Re: List From and Reply-To

[Luis E. Muñoz]

On 1 Jun 2018, at 5:12, @lbutlr wrote:


On 30 May 2018, at 15:34, Luis E. Muñoz  wrote:
To further the point, one of the mailboxes I manage on this box has 
95K+ messages. Apple Mail would choke to dead on this one.


Not at all. I have folders in mail.app with more than twice that 
number of messages.


Perhaps you were lucky. Those "chokes" where my main reason to move to 
MailMate. YMWV I suppose.


Best regards

-lem

Re: List From and Reply-To

[Rupert Gallagher]

In the example at hand, the article you linked to does not grant to Apache the 
right to oppose to your right to oblivion.

Sent from ProtonMail Mobile

On Fri, Jun 1, 2018 at 14:45, Anthony Cartmell  wrote:

>> Ok we both subscribed to the list, but > the GDPR gives us the right to be 
>> forgotten, for example. Now suppose > you unsubscribe. You find out that 
>> your e-mails are archived on various > sites other than SA. You send an 
>> e-mail to SA's or Apache's postmaster > exerting your rights and demanding 
>> your shit to be deleted. According to > the GDPR, Apache *must* comply *and* 
>> it must forward the demand to all > of the third party archives. Nope. The 
>> right to be forgotten does not supersede every other interest, and there are 
>> situations where personal data does *not* need to be deleted: 
>> https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/do-we-always-have-delete-personal-data-if-person-asks_en
>>  Anthony -- www.fonant.com - Quality web sites Tel. 01903 867 810 Fonant Ltd 
>> is registered in England and Wales, company No. 7006596 Registered office: 
>> Amelia House, Crescent Road, Worthing, West Sussex, BN11 1QR

Re: List From and Reply-To

[Anthony Cartmell]

> Ok we both subscribed to the list, but
> the GDPR gives us the right to be forgotten, for example. Now suppose
> you unsubscribe. You find out that your e-mails are archived on various
> sites other than SA. You send an e-mail to SA's or Apache's postmaster
> exerting your rights and demanding your shit to be deleted. According to
> the GDPR, Apache *must* comply *and* it must forward the demand to all
> of the third party archives.

Nope. The right to be forgotten does not supersede every other interest,
and there are situations where personal data does *not* need to be deleted:

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/dealing-citizens/do-we-always-have-delete-personal-data-if-person-asks_en

Anthony
-- 
www.fonant.com - Quality web sites
Tel. 01903 867 810
Fonant Ltd is registered in England and Wales, company No. 7006596
Registered office: Amelia House, Crescent Road, Worthing, West Sussex,
BN11 1QR

Re: List From and Reply-To

[Rupert Gallagher]

I lost track of your reasoning. Let us start again. From the standpont of the 
GDPR, there is you, me, and someone in between who is responsible for our 
personal data. Infact, if you send to users@spamassassin.apache.org, I receive 
a copy of it *because* apache.org used our addresses. Ok we both subscribed to 
the list, but the GDPR gives us the right to be forgotten, for example. Now 
suppose you unsubscribe. You find out that your e-mails are archived on various 
sites other than SA. You send an e-mail to SA's or Apache's postmaster exerting 
your rights and demanding your shit to be deleted. According to the GDPR, 
Apache *must* comply *and* it must forward the demand to all of the third party 
archives. And it must do so quietly, that is, not publishing your demand on the 
internet. A lawyers matter? Well, the law is on the table, and one must execute 
it. Now, what I said is, to prevent this mess, the mailing list could clean up 
before itself by simply (relatively) obfuscating the addresses and removing any 
banner signature that hold personal data (full address and such). Am I making 
sense now?

Re: List From and Reply-To

[@lbutlr]

On 30 May 2018, at 15:34, Luis E. Muñoz  wrote:
> To further the point, one of the mailboxes I manage on this box has 95K+ 
> messages. Apple Mail would choke to dead on this one.

Not at all. I have folders in mail.app with more than twice that number of 
messages.

-- 
"Two years from now, spam will be solved," -- Bill Gates, January, 2004

Re: List From and Reply-To

[Matus UHLAR - fantomas]

On Thu, May 31, 2018 at 17:39, Antony Stone 
 wrote:

PS: I notice you choose to take the opposite approach with your own
Reply-To header, deliberately making it more difficult for people to
reply to the list :)


On 31.05.18 17:00, Rupert Gallagher wrote:

I just use the official ios client, where such regulations are not
possible.


what has Reply-To: in common with regulations?


This is an example of default client settings that may put you
in trouble, and the usefulness of server-side enforced policy.


I see different problem with proposed approach:

Removing or changing Reply-To (or other DKIM-signed header) requires
removing DKIM signature.  That may require changing From: address (if DKIM
policy indicates sender signing all mail), which means that your mail is
taken, modified and re-sent, "signed" as someone else.

If we take your mail as your artwork, this could get us in trouble :-)


 Servers
can automatically do things to keep both owners and clients on the safe
side of the law.  We shall not make the mistake of ignoring the GDPR: many
sites are going down as we speak.


I agree that GDPR apparently needs some polishing (or lawyer recommendation)
but I don't like doing it this way
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines. 

Re: List From and Reply-To

[@lbutlr]

On 30 May 2018, at 08:25, Bill Cole  
wrote:
> I can't speak to it as a MUA for mailing lists.

It is, as it always has been and by design, a very bad mail client for mailing 
lists.

(I use Apple Mail. But I use procmail to fix some of its stupidity, which is 
why this message goes to the list by default)

-- 
TYPOS AR EHT FAULT OF GIN

Re: List From and Reply-To

[Rupert Gallagher]

On Thu, May 31, 2018 at 17:39, Antony Stone 
 wrote:

>PS: I notice you choose to take the opposite approach with your own Reply-To 
>header, deliberately making it more difficult for people to reply to the list 
>:)

I just use the official ios client, where such regulations are not possible. 
This is an example of default client settings that may put you in trouble, and 
the usefulness of server-side enforced policy. Servers can automatically do 
things to keep both owners and clients on the safe side of the law. We shall 
not make the mistake of ignoring the GDPR:  many sites are going down as we 
speak.

Re: List From and Reply-To

[John Hardin]

On Thu, 31 May 2018, Antony Stone wrote:


On Thursday 31 May 2018 at 17:35:11, Rupert Gallagher wrote:


Beware of the GDPR. If a current or former subscriber wants their address
deleted, you are in hell. The mailing-list server can cleanup before
itself with a reply-to the list only, and obfuscating the addresses, and
deleting people's own banners and signatures.


In my opinion this is just one example of why parts of the GDPR are ridiculous
and were clearly not thought through before coming into legislation.


Engaging in wishful thinking while drafting laws is an all-too-common 
failing.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
 6 days until the 74th anniversary of D-Day

Re: List From and Reply-To

[Antony Stone]

On Thursday 31 May 2018 at 17:35:11, Rupert Gallagher wrote:

> Beware of the GDPR. If a current or former subscriber wants their address
> deleted, you are in hell. The mailing-list server can cleanup before
> itself with a reply-to the list only, and obfuscating the addresses, and
> deleting people's own banners and signatures.

In my opinion this is just one example of why parts of the GDPR are ridiculous 
and were clearly not thought through before coming into legislation.

PS: I notice you choose to take the opposite approach with your own Reply-To 
header, deliberately making it more difficult for people to reply to the list :)


Antony.

-- 
A user interface is like a joke.
If you have to explain it, it means it doesn't work.

   Please reply to the list;
 please *don't* CC me.

Re: List From and Reply-To

[Rupert Gallagher]

Beware of the GDPR. If a current or former subscriber wants their address 
deleted, you are in hell. The mailing-list server can cleanup before itself 
with a reply-to the list only, and obfuscating the addresses, and deleting 
people's own banners and signatures.

Sent from ProtonMail Mobile

On Thu, May 31, 2018 at 17:23, Ian Zimmerman  wrote:

> On 2018-05-31 12:25, Antony Stone wrote: > Anyone is free to set a Reply-To 
> header in the emails they send. This > will be preserved by the list server. 
> > > I believe both Ian and Bill are doing this, yes. Correct. But Reply-To 
> doesn't mean "follow up with list posts to this address"; it means "I don't 
> want private replies on this list, ever". The relevant header for normal list 
> follow-ups is List-Post. -- Please don't Cc: me privately on mailing lists 
> and Usenet, if you also post the followup to the list or newsgroup. To reply 
> privately _only_ on Usenet and on broken lists which rewrite From, fetch the 
> TXT record for no-use.mooo.com.

Re: List From and Reply-To

[Ian Zimmerman]

On 2018-05-31 12:25, Antony Stone wrote:

> Anyone is free to set a Reply-To header in the emails they send.  This
> will be preserved by the list server.
> 
> I believe both Ian and Bill are doing this, yes.

Correct.  But Reply-To doesn't mean "follow up with list posts to this
address"; it means "I don't want private replies on this list, ever".
The relevant header for normal list follow-ups is List-Post.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

Re: List From and Reply-To

[Palvelin Postmaster]

> On 31 May 2018, at 16:46, Reindl Harald  wrote:
> 
> Am 31.05.2018 um 12:16 schrieb Palvelin Postmaster:
>>> Begin forwarded message:
>>> 
>>> *From: *Ian Zimmerman mailto:i...@very.loosely.org>>
>>> *Subject: **Re: List From and Reply-To*
>>> *Date: *31 May 2018 at 8:24:11 EEST
>>> *To: *users@spamassassin.apache.org <mailto:users@spamassassin.apache.org>
>>> *Reply-To: *users@spamassassin.apache.org
>>> <mailto:users@spamassassin.apache.org>
>>> 
>>> On 2018-05-30 15:49, Palvelin Postmaster wrote:
>>> 
>>>> Why does this list apparently use the original From header of the
>>>> poster’s message and doesn't set a Reply-To header at all?
>>> 
>>> Because that is the only right way.
>>> 
>>> A list manager has no business modifying the contents of posted
>>> messages.  It should be satisfied with the humble role of forwarding
>>> them to subscribers (simplifying, but only slightly so).
>>> 
>>> If you want to reply to the list, use the appropriate UI in your
>>> client.  For example, in mutt I hit 'L' to send this post.
>> 
>> Are you and Bill Cole doing something different from other list members
>> because your emails appear to have a Reply-To header?
> 
> IT IS THE DECISION OF THE SENDER TO ADD A REPLY-TO-HEADER
> 
> hence your wish that the list-server should mangle mails is a broken idea

No need to shout. That point was already loud and clear from earlier posts. I 
was merely curious as to why some have a header and some don’t.

My vote goes to enabling most popular mail clients to reply to the list 
(instead of the poster) with a simple reply. I subscribe to many which do. UX 
ftw! Evidence seems to point out I’m alone with my opinion in this list and I 
can certainly live with that. :)


--
Palvelin.fi Hostmaster
postmas...@palvelin.fi

Re: Fwd: List From and Reply-To

[Antony Stone]

On Thursday 31 May 2018 at 12:16:04, Palvelin Postmaster wrote:

> > Begin forwarded message:
> > 
> > From: Ian Zimmerman 

> Are you and Bill Cole doing something different from other list members
> because your emails appear to have a Reply-To header?

Anyone is free to set a Reply-To header in the emails they send.  This will be 
preserved by the list server.

I believe both Ian and Bill are doing this, yes.

> --
> Palvelin.fi  Hostmaster
> postmas...@palvelin.fi 

The sig separator for email should have a space after the two dashes, so that 
MUAs can strip this automatically from the replies.

Also, a bit off-topic, but the URL in your sig does not accept connections, 
just in case you weren't aware.


Antony.

-- 
I want to build a machine that will be proud of me.

 - Danny Hillis, creator of The Connection Machine

   Please reply to the list;
 please *don't* CC me.

Fwd: List From and Reply-To

[Palvelin Postmaster]

> Begin forwarded message:
> 
> From: Ian Zimmerman 
> Subject: Re: List From and Reply-To
> Date: 31 May 2018 at 8:24:11 EEST
> To: users@spamassassin.apache.org
> Reply-To: users@spamassassin.apache.org
> 
> On 2018-05-30 15:49, Palvelin Postmaster wrote:
> 
>> Why does this list apparently use the original From header of the
>> poster’s message and doesn't set a Reply-To header at all?
> 
> Because that is the only right way.
> 
> A list manager has no business modifying the contents of posted
> messages.  It should be satisfied with the humble role of forwarding
> them to subscribers (simplifying, but only slightly so).
> 
> If you want to reply to the list, use the appropriate UI in your
> client.  For example, in mutt I hit 'L' to send this post.


Are you and Bill Cole doing something different from other list members because 
your emails appear to have a Reply-To header?


--
Palvelin.fi <http://palvelin.fi/> Hostmaster
postmas...@palvelin.fi <mailto:postmas...@palvelin.fi>

Re: List From and Reply-To

[Ian Zimmerman]

On 2018-05-30 15:49, Palvelin Postmaster wrote:

> Why does this list apparently use the original From header of the
> poster’s message and doesn't set a Reply-To header at all?

Because that is the only right way.

A list manager has no business modifying the contents of posted
messages.  It should be satisfied with the humble role of forwarding
them to subscribers (simplifying, but only slightly so).

If you want to reply to the list, use the appropriate UI in your
client.  For example, in mutt I hit 'L' to send this post.

Hope this helps :-P

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

Re: [Offtopic] List From and Reply-To

[Grant Taylor]

On 05/30/2018 04:02 PM, RW wrote:
OK, but when you said "The failure seems to be a result of how DMARC 
amalgamates the two with published policies" I thought you were claiming 
some kind of anomalous behaviour.


Ah.  Sorry for the confusion.

It's surely obvious that rewriting the envelope sender to a completely 
different domain will break SPF alignment in DMARC. There wouldn't be 
any point to DMARC if it didn't.


Agreed.  DMARC is meant to detect / report such misalignments.

I think DMARC is somewhat incompatible with the stated desired behavior 
of the SpamAssassin Users mailing list.  The typical SOP that I see is 
to mung the From: header so that messages appear to be from / via the 
mailing list.  This enables alignment between the envelope and the From: 
header.


This obviously breaks DKIM.  Which IMHO means that old (broken) DKIM 
needs to be stripped and (ideally) new DKIM signatures added as messages 
egress the list.


That was informational, some people do make that mistake. 


ACK



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Offtopic] List From and Reply-To

[RW]

On Wed, 30 May 2018 12:47:42 -0600
Grant Taylor wrote:

> On 05/30/2018 12:08 PM, RW wrote:
> > SPF passes on the rewritten envelope address, so it's not aligned
> > and it's just a matter of whether there's an aligned dkim pass.  
> 
> It depends on what the Forensic Report ("fo") option is set to in the 
> published DMARC policy.  Domain owners / record publishers can state 
> that any failure, including SPF misalignment, will cause a report to
> be sent.

OK, but when you said "The failure seems to be a result of how DMARC
amalgamates the two with published policies" I thought you were
claiming some kind of anomalous behaviour. 

It's surely obvious that rewriting the envelope sender to a completely
different domain will break SPF alignment in DMARC. There wouldn't be
any point to DMARC if it didn't.


> > The important thing is to not sign the list* headers in dkim.  
> 
> I did say that DKIM passed.  Which means that the list-* headers
> didn't cause the failure.

That was informational, some people do make that mistake. 

Re: [Offtopic] List From and Reply-To

[Bill Cole]

On 30 May 2018, at 17:19 (-0400), Luis E. Muñoz wrote:


On 30 May 2018, at 13:54, Bill Cole wrote:


On 30 May 2018, at 14:51 (-0400), Grant Taylor wrote:

Since Qualcom transferred the Eudora IP to the Computer History 
Museum and open sourced the source code, I expect that we will be 
seeing movement there in.  I think I've seen some references to 
projects to resurrect the code base within days of the announcement.


I wouldn't bet on a successful reanimation of the Eudora corpse for 
MacOS. My understanding from its developers at the time Qualcomm 
killed it in favor of re-skinning TBird (which also fizzled) is that 
the code was unmaintainable and required essentially a full rewrite 
to keep working on MacOS X given the ongoing rot in the Carbon APIs.


Also, IIRC, messages were kept in mbox-like files. That would 
certainly not scale well.


That's actually not a big issue, since they were mbox with an index in 
the resource fork or a sibling file and so did not suffer from the 
performance issues that simple mbox used simplistically has.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole

Re: [Offtopic] List From and Reply-To

[Luis E. Muñoz]

On 30 May 2018, at 14:30, Bill Cole wrote:

And if you can imagine this, both Thunderbird and MailMate choke on 
large mailboxes *even more* than Mail.app does.



I haven't had MM "choke" on large mailboxes in recent years. I wish 
Benny would just declare a 2.0 release to make it clear that MM today 
is much more solid than it was in 2015.


To further the point, one of the mailboxes I manage on this box has 95K+ 
messages. Apple Mail would choke to dead on this one. MM seems happy. I 
would give it another try as this is precisely the reason why I switched 
~2 years ago.


Best regards

-lem

Re: [Offtopic] List From and Reply-To

[Bill Cole]

On 30 May 2018, at 14:47 (-0400), Charles Sprickman wrote:

All email clients “generally suck”.  Thunderbird is not even 
actively developed anymore last I checked,


Check again. That's not been true for quite a while. I just dusted off 
TBird for the first time in 2 years and was treated to an update from 
v39 to v52, in 4 steps because apparently the autoupdate couldn't do it 
directly. 52.8.0 is 12 days old.



so that’s not really an option.


That really depends on what "actively developed" means. I'd have no 
problem at all using a MUA that was only maintained for security and bug 
fixes, if it had basic functionality nailed down.


And if you can imagine this, both Thunderbird and MailMate choke on 
large mailboxes *even more* than Mail.app does.


I haven't had MM "choke" on large mailboxes in recent years. I wish 
Benny would just declare a 2.0 release to make it clear that MM today is 
much more solid than it was in 2015.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole

Re: [Offtopic] List From and Reply-To

[Luis E. Muñoz]

On 30 May 2018, at 13:54, Bill Cole wrote:


On 30 May 2018, at 14:51 (-0400), Grant Taylor wrote:

Since Qualcom transferred the Eudora IP to the Computer History 
Museum and open sourced the source code, I expect that we will be 
seeing movement there in.  I think I've seen some references to 
projects to resurrect the code base within days of the announcement.


I wouldn't bet on a successful reanimation of the Eudora corpse for 
MacOS. My understanding from its developers at the time Qualcomm 
killed it in favor of re-skinning TBird (which also fizzled) is that 
the code was unmaintainable and required essentially a full rewrite to 
keep working on MacOS X given the ongoing rot in the Carbon APIs.


Also, IIRC, messages were kept in mbox-like files. That would certainly 
not scale well.


Best regards

-lem

Re: [Offtopic] List From and Reply-To

[Bill Cole]

On 30 May 2018, at 14:51 (-0400), Grant Taylor wrote:

> Since Qualcom transferred the Eudora IP to the Computer History Museum and 
> open sourced the source code, I expect that we will be seeing movement there 
> in.  I think I've seen some references to projects to resurrect the code base 
> within days of the announcement.

I wouldn't bet on a successful reanimation of the Eudora corpse for MacOS. My 
understanding from its developers at the time Qualcomm killed it in favor of 
re-skinning TBird (which also fizzled) is that the code was unmaintainable and 
required essentially a full rewrite to keep working on MacOS X given the 
ongoing rot in the Carbon APIs.


-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole


signature.asc
Description: OpenPGP digital signature

Re: [Offtopic] List From and Reply-To

[Grant Taylor]

On 05/30/2018 12:47 PM, Charles Sprickman wrote:
If I had a better option than some old command-line mess, I’d use it. 
Every 3-4 years I go on a hunt for a new Mac mail client and I always 
come up empty.  I’ve tried MailMate, Thunderbird, Postbox and just keep 
coming back to the (neglected) Mail.app.  I’m all ears if there’s 
something out there that can deal with 5 or 6 really large accounts well, 
AND does the right thing with mailing lists, I’m all ears.  I’ve not 
tried Outlook for Mac yet, maybe that’s the ticket?


I'd say that you can start looking at Eudora again in (I'm guessing) 6 ~ 
18 months.


Since Qualcom transferred the Eudora IP to the Computer History Museum 
and open sourced the source code, I expect that we will be seeing 
movement there in.  I think I've seen some references to projects to 
resurrect the code base within days of the announcement.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Offtopic] List From and Reply-To

[Grant Taylor]

On 05/30/2018 12:08 PM, RW wrote:
SPF passes on the rewritten envelope address, so it's not aligned and 
it's just a matter of whether there's an aligned dkim pass.


It depends on what the Forensic Report ("fo") option is set to in the 
published DMARC policy.  Domain owners / record publishers can state 
that any failure, including SPF misalignment, will cause a report to be 
sent.


IMHO simply relying on DKIM to validate is insufficient.

Further, it's not unheard of for something else (completely benign) to 
break DKIM (like 8-bit to 7-bit MIME transcoding).



It passes dmarc at gmail,


I've learned not to use Gmail as a measuring stick for what's good. 
Rather I use Gmail as for the low end, as if it fails Gmail then it's 
really broken.  Gmail has a number of things that are NOT up to a high bar.



so presumably the problem is with the service that sent the notices.


How is it a misconfiguration / misbehavior of the receiving DMARC filter 
for reporting a misalignment that it detected between the envelope from 
and the From header?


That sounds like "working as (intended|desired|configured)" to me.


The important thing is to not sign the list* headers in dkim.


I did say that DKIM passed.  Which means that the list-* headers didn't 
cause the failure.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Offtopic] List From and Reply-To

[Charles Sprickman]

> On May 30, 2018, at 10:25 AM, Bill Cole 
>  wrote:
> 
> On 30 May 2018, at 10:00, Palvelin Postmaster wrote:
> 
>>> On 30 May 2018, at 16:48, Antony Stone 
>>>  wrote:
>>> 
>>> On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:
>>> 
> On 30 May 2018, at 16:06, Matus UHLAR - fantomas 
> wrote:
> 
> On 30.05.18 15:49, Palvelin Postmaster wrote:
>> Hitting reply sends the response to poster directly
> 
> get a mail client that supports mailing lists. Mozilla should do.
 
 I see, the 'Mozzilla or stfu' policy ;D
>>> 
>>> No, Mozilla was just one example; there are many.
>>> 
>>> I, for example, use KMail
>> 
>> My Apple Mail/iPhone/iPad clients don’t. They all appear to be among Top 10 
>> email clients (https://emailclientmarketshare.com).
> 
> Which is unfortunate, because Apple Mail generally sucks. It seems to have 
> been put under the control of people who think Outlook 2003 was the pinnacle 
> of email clients. For MacOS, there are far better alternatives that include 
> Mozilla and MailMate. For iOS not so much, sadly.

All email clients “generally suck”.  Thunderbird is not even actively developed 
anymore last I checked, so that’s not really an option.  And if you can imagine 
this, both Thunderbird and MailMate choke on large mailboxes *even more* than 
Mail.app does.

If I had a better option than some old command-line mess, I’d use it.  Every 
3-4 years I go on a hunt for a new Mac mail client and I always come up empty.  
I’ve tried MailMate, Thunderbird, Postbox and just keep coming back to the 
(neglected) Mail.app.  I’m all ears if there’s something out there that can 
deal with 5 or 6 really large accounts well, AND does the right thing with 
mailing lists, I’m all ears.  I’ve not tried Outlook for Mac yet, maybe that’s 
the ticket? :)

Charles

ps - this email I’m replying to has a “Reply-To” header and Mail.app followed 
it.

> 
> Any mail client that does not have an easy way to view messages in raw 
> RFC5322, to create messages that follow RFC3676, and to set Reply-To and From 
> headers arbitrarily is unfit for use in the modern world no matter how many 
> people use it because switching is hard.
> 
>> I wonder if Gmail, Outlook variants and the Android mail clients do?
> 
> K9Mail for Android did, when last I used Android (many years ago.) Modern 
> Outlook on Windows does (or did, as of 2010.) I don't think I've ever used 
> the GMail web interface for anything beyond testing the GMail web interface, 
> so I can't speak to it as a MUA for mailing lists.

Re: [Offtopic] List From and Reply-To

[RW]

On Wed, 30 May 2018 11:45:12 -0600
Grant Taylor wrote:

> On 05/30/2018 09:34 AM, Grant Taylor wrote:
> > Now to see what sort of DMARC notifications (if any) I get for this
> > reply.  
> 
> I have received four DMARC auth-failure notifications (thus far) in 
> response to my message to the SpamAssassin Users mailing list.
> 
> It looks like the reports are indicating that they consider the
> message to have failed DMARC alignment tests because the From: header
> had my domain name in a message did not originating from my servers.
> 
> Independent SPF and DKIM tests did pass.  The failure seems to be a 
> result of how DMARC amalgamates the two with published policies.

SPF passes on the rewritten envelope address, so it's not aligned and
it's just a matter of whether there's an aligned dkim pass.

It passes dmarc at gmail, so presumably the problem is with the service
that sent the notices.

The important thing is to not sign the list* headers in dkim.

Re: [Offtopic] List From and Reply-To

[Grant Taylor]

On 05/30/2018 09:34 AM, Grant Taylor wrote:

Now to see what sort of DMARC notifications (if any) I get for this reply.


I have received four DMARC auth-failure notifications (thus far) in 
response to my message to the SpamAssassin Users mailing list.


It looks like the reports are indicating that they consider the message 
to have failed DMARC alignment tests because the From: header had my 
domain name in a message did not originating from my servers.


Independent SPF and DKIM tests did pass.  The failure seems to be a 
result of how DMARC amalgamates the two with published policies.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Offtopic] List From and Reply-To

[Grant Taylor]

On 05/30/2018 08:43 AM, Bill Cole wrote:
Note that changing the From header would break all DKIM signatures and 
forcing a Reply-To would break many.


That's where validating & striping DKIM signatures as the message enters 
the list comes into play.  Preferably followed up with DKIM signing as 
messages exists the list.


Now to see what sort of DMARC notifications (if any) I get for this reply.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Offtopic] List From and Reply-To

[Bill Cole]

On 30 May 2018, at 10:25, Bill Cole wrote:


On 30 May 2018, at 10:00, Palvelin Postmaster wrote:

On 30 May 2018, at 16:48, Antony Stone 
 wrote:


On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:

On 30 May 2018, at 16:06, Matus UHLAR - fantomas 


wrote:

On 30.05.18 15:49, Palvelin Postmaster wrote:

Hitting reply sends the response to poster directly


get a mail client that supports mailing lists. Mozilla should do.


I see, the 'Mozzilla or stfu' policy ;D


No, Mozilla was just one example; there are many.


Grumble. Not enough coffee.

Make that "Thunderbird (the Mozilla MUA)" rather than "Mozilla."

Re: [Offtopic] List From and Reply-To

[Bill Cole]

On 30 May 2018, at 8:49, Palvelin Postmaster wrote:

Why does this list apparently use the original From header of the 
poster’s message and doesn't set a Reply-To header at all?


1. Traditional standard practice. Doing otherwise in either case would 
offend more people than sticking with the hands-off approach.


2. Inertia. For whatever reason, the choice was made in the misty past 
to use qmail & ezmlm for Apache lists. These are de facto orphanware 
programs that have licensing hostile to anyone seeking to adopt them. 
Backporting features into old software takes work and testing, and no 
one has seen it as worthwhile to do so for any DJB-ware as far as I 
know.



Hitting reply sends the response to poster directly and DMARC failures 
occur when posting to list. Not very elegant.


Really? Not that I see:


DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=palvelin.fi; h=from
:content-type:content-transfer-encoding:mime-version:subject
:message-id:date:to; s=posti; bh=nJX2juVBl5ckhxk/l1RP4IpkEFGPHhZ
EKwAofBCnE/g=; b=BrKOw1EEdgBfVBxvpDLldyNXc5o2Cv0v6tIpSgK9roKd/4q
cNQRljKNvc4PjZ94h7gbVFc3G0NzYs2vRMMywxAkMKUcBOhcZBRTb7S10qsWntPA
vaLimWqfYph7zPrICAcFC92IwTv1JO2oRdIw9e11QOT0iB5mgKJLZ65DVjSQ=
Received: from [188.238.10.162] (account postmas...@palvelin.fi HELO 
dhcp76.vallden.com)

  by palvelin.fi (CommuniGate Pro SMTP 6.2.4)
  with ESMTPSA id 10162444 for users@spamassassin.apache.org; Wed, 30 
May 2018 15:49:40 +0300

From: Palvelin Postmaster 
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: [Offtopic] List From and Reply-To
Message-Id: <0e34bd1b-73e5-4d31-83e4-124cfd99f...@palvelin.fi>
Date: Wed, 30 May 2018 15:49:38 +0300
To: users@spamassassin.apache.org
X-Mailer: Apple Mail (2.3445.6.18)
X-Spam-Source: 140.211.0.0/16 on AS3701 via ** FI FI in en
X-Spam-Hops: Trusted_** **FI FIFI X-Spam-Score: -22.21 () 
AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SCC_DEBUG,SCC_DEBUG_RAW_LINE,SCC_DEBUG_WL,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_SPF_WL,USER_IN_SPF_WHITELIST,USER_IN_WHITELIST_TO


Note that changing the From header would break all DKIM signatures and 
forcing a Reply-To would break many.

Re: [Offtopic] List From and Reply-To

[Bill Cole]

On 30 May 2018, at 10:00, Palvelin Postmaster wrote:

On 30 May 2018, at 16:48, Antony Stone 
 wrote:


On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:

On 30 May 2018, at 16:06, Matus UHLAR - fantomas 


wrote:

On 30.05.18 15:49, Palvelin Postmaster wrote:

Hitting reply sends the response to poster directly


get a mail client that supports mailing lists. Mozilla should do.


I see, the 'Mozzilla or stfu' policy ;D


No, Mozilla was just one example; there are many.

I, for example, use KMail


My Apple Mail/iPhone/iPad clients don’t. They all appear to be among 
Top 10 email clients (https://emailclientmarketshare.com).


Which is unfortunate, because Apple Mail generally sucks. It seems to 
have been put under the control of people who think Outlook 2003 was the 
pinnacle of email clients. For MacOS, there are far better alternatives 
that include Mozilla and MailMate. For iOS not so much, sadly.


Any mail client that does not have an easy way to view messages in raw 
RFC5322, to create messages that follow RFC3676, and to set Reply-To and 
From headers arbitrarily is unfit for use in the modern world no matter 
how many people use it because switching is hard.



I wonder if Gmail, Outlook variants and the Android mail clients do?


K9Mail for Android did, when last I used Android (many years ago.) 
Modern Outlook on Windows does (or did, as of 2010.) I don't think I've 
ever used the GMail web interface for anything beyond testing the GMail 
web interface, so I can't speak to it as a MUA for mailing lists.

Re: [Offtopic] List From and Reply-To

[Palvelin Postmaster]

> On 30 May 2018, at 16:48, Antony Stone 
>  wrote:
> 
> On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:
> 
>>> On 30 May 2018, at 16:06, Matus UHLAR - fantomas 
>>> wrote:
>>> 
>>> On 30.05.18 15:49, Palvelin Postmaster wrote:
 Hitting reply sends the response to poster directly
>>> 
>>> get a mail client that supports mailing lists. Mozilla should do.
>> 
>> I see, the 'Mozzilla or stfu' policy ;D
> 
> No, Mozilla was just one example; there are many.
> 
> I, for example, use KMail

My Apple Mail/iPhone/iPad clients don’t. They all appear to be among Top 10 
email clients (https://emailclientmarketshare.com).

I wonder if Gmail, Outlook variants and the Android mail clients do?


--
Palvelin.fi Hostmaster
postmas...@palvelin.fi

Re: [Offtopic] List From and Reply-To

[Antony Stone]

On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:

> > On 30 May 2018, at 16:06, Matus UHLAR - fantomas 
> > wrote:
> > 
> > On 30.05.18 15:49, Palvelin Postmaster wrote:
> >> Hitting reply sends the response to poster directly
> > 
> > get a mail client that supports mailing lists. Mozilla should do.
> 
> I see, the 'Mozzilla or stfu' policy ;D

No, Mozilla was just one example; there are many.

I, for example, use KMail, and in the headers of your original posting in the 
thread I see:

From: Palvelin Postmaster 
List-Post: 

There is no Reply-To header.

When I click on "Reply" my MUA automatically offers me 
users@spamassassin.apache.org


Regards,


Antony.

-- 
Police have found a cartoonist dead in his house.  They say that details are 
currently sketchy.

   Please reply to the list;
 please *don't* CC me.

Re: [Offtopic] List From and Reply-To

[Palvelin Postmaster]

> On 30 May 2018, at 16:06, Matus UHLAR - fantomas  wrote:
> 
> On 30.05.18 15:49, Palvelin Postmaster wrote:
> 
>> Hitting reply sends the response to poster directly 
> 
> get a mail client that supports mailing lists. Mozilla should do. 

I see, the 'Mozzilla or stfu' policy ;D


>> and DMARC failures occur when posting to list.
> 
> where you did get this feeling?

I get these:

Authentication-Results: mailchk-m06.uwaterloo.ca;
dkim=fail reason="signature verification failed" (1024-bit key) 
header.d=palvelin.fi header.i=@palvelin.fi header.b="jkScMTCb"
Received: from mx-104.cs.uwaterloo.ca (localhost [127.0.0.1])
by mx-104.cs.uwaterloo.ca (8.15.2/8.15.2/Debian-3) with ESMTPS id 
w4UCfMd0017123
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for ; Wed, 30 May 2018 08:41:23 -0400
Received: (from arpepper@localhost)
by mx-104.cs.uwaterloo.ca (8.15.2/8.15.2/Submit) id w4UCfMdf017105
for arpep...@connect.uwaterloo.ca; Wed, 30 May 2018 08:41:22 -0400
X-Authentication-Warning: mx-104.cs.uwaterloo.ca: arpepper set sender to 
users-return-118335-arpepper=uwaterloo...@spamassassin.apache.org using -f
Received: from mailchk-m06.uwaterloo.ca (mailchk-m06.uwaterloo.ca 
[129.97.128.242])
by mx-104.cs.uwaterloo.ca (8.15.2/8.15.2/Debian-3) with ESMTPS id 
w4UCfKNh017011
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for ; Wed, 30 May 2018 08:41:20 -0400
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by mailchk-m06.uwaterloo.ca (8.14.7/8.14.7) with SMTP id w4UCfELi016200
for ; Wed, 30 May 2018 08:41:17 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mailchk-m06.uwaterloo.ca w4UCfELi016200
Authentication-Results: mailchk-m06/w4UCfELi016200; dmarc=fail (p=reject 
dis=none) header.from=palvelin.fi
Authentication-Results: mailchk-m06; spf=pass 
smtp.mailfrom=users-return-118335-arpepper=uwaterloo...@spamassassin.apache.org
DKIM-Filter: OpenDKIM Filter v2.11.0 mailchk-m06.uwaterloo.ca w4UCfELi016200
Received: (qmail 35995 invoked by uid 500); 30 May 2018 12:41:13 -
Mailing-List: contact users-h...@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: 
list-unsubscribe: 
List-Post: 
List-Id: 
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 35985 invoked by uid 99); 30 May 2018 12:41:12 -
Received: from pnap-us-west-generic-nat.apache.org (HELO 
spamd2-us-west.apache.org) (209.188.14.142)
  by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 May 2018 12:41:12 +
Received: from localhost (localhost [127.0.0.1])
by spamd2-us-west.apache.org (ASF Mail Server at 
spamd2-us-west.apache.org) with ESMTP id 949B31A3964
for ; Wed, 30 May 2018 12:41:12 + 
(UTC)
X-Virus-Scanned: clamav-milter 0.99.3 at mailchk-m06
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
dkim=pass (1024-bit key) header.d=palvelin.fi
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 
10024)
with ESMTP id JzvfQbYYETXI for ;
Wed, 30 May 2018 12:41:10 + (UTC)
Received: from palvelin.fi (posti.palvelin.fi [83.150.109.27])
by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with 
ESMTPS id AC16F5F41C
for ; Wed, 30 May 2018 12:41:09 + 
(UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=palvelin.fi; h=from
:content-type:content-transfer-encoding:mime-version:subject
:date:references:to:in-reply-to:message-id; s=posti; bh=qrKsgf7y
rsJ0+f0QDK4L7U+3vAjhqmb1yo8CjtAWnnc=; b=jkScMTCbksH9eVaBvuIGeTUw
sqmCcW4bY65Og4aOUpTqw9jH2PSgGhsxKf9Vkq0VV0kscmiOtVCAKWDajEWUjFhL
Xf+R+qMkCtJaySGpkIQf4Q1cMP7pEG0+KX58D3tlzOAAua+cJhX70Wg7IwBaqQcq
IZNRZRnEAjYZx+cIBE4=
Received: from [188.238.10.162] (account postmas...@palvelin.fi HELO 
dhcp76.vallden.com)
by palvelin.fi (CommuniGate Pro SMTP 6.2.4)
with ESMTPSA id 10162425 for users@spamassassin.apache.org; Wed, 30 May 2018 
15:41:08 +0300
From: Palvelin Postmaster 
Content-Type: text/plain;
charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: Re: rewrite_header Subject and Bayes
Date: Wed, 30 May 2018 15:41:07 +0300
References: <257e510f-ab68-4e22-8a6b-552f59af3...@palvelin.fi>
<20180530122146.gb24...@fantomas.sk>
To: users@spamassassin.apache.org
In-Reply-To: <20180530122146.gb24...@fantomas.sk>
Message-Id: 

Re: [Offtopic] List From and Reply-To

[Alex Woick]

Palvelin Postmaster schrieb am 30.05.2018 um 14:49:

Why does this list apparently use the original From header of the poster’s 
message and doesn't set a Reply-To header at all?

Hitting reply sends the response to poster directly and DMARC failures occur 
when posting to list. Not very elegant.


I use Thunderbird, and for postings on this list, a "Reply list" button 
appears in addition to the usual reply button. So I can reply to the 
list only, to the list and cc to the poster, or to the poster only. 
Messages also appear on this list without DMARC failures, because they 
get mailfrom envelope address from the mailinglist software. It's all fine.

Re: [Offtopic] List From and Reply-To

[Matus UHLAR - fantomas]

On 30.05.18 15:49, Palvelin Postmaster wrote:

Why does this list apparently use the original From header of the poster’s
message and doesn't set a Reply-To header at all?


because it's the standard behaviour.

Hitting reply sends the response to poster directly 


get a mail client that supports mailing lists. Mozilla should do. 
This mailing lists sets headers required for list handling:


List-Post: 

note that
1. there are cases when you want to reply personally
2. Reply-To: is supposed to be set by sending user, not someone in between.


and DMARC failures occur when posting to list.


where you did get this feeling?

Those would happen if the list changed the original (or any DKIM-digned)
header, or set envelope sender to the original poster.

Neither does happen. 
At least not unless someone configures outgoing MTA to DKIM-sign headers

that may change on the way (e.g. Received:)



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot. 

[Offtopic] List From and Reply-To

[Palvelin Postmaster]

Why does this list apparently use the original From header of the poster’s 
message and doesn't set a Reply-To header at all?

Hitting reply sends the response to poster directly and DMARC failures occur 
when posting to list. Not very elegant.