Re: Hints needed for spf rule
(Please ignore my last message. My phone hit “send” randomly.)
On Sep 28, 2018, at 9:48 AM EDT, bOnK wrote:
> A better idea might be testing if SPF for a external domain would pass on
> your own server.
> This is what milter greylist does.
> http://hcpnet.free.fr/milter-greylist/
That’s interesting! We’d definitely need to ensure external relays for such a
rule in SA, though of course this’d also require some plugin dev work. Does
anybody have stats on that?
> Though probably exceptional, according to the RFC +all *can be* restrictive...
> https://tools.ietf.org/html/rfc7208#appendix-A.4
>
>> A.4. Multiple Requirements Example
>>
>>Say that your sender policy requires both that the IP address is
>>within a certain range and that the reverse DNS for the IP matches.
>>This can be done several ways, including the following:
>>
>>example.com. SPF ( "v=spf1 "
>> "-include:ip4._spf.%{d} "
>> "-include:ptr._spf.%{d} "
>> "+all" )
>>ip4._spf.example.com. SPF "v=spf1 -ip4:192.0.2.0/24 +all"
>>ptr._spf.example.com. SPF "v=spf1 -ptr +all"
>>
>>This example shows how the "-include" mechanism can be useful, how an
>>SPF record that ends in "+all" can be very restrictive, and the use
>>of De Morgan's Law.
This is amazing. And disgusting.
And the only remotely legitimate usage of either the ptr mechanism or
(separately) inanity like invoking De Morgan’s Law, and therefore also +all.
The ptr mechanism in SPF is officially “do not use” right in the spec
; PTR records aren’t vetted
(any network operator can assign literally any rDNS to their IPs), so it
trivializes forgery that would elicit an SPF pass.
Using De Morgan to intersect ptr with an un-forgeable requirement alleviates
the issues of ptr but it’s much less complicated to merely bless each one in
the SPF record.
Any (non-spammer) senders large enough to have issues fitting individual IPs in
the max size of a record should definitely not delegate control of SPF to rDNS.
They should instead better allocate their IP space for proper control by CIDR
or else give up and use an Email Service Provider that actually knows what it’s
doing
Re: deleting old data from txrep
Alex, I use this command nightly: 'DELETE FROM txrep WHERE last_hit <= (now() - INTERVAL 90 day);' I would recommend you try that and then just drop and recreate the table if you need. This sounds like a bad issue with the database. Regards, KAM On 10/3/2018 10:30 PM, Alex wrote: > Hi, > > I need to delete some of the old entries from my txrep database as > it's grown to 3GB, oops. When attempting to do this, it fails with > "error 14": > > # rpm -q mariadb > mariadb-10.2.17-2.fc28.x86_64 > > # ls -l > total 3141664 > -rw-rw 1 mysql mysql 65 Oct 19 2017 db.opt > -rw-rw 1 mysql mysql Oct 19 2017 txrep.frm > -rw-rw 1 mysql mysql 3217031168 Oct 3 22:29 txrep.ibd > > MariaDB [txrepdb]> delete from txrep where last_hit <= '2018-01-01 00:00:00'; > ERROR 14 (HY000): Can't change size of file (Errcode: -1048710496 > "Internal error < 0 (Not system error)") > > Searches show this can happen when the filesystem is full, but it's > not. Any ideas of what could be wrong? Maybe write the last, say, 120 > days to another database then rename it? -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: Hints needed for spf rule
On Sep 28, 2018, at 9:48 AM, bOnK wrote:
A better idea might be testing if SPF for a external domain would pass on your
own server.
>
> This is what milter greylist does.
> http://hcpnet.free.fr/milter-greylist/
>
> Though probably exceptional, according to the RFC +all *can be* restrictive...
> https://tools.ietf.org/html/rfc7208
>
> A.4. Multiple Requirements Example
>
>Say that your sender policy requires both that the IP address is
>within a certain range and that the reverse DNS for the IP matches.
>This can be done several ways, including the following:
>
>example.com. SPF ( "v=spf1 "
> "-include:ip4._spf.%{d} "
> "-include:ptr._spf.%{d} "
> "+all" )
>ip4._spf.example.com. SPF "v=spf1 -ip4:192.0.2.0/24 +all"
>ptr._spf.example.com. SPF "v=spf1 -ptr +all"
>
>This example shows how the "-include" mechanism can be useful, how an
>SPF record that ends in "+all" can be very restrictive, and the use
>of De Morgan's Law.
>
> --
> b.
deleting old data from txrep
Hi, I need to delete some of the old entries from my txrep database as it's grown to 3GB, oops. When attempting to do this, it fails with "error 14": # rpm -q mariadb mariadb-10.2.17-2.fc28.x86_64 # ls -l total 3141664 -rw-rw 1 mysql mysql 65 Oct 19 2017 db.opt -rw-rw 1 mysql mysql Oct 19 2017 txrep.frm -rw-rw 1 mysql mysql 3217031168 Oct 3 22:29 txrep.ibd MariaDB [txrepdb]> delete from txrep where last_hit <= '2018-01-01 00:00:00'; ERROR 14 (HY000): Can't change size of file (Errcode: -1048710496 "Internal error < 0 (Not system error)") Searches show this can happen when the filesystem is full, but it's not. Any ideas of what could be wrong? Maybe write the last, say, 120 days to another database then rename it?
Re: FPs on FORGED_MUA_MOZILLA (for my own hand-typed messages from my latest-version Thunderbird)
The thread has gone somewhat off-topic, which is partly my own fault.
The issues with URIBL misusage is a "side note", NOT the main purpose of
this thread. (again, that is party my fault since I mentioned that to
begin with). Also, I want to make sure that everyone knows that it was
my client (NOT ME!) that was using URIBL incorrectly. I'll educate my
client to hopefully fix that problem soon.
NOW... BACK ON THE MAIN TOPIC:
On 10/2/2018 1:52 PM, Matus UHLAR - fantomas wrote:
Message-ID: <39397904-9830-5010-a3d2-a62af8326...@invaluement.com>
this does seem to match:
MESSAGEID =~
/^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7})\@\S+>$/m
8h-4h-4h-4h-12h@
hmmm we need to look at
(__LYRIS_EZLM_REMAILER || __GATED_THROUGH_RCVD_REMOVER ||
__WACKY_SENDMAIL_VERSION || __IPLANET_MESSAGING_SERVER ||
__HOTMAIL_BAYDAV_MSGID || __SYMPATICO_MSGID)
I really don't think I've done anything unusual with my setup of
Thunderbird. Does anyone have other suggestions? Is there anything I can
do with my Thunderbird settings to mitigate this?
Thanks!
--
Rob McEwen
https://www.invaluement.com
+1 (478) 475-9032
