1E6045BCA: milter-reject: END-OF-MESSAGE from a1-38.smtp-out.eu-west-1.amazonses.com[54.240.1.38]: 4.7.1 Service unavailable - try again later; Are there any alternatives to OpenDMARC and OpenDKIM? Thank you. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
> On Dec 29, 2022, at 20:38, Mark Foster via mailop wrote: > > Some reading that might be useful. > > https://github.com/vshymanskyy/StandWithUkraine/issues/135 > > https://www.theregister.com/2022/06/27/7zip_compression_tool/ > > https://pcper.com/2022/06/boycott-7-zip-because-its-not-on-github-seriously/ > > My impression is that 7-Zip is way, way down the severity list, and the > author can't help the actions of his own government. > > Best part of open source projects is the ability for the code to be > independently reviewed. At this point we're so off in the weeds that this has little to do with either OpenDMARC or mail operations at all. -Dan ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
Some reading that might be useful. https://github.com/vshymanskyy/StandWithUkraine/issues/135 https://www.theregister.com/2022/06/27/7zip_compression_tool/ https://pcper.com/2022/06/boycott-7-zip-because-its-not-on-github-seriously/ My impression is that 7-Zip is way, way down the severity list, and the author can't help the actions of his own government. Best part of open source projects is the ability for the code to be independently reviewed. Mark. On 29/12/22 23:35, Mary via mailop wrote: not my policy, but I'll forward your words to my clients. unfortunately, some of these decisions come from higher up the food chain... other software that is being blocked: RAR, 7zip, Kaspersky anti-virus, etc... On Thu, 29 Dec 2022 10:12:25 + Vsevolod Stakhov via mailop wrote: Hello Mary, Rspamd is a software developed in the UK by its author and main developer, who is a British citizen and has lived in the UK for most of his adult life. It has no connection to Russia or Russian developers. I hope this clears up any misunderstandings about the origin and development of Rspamd. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
not my policy, but I'll forward your words to my clients. unfortunately, some of these decisions come from higher up the food chain... other software that is being blocked: RAR, 7zip, Kaspersky anti-virus, etc... On Thu, 29 Dec 2022 10:12:25 + Vsevolod Stakhov via mailop wrote: > Hello Mary, > > Rspamd is a software developed in the UK by its author and main > developer, who is a British citizen and has lived in the UK for most of > his adult life. It has no connection to Russia or Russian developers. I > hope this clears up any misunderstandings about the origin and > development of Rspamd. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
Hello Mary, Rspamd is a software developed in the UK by its author and main developer, who is a British citizen and has lived in the UK for most of his adult life. It has no connection to Russia or Russian developers. I hope this clears up any misunderstandings about the origin and development of Rspamd. On 27/12/2022 08:36, Mary via mailop wrote: I've never used rspamd but now its time to take a look. Unfortunately, I can't use it with all my clients because some of them have policies that prevent me from using Russian software (or related to Russian developers in some way). Thank you for the suggestion. On Tue, 27 Dec 2022 02:33:36 +0100 Tobias Fiebig via mailop wrote: Heho, On Mon, 2022-12-26 at 21:42 +0200, Mary via mailop wrote: ... Are there any alternatives to OpenDMARC and OpenDKIM? I had a lot of good experiences with rspamd; Also, it felt 'easier to hold' to reduce the influx of spam, as you can tighten things selectively; Of course, you can also just use the signing/validation parts and use $something_else for spam filtering. Added bonus: Supports ARC as well, and can send DMARC reports ootb. With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
On Tue 27/Dec/2022 17:27:09 +0100 Giovanni Bechis via mailop wrote: On 12/27/22 09:52, Andreas S. Kerber via mailop wrote: Am Tue, Dec 27, 2022 at 10:36:50AM +0200 schrieb Mary via mailop: Are there any alternatives to OpenDMARC and OpenDKIM? I use zdkimfilter, but it currently works with Courier-MTA only. Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
On 12/27/22 09:52, Andreas S. Kerber via mailop wrote: Am Tue, Dec 27, 2022 at 10:36:50AM +0200 schrieb Mary via mailop: I've never used rspamd but now its time to take a look. Are there any alternatives to OpenDMARC and OpenDKIM? As an alternative to OpenDKIM, I'm happily using dkimpy-milter. The configuration is quite similar to OpenDKIM. You can also use MIMEDefang for DKIM signing, it depends on your setup anyway. Both rspamd and MIMEDefang can do lot of other things and if you need only a milter to DKIM sign your emails, dkimpy-milter may be the fastest solution. Giovanni OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
thank you, I'll take a look On Tue, 27 Dec 2022 09:52:56 +0100 "Andreas S. Kerber via mailop" wrote: > As an alternative to OpenDKIM, I'm happily using dkimpy-milter. The > configuration is quite similar to OpenDKIM. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
Am Tue, Dec 27, 2022 at 10:36:50AM +0200 schrieb Mary via mailop: > I've never used rspamd but now its time to take a look. > > > Are there any alternatives to OpenDMARC and OpenDKIM? As an alternative to OpenDKIM, I'm happily using dkimpy-milter. The configuration is quite similar to OpenDKIM. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
I've never used rspamd but now its time to take a look. Unfortunately, I can't use it with all my clients because some of them have policies that prevent me from using Russian software (or related to Russian developers in some way). Thank you for the suggestion. On Tue, 27 Dec 2022 02:33:36 +0100 Tobias Fiebig via mailop wrote: > Heho, > > On Mon, 2022-12-26 at 21:42 +0200, Mary via mailop wrote: > > ... > > Are there any alternatives to OpenDMARC and OpenDKIM? > > I had a lot of good experiences with rspamd; Also, it felt 'easier to > hold' to reduce the influx of spam, as you can tighten things > selectively; Of course, you can also just use the signing/validation > parts and use $something_else for spam filtering. > > Added bonus: Supports ARC as well, and can send DMARC reports ootb. > > With best regards, > Tobias > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OpenDMARC
Heho, On Mon, 2022-12-26 at 21:42 +0200, Mary via mailop wrote: > ... > Are there any alternatives to OpenDMARC and OpenDKIM? I had a lot of good experiences with rspamd; Also, it felt 'easier to hold' to reduce the influx of spam, as you can tighten things selectively; Of course, you can also just use the signing/validation parts and use $something_else for spam filtering. Added bonus: Supports ARC as well, and can send DMARC reports ootb. With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] OpenDMARC
Hi everyone, Is OpenDMARC still in development? I'm having problems with amazon.de emails, they all fail with: postfix/cleanup[412056]: warning: milter inet:127.0.0.1:8893: can't read SMFIC_BODYEOB reply packet header: Connection timed out postfix/cleanup[412056]: E1E6045BCA: milter-reject: END-OF-MESSAGE from a1-38.smtp-out.eu-west-1.amazonses.com[54.240.1.38]: 4.7.1 Service unavailable - try again later; Are there any alternatives to OpenDMARC and OpenDKIM? Thank you. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] opendmarc fails with tencent.com emails
thank you for the detailed explanation. On Fri, 21 May 2021 08:20:11 -0700 Alan Hodgson via mailop wrote: > It's testing qq.com, not tencent.com. They do appear to have an SPF record, > fwiw. Which doesn't help DMARC if they don't replace the envelope sender. > They'd have to fix that or add a DKIM sig from qq.com. Not sure how tencent's > DKIM sig passed; that suggests they put the @qq.com in the From:, or else qq > resigned it with a tencent.com key after rewriting the From:. Neither is > helpful. > > qq.com's DMARC policy is p=none, though. Which is good considering how broken > that mail is. > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] opendmarc fails with tencent.com emails
On Fri, 2021-05-21 at 15:06 +0300, Mary via mailop wrote: > > Hello, > > I am seeing a lot of DMARC errors with emails coming from tencent.com, I am > not sure but based on the opendmarc errors I think these emails are > forwarded via qq.com and the From domain is replaced from @tencent.com to > @qq.com (keeping the user part intact). > > The domain tencent.com has valid SPF+DMARC records, but the qq.com domain > has no TXT records whatsoever. > > Anyone else seen this issue before? is opendmarc at fault? > > > -- SAMPLE > Received: from smtpbg.qq.com (smtpbg552.qq.com [183.3.226.181]) > (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 > bits)) > (No client certificate requested) > by my.server.com (Postfix) with ESMTPS id D4ACD5XZ51 > for ; Fri, 21 May 2021 11:14:12 + (UTC) > Authentication-Results: my.server.com; dmarc=fail (p=none dis=none) > header.from=qq.com > Authentication-Results: my.server.com; spf=pass smtp.mailfrom=l...@tencent.com > Authentication-Results: my.server.com; > dkim=pass (1024-bit key; unprotected) header.d=tencent.com > header.i=@tencent.com header.a=rsa-sha256 header.s=s201512 header.b=Ucwje3sK It's testing qq.com, not tencent.com. They do appear to have an SPF record, fwiw. Which doesn't help DMARC if they don't replace the envelope sender. They'd have to fix that or add a DKIM sig from qq.com. Not sure how tencent's DKIM sig passed; that suggests they put the @qq.com in the From:, or else qq resigned it with a tencent.com key after rewriting the From:. Neither is helpful. qq.com's DMARC policy is p=none, though. Which is good considering how broken that mail is. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] opendmarc fails with tencent.com emails
Hello, I am seeing a lot of DMARC errors with emails coming from tencent.com, I am not sure but based on the opendmarc errors I think these emails are forwarded via qq.com and the From domain is replaced from @tencent.com to @qq.com (keeping the user part intact). The domain tencent.com has valid SPF+DMARC records, but the qq.com domain has no TXT records whatsoever. Anyone else seen this issue before? is opendmarc at fault? -- SAMPLE Received: from smtpbg.qq.com (smtpbg552.qq.com [183.3.226.181]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by my.server.com (Postfix) with ESMTPS id D4ACD5XZ51 for ; Fri, 21 May 2021 11:14:12 + (UTC) Authentication-Results: my.server.com; dmarc=fail (p=none dis=none) header.from=qq.com Authentication-Results: my.server.com; spf=pass smtp.mailfrom=l...@tencent.com Authentication-Results: my.server.com; dkim=pass (1024-bit key; unprotected) header.d=tencent.com header.i=@tencent.com header.a=rsa-sha256 header.s=s201512 header.b=Ucwje3sK ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop