Re: [DNG] meta: list
On 9/9/22 3:24 am, Simon Hobson wrote: Marjorie Roome via Dng wrote: I configure strict postfix rules that incoming mail should have a reverse DNS. I find grey-listing to be by far the most effective spam blocker. I use postscreen rather than grey-listing. It does much the same delay function as grey-listing but also does timing and protocol violation checks https://www.postfix.org/POSTSCREEN_README.html https://www.linuxbabe.com/mail-server/configure-postscreen-in-postfix-to-block-spambots It does require a few minutes thinking about your master.cf structure, but that's a good thing anyway. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Marjorie Roome via Dng wrote: > I configure strict postfix rules that incoming mail should have a > reverse DNS. Ah, we’re talking two different checks. I too reject connections if there’s no reverse DNS, but ideally that reverse DNS should forward resolve to a list (one or more IPs) containing the IP of the connecting device. It’s this latter bit that people seem too incapable of getting right. But while rejecting “no reverse DNS” does block a lot, there is a lot of spam that comes from addresses that have generic reverse DNS entries - many ISPs have reverse DNS setup for their customer IP ranges along the lines of a-b-c-d.dynamic.ispname.net. I find grey-listing to be by far the most effective spam blocker. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, 2022-09-08 at 11:29 +, jkinne...@yahoo.ca wrote: > Would anyone have the infrastructure to help us less advantaged FOSS > advocates > who got trampled on by big tech and the pandemic with the appropriate email > address > to stay involved in the discussion if this experiment happens? I don't understand the preceding question. > I just got here and I > love it. I'd otherwise need a bit more time if all the wise old veterans are > leaving to go > somewhere else :) Whoaaa! As far as I know, neither I nor anybody else was advocating changing or abandoning THIS list. I would be very against that. I thought we were talking about an SMTP that would bounce gmail krap and not bounce DMARC, DKIM, OATH2 and all the other clutterment the big boys are using to try to marginalize email so their walled gardens have no competition. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Would anyone have the infrastructure to help us less advantaged FOSS advocates who got trampled on by big tech and the pandemic with the appropriate email address to stay involved in the discussion if this experiment happens? I just got here and I love it. I'd otherwise need a bit more time if all the wise old veterans are leaving to go somewhere else :) Thanks! Jason On Thursday, September 8, 2022, 03:48:19 a.m. PDT, Steve Litt wrote: On Thu, 2022-09-08 at 10:29 +0200, marc wrote: > > I am considering starting an admin list, where one can only > subscribe with an address starting with admin@... and > perhaps only one admin@... per IP. I suggest a name other than admin@, because people are probably using admin@ for other purposes already. Maybe something like cleanmail@. I could subscribe with cleanm...@troubleshooters.com . I deleted your rant, but see a lot of value in your rant and would like to participate in your experiment, if you do it. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, 2022-09-08 at 10:29 +0200, marc wrote: > > I am considering starting an admin list, where one can only > subscribe with an address starting with admin@... and > perhaps only one admin@... per IP. I suggest a name other than admin@, because people are probably using admin@ for other purposes already. Maybe something like cleanmail@. I could subscribe with cleanm...@troubleshooters.com . I deleted your rant, but see a lot of value in your rant and would like to participate in your experiment, if you do it. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Gregory Nowak was quoted by Simon Hobson: > > I have toyed more than once with the question of what would happen if > > a group of us running our own mail exchanges made the choice to > > reject mail from gmail.com with a 550? If a few of us did it, we might > > miss mail we maybe wanted to get. If a bunch of us did it, then a > > bunch of gmail users would complain to google. My guess is google's > > response would be "this is a free service; if it doesn't work for you, > > then don't use it.??? > > No, I'll tell you what Google's response will be : > > "Our system is working fine, the other system is broken". > Don't forget that this is a company that is quite happy to > simply change the rules on the basis that it's big enough that > the rest of the world will adapt. Look at the history of stuff > they've "just changed" because it suits them. Sticking > with email, they were one of the first to implement SPF > fully knowing that it would break most mailing lists and > mail forwarders around the world - and so most mailing lists > around the world had to update software & change setups to suit > Google's* new set of "how email is to work" rules. I know, > I had a customer facing mail server** and mailing list server. I am considering starting an admin list, where one can only subscribe with an address starting with admin@... and perhaps only one admin@... per IP. While I support the right of consenting adults to indulge in various risky behaviours, including bending over for surveillance capitalists, I'd like to think that a more selective list would lead to more worthwhile conversations. I am perhaps a bit unkind when I say we have reached the point where many people have been so captured by google and similar that a form of Stokholm syndrome has set in, and that useful conversation is often derailed with "but actually I like ads that are relevant to my interests", "the upgrade/feature treadmill is fun, and keeps us all safe/buying stuff" - and I regard the entire SPF/DKIM/DMARC/SRS/nonsense part of this. I remember the propaganda being that encrypted mail is too hard to implement, dear Barbie: And yet here we are - we now are supposed to have full on signatures in every mail, yet the keys aren't held by the user, and the mail isn't private, and google spams me anyway - WTF, where did we go wrong ? I suppose I am derailing things - but if you think the admin@ list is something worth doing, let me know (off list is fine too) regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hi Simon, On Sun, 2022-09-04 at 21:22 +0100, Simon Hobson wrote: > declassed art via Dng wrote: > > > I do have an unconfigured PTR for a couple of reasons, one > > of those is lack of static IP for now. > > I figured out quite quickly that checking reverse DNS is a waste of > time - too many systems, even those run by professional > network/server engineers, are just badly configured. > My experience (running a small family mail server on the premises, but of course with a fixed IP - I'm with Zen in the UK) is the opposite of this. I configure strict postfix rules that incoming mail should have a reverse DNS. Here's my recent traffic: 3490 received 3444 delivered 43 forwarded 1 deferred (1 deferrals) 0 bounced 1799 rejected (34%) Of those rejected: 974 Cannot find your reverse hostname 283 Helo command rejected: Host not found 251 Cannot find your hostname 23 Helo command rejected: need fully-qualified hostname 16 Recipient address rejected: User unknown Message that pass my postfix filters are then scored by my spamfilter rspamd: 222 Rejected by rspamd (mix of 4.7.1 try again later or 5.7.1 spam message rejected). In practice most greylisted 'try again laters' that do try again then end up in the users spam folders for them to evaluate and if necessary recategorise. So checking for a valid reverse DNS is my most effective filter. Only very rarely is it rejecting mail from anyone I'm expecting mail from: by inspection they are all obvious spam addresses and of course if they have a genuine reason to email me they are getting the message that their mail isn't getting through because they have no reverse DNS. -- Marjorie ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
> Maybe related news, and some more reading: > > https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ No, it is not related, he just needs to get SRS implemented. Regards, Adrian. signature.asc Description: This is a digitally signed message part. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
declassed art via Dng wrote: > I do have an unconfigured PTR for a couple of reasons, one of those is lack > of static IP for now. I figured out quite quickly that checking reverse DNS is a waste of time - too many systems, even those run by professional network/server engineers, are just badly configured. Gregory Nowak via Dng wrote: > I have toyed more than once with the question of what would happen if > a group of us running our own mail exchanges made the choice to > reject mail from gmail.com with a 550? If a few of us did it, we might > miss mail we maybe wanted to get. If a bunch of us did it, then a > bunch of gmail users would complain to google. My guess is google's > response would be "this is a free service; if it doesn't work for you, > then don't use it.” No, I’ll tell you what Google’s response will be : “Our system is working fine, the other system is broken”. Don’t forget that this is a company that is quite happy to simply change the rules on the basis that it’s big enough that the rest of the world will adapt. Look at the history of stuff they’ve “just changed” because it suits them. Sticking with email, they were one of the first to implement SPF fully knowing that it would break most mailing lists and mail forwarders around the world - and so most mailing lists around the world had to update software & change setups to suit Google’s* new set of “how email is to work” rules. I know, I had a customer facing mail server** and mailing list server. * OK, they weren’t the only ones, but they were one of the first. In the network world, Android devices don’t work on managed networks using DHCPv6 for address assignment. For idealogical reasons, they don’t support DHCPv6 and even actively block third party support (by pressuring chipset manufacturers to block the packets in the hardware). I could be flippant and suggest it’s because they see it as their job to snoop on people and using DHCP allows network admins to do that, but it’s mostly because they are interested only in mobile applications and refuse to consider the needs of any other environment (even where it’s a legal requirement). In the web world they are pushing for “SSL or it doesn’t exist” despite the fact that it does actually cost money** to add SSL and there are situations (such as supporting older hardware) where there is no SSL and never will be. And of course, there’s the shenanigans with QUIK and DoH ... So basically, Google’s attitude is that if some other system doesn’t work with their offering - then it’s the other system that’s broken. And they are big enough that they can get away with that, especially when they are able to tell users who complain that that’s the case. ** When SPF started getting applied, clients started seeing problems. Ideally we’d have them set up an account in their mail client to get mail from our server using IMAP, but many customers would refuse to do that - “I want my mail in my inbox”. Trying to explain why that’s not a good idea is an exercise in futility. So once their ISP is checking SFP, they no longer get any emails from sources setting SPF - and it’s our fault that the client insists on doing the broken way. Instead, they’d say it’s because out mail server is faulty - because that’s what their ISP (usually using an ISP mail account) told them and apparently the hell desks at the big ISPs are more honest that a small IT services company where they can be on first name terms with the staff. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Fri 02/Sep/2022 22:09:27 +0200 marc wrote: But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) I think OVH allows classless delegation or at least setting PTRs for fixed IPs. I'd guess it's laziness the reason why it isn't set. The list has no DKIM signature, which is another sign of it. However, they have a good SPF record. Aha - now that you mention it: $ dig +nocmd +short dyne.org txt "google-site-verification=6FghqJroXIvBY8cutq6ouO0RC-a8qynFu6sJR3S-IbA" "v=spf1 mx ip4:162.19.139.95/32 ip4:195.169.149.119/32 ip4:213.127.207.66/32 ip4:141.95.83.167/32 ip4:141.95.47.84/32 -all" "google-site-verification=xUtkCygX3roBSYAEh01x4JWAYzvUarh3igtFGUu99v8" "google-site-verification=Jl4hhjC5wPXP1owryns13qpeuEksWw_m-8lWNL_Kleg" "google-site-verification=2XoWrMMTQ7jmgcB_76Y_TQSnWDGhR4e-y_KLqoKOK1Q" Maybe it is not the spf line that makes a difference here but the other gunk. I worry that takes us ever closer to changing the E in email to a G. No, those records seem to be for the web, not for email. Maybe related news, and some more reading: https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ The reason why Google breaks email is not their getting stricter. That blog surprised me when it says that a company cannot afford disk space to hold email for its employees! Best Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hello > >But look here: This is the sending host for the DNG mailing list: > > > > Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) > > > I think OVH allows classless delegation or at least setting PTRs for fixed > IPs. I'd guess it's laziness the reason why it isn't set. The list has no > DKIM signature, which is another sign of it. However, they have a good SPF > record. Aha - now that you mention it: $ dig +nocmd +short dyne.org txt "google-site-verification=6FghqJroXIvBY8cutq6ouO0RC-a8qynFu6sJR3S-IbA" "v=spf1 mx ip4:162.19.139.95/32 ip4:195.169.149.119/32 ip4:213.127.207.66/32 ip4:141.95.83.167/32 ip4:141.95.47.84/32 -all" "google-site-verification=xUtkCygX3roBSYAEh01x4JWAYzvUarh3igtFGUu99v8" "google-site-verification=Jl4hhjC5wPXP1owryns13qpeuEksWw_m-8lWNL_Kleg" "google-site-verification=2XoWrMMTQ7jmgcB_76Y_TQSnWDGhR4e-y_KLqoKOK1Q" Maybe it is not the spf line that makes a difference here but the other gunk. I worry that takes us ever closer to changing the E in email to a G. Maybe related news, and some more reading: https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu 01/Sep/2022 23:22:13 +0200 marc wrote: It's imperative that you have rdns, spf, dkim and dmarc set up and that it all matches. My MTA will reject you if your ptr doesn't match your a record and your helo/ehlo hostname. spf, dkim and dmarc are all scored via spamassassin. Google rejects, outright, if there is any sort of mismatch in any of that at all. Setting up dnssec for your domain is also helpful. DNG list traffic comes through just fine. But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) I think OVH allows classless delegation or at least setting PTRs for fixed IPs. I'd guess it's laziness the reason why it isn't set. The list has no DKIM signature, which is another sign of it. However, they have a good SPF record. As you can see that reverse IP doesn't match what the SMTP server connects as. So I am actually not quite sure if your MX is as strict as you claim it to be ? Or am I missing something ? Do you have a different Received header - it should be one of the first lines of every message ? And your server isn't alone in being not quite as strict as claimed: Curtis said his MTA weights authentication along with a bunch of other factors to get a message score. That's fuzzy, but sometimes works. Despite the received wisdom that one had to have SPF+DKIM+DMARC+YOLO+SPQR+WTF :) set up to send mail to the dominant email servers, this wasn't actually true: At least until last week I managed to get mail accepted reliably by google despite having only a proper MX and reverse DNS entry - nothing else, not even SPF. And given that real people answered to those mails, most of them did not end up in their spam folders either. But this seems to have changed recently... hence this thread. Reverse DNS was already in use by some MTAs (and FTP servers) when I started to connect to the Internet. SPF came short afterwards, in the early 2000. My first DKIM filter appeared in 2010. DMARC still has no "standard" spec. It is coming very slowly, not only for inertia and indolence of mail operators, but also. The original anti-spam recipe, to block key words or phrases in the message body, is faulty. Against phishing, it's definitely disastrous. The point of domain-based authentication is to allow domains to earn a reputation, so that good actors can be trusted and messages accepted or rejected on a solid basis. The alternative for Internet mail is to go Bananas[*], methinks. Best Ale -- [*] https://en.wikipedia.org/wiki/Bananas_(film) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On 01-09-2022 23:46, marc wrote: Hello I use gmail, and seem to be getting email from this list. I wonder if it is because I have it skip the inbox, and go straight into a different label. I think you are on to something: It could well be that there has been a shift to using how the recipients organise their gmail (do you sort it into a high value folder, do you reply to it, do you star it, etc, etc) as a factor in the decision to reject email at the SMTP transaction. That might explain why a small subset of gmail users still get to see the DNG messages ... if the heuristics are local to a user. Which seems reasonable, otherwise a spammer could sign up and superlike the their own spam, guaranteeing delivery for others too... Though I am not sure I should expend the energy to run some tomography on these interactions, in order to discover the heuristics that google actually uses - with apologies to the hitch-hikers guide to the galaxy: As soon as we have an explanation, the system will be replaced by an even more complex set of rules. What it does seem to mean is that gmail users are likely missing some legitimate messages completely - without even a trace in their spam folders. I suppose that is just another instance of the Availability vs Integrity vs Confidentiality Tradeoff that underlies most of Computer Security... though I for one like to make that call myself rather than having some AI try infer that from my mail reading behaviour. regards marc Not for to use this list but i do have a gmail account as spamcatcher for a publicly visible mail address. I never use the web interface though but use Thunderbird to handle that account. So i do not see fancy lines or high value folders or am using stars. So far Google does handle spam correctly and I do not have to search that often in the spam folder. I recommend this for all gmail users. I do run my own MTA (three of them actually) and noticed a rejection by gmail the moment I got IPv6 and forgot to set reverse DNS for it. So rDNS is a thing for gettingaccepted by gmail. Grtz. Nick ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On 2022-08-31 10:04, Curtis Maurand wrote: I’ve been running my own MTA for 15+ years. occasionally I get bounced. recently was bounced by sbcglobal (AT) who doesn’t respond to removal requests. It’s definitely a PITA. However, in all fairness, I was sending to a large group (25 or so)and that might have done it. It’s imperative that you have rdns, spf, dkim and dmarc set up and that it all matches. My MTA will reject you if your ptr doesn’t match your a record and your helo/ehlo hostname. spf, skim and dmarc are all scored via spamassassin. Google rejects, outright, if there is any sort of mismatch in any of that at all. Setting up dnssec for your domain is also helpful. DNG list traffic comes through just fine. Cheers —Curtis I have also run afoul of sbcglobal (AT) for no apparent reason recently and also several other times over the years and yes, there seems to be no recourse to resolve it. A bit heavy handed but not unexpected from a corporate behemoth like ATT. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hello > I use gmail, and seem to be getting email from this list. I wonder if it > is because I have it skip the inbox, and go straight into a different > label. I think you are on to something: It could well be that there has been a shift to using how the recipients organise their gmail (do you sort it into a high value folder, do you reply to it, do you star it, etc, etc) as a factor in the decision to reject email at the SMTP transaction. That might explain why a small subset of gmail users still get to see the DNG messages ... if the heuristics are local to a user. Which seems reasonable, otherwise a spammer could sign up and superlike the their own spam, guaranteeing delivery for others too... Though I am not sure I should expend the energy to run some tomography on these interactions, in order to discover the heuristics that google actually uses - with apologies to the hitch-hikers guide to the galaxy: As soon as we have an explanation, the system will be replaced by an even more complex set of rules. What it does seem to mean is that gmail users are likely missing some legitimate messages completely - without even a trace in their spam folders. I suppose that is just another instance of the Availability vs Integrity vs Confidentiality Tradeoff that underlies most of Computer Security... though I for one like to make that call myself rather than having some AI try infer that from my mail reading behaviour. regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hello > It???s imperative that you have rdns, spf, dkim and dmarc set up and that it > all matches. > > My MTA will reject you if your ptr doesn???t match your a record and your > helo/ehlo hostname. spf, skim and dmarc are all scored via spamassassin. > Google rejects, outright, if there is any sort of mismatch in any of that at > all. Setting up dnssec for your domain is also helpful. > > DNG list traffic comes through just fine. But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) As you can see that reverse IP doesn't match what the SMTP server connects as. So I am actually not quite sure if your MX is as strict as you claim it to be ? Or am I missing something ? Do you have a different Received header - it should be one of the first lines of every message ? And your server isn't alone in being not quite as strict as claimed: Despite the received wisdom that one had to have SPF+DKIM+DMARC+YOLO+SPQR+WTF :) set up to send mail to the dominant email servers, this wasn't actually true: At least until last week I managed to get mail accepted reliably by google despite having only a proper MX and reverse DNS entry - nothing else, not even SPF. And given that real people answered to those mails, most of them did not end up in their spam folders either. But this seems to have changed recently... hence this thread. regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu 01/Sep/2022 18:33:48 +0200 Hendrik Boom wrote: On Thu, Sep 01, 2022 at 11:30:43AM +1000, onefang wrote: The problem with PTRs is that I run several domains from the one IP address, and PTR can only point to one of those. It costs money to get more IPs, my pension is barely coping with the recent cost of living increases. That is what MX records are for. It's straightforward to set up mail.example.com with its PTR having a single name that matches. Then, for all the other domains set the MX to it. For example: whatever.domain IN MX 2 mail.example.com. the HELO (or EHLO) command also uses mail.example.com. Nobody will notice any difference unless the analyze the message header. From: uses the virtual domain . DKIM signatures with d=whatever.domain. SPF records at whatever.domain have the address of mail.example.com. DMARC record for whatever.domain has rua=reports@whatever.domain. If IP's are expensive, would it help to switch to IPv6? Not all MXes have IPv6 address. You need an IPv4 to send to an IPv4-only MX. Google is said to be more severe with mail coming from IPv6 addresses. HTH Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, Sep 01, 2022 at 11:30:43AM +1000, onefang wrote: > > The problem with PTRs is that I run several domains from the one IP > address, and PTR can only point to one of those. It costs money to get > more IPs, my pension is barely coping with the recent cost of living > increases. If IP's are expensive, would it help to switch to IPv6? -- hendrik kk ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On 2022-08-31 11:04:51, Curtis Maurand wrote: > > > Sent from my iPhone > > > On Aug 31, 2022, at 10:39 AM, marc wrote: > > > > Hi > > > > Just a quick note that in the last week or so google seems > > have ratcheted up its rejection of mail from independent MTAs > > a notch or two. > > > > IF you check your logs, you might see 550 rejects with a message > > such as > > > > Our system has detected that this message is likely > > unsolicited mail. To reduce the amount of spam sent > > to Gmail, this message has been blocked. Please visit > > https://support.google.com/mail/?p=UnsolicitedMessageError > > for more information. > > > > In this case this is for an IP+DNS combination that is known > > to never have sent spam. And of course the supreme irony of > > the matter is that google itself stands accused of injecting > > spam into people's email - see noyb.eu > > > > The first reaction is to be a bit bleak about this, but > > giving it some thought, there might be a silver lining to > > this: This might be a significant step in the split into > > "internet classic" the familiar favourite versus > > the "hinternet.google", the free, convenient, but > > also watered-down and shrinkflated version. > > > > Amusingly I think the DNG list here might have gotten > > a headstart on this, with its unconfigured reverse > > DNS entry - looking through the recent mails I see > > next to no participants from gmail.com - presumably > > because they haven't seen mail from here. > > > > So I think the only sensible reaction is to get word out > > that to participate in this list it is now even more > > important find a decent nongmail provider, or even > > better - set up your own MX/MTA. > > > > I know that this can be a bit of a PITA, but if > > you maximise for convenience rather than knowledge/privacy, > > shouldn't you be using MacOS/Android instead than Devuan ? > > I’ve been running my own MTA for 15+ years. occasionally I get bounced. > recently was bounced by sbcglobal (AT) who doesn’t respond to removal > requests. It’s definitely a PITA. However, in all fairness, I was sending to > a large group (25 or so)and that might have done it. > > It’s imperative that you have rdns, spf, dkim and dmarc set up and that it > all matches. > > My MTA will reject you if your ptr doesn’t match your a record and your > helo/ehlo hostname. spf, skim and dmarc are all scored via spamassassin. > Google rejects, outright, if there is any sort of mismatch in any of that at > all. Setting up dnssec for your domain is also helpful. The problem with PTRs is that I run several domains from the one IP address, and PTR can only point to one of those. It costs money to get more IPs, my pension is barely coping with the recent cost of living increases. Though I don't really need to send email from the metaverse.farted.net one, it's a joke domain for my Zuckerverse parody, coz OpenSim does almost everything Zuckerberg claims is coming in his future metaverse. He set a low bar, I had trouble getting down to it. I'm 61, I don't limbo as well as I used to. > DNG list traffic comes through just fine. As for the general topic of gmail and mailing lists, many years ago when I used to do that I had to setup a read only and a write only gmail account on every list. Coz otherwise gmail would decide to not send back to me anything I wrote. Now I use my own email server. -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Wed, Aug 31, 2022 at 09:14:31AM +0200, marc wrote: > Hi > > Just a quick note that in the last week or so google seems > have ratcheted up its rejection of mail from independent MTAs > a notch or two. > > IF you check your logs, you might see 550 rejects with a message > such as > > Our system has detected that this message is likely > unsolicited mail. To reduce the amount of spam sent > to Gmail, this message has been blocked. Please visit > https://support.google.com/mail/?p=UnsolicitedMessageError > for more information. I haven't seem gmail rejecting mail from my MX since I setup a skeleton DMARC a while back. I just checked my logs for the last ten days, and haven't seen a single rejection from gmail, even though my MX has sent quite a bit of mail to them during that time. I have toyed more than once with the question of what would happen if a group of us running our own mail exchanges made the choice to reject mail from gmail.com with a 550? If a few of us did it, we might miss mail we maybe wanted to get. If a bunch of us did it, then a bunch of gmail users would complain to google. My guess is google's response would be "this is a free service; if it doesn't work for you, then don't use it." As for classic e-mail, I have to concur that's gone. In my book classic e-mail means no DMARC/SPF/DKIM no valid PTR records, and sending mail from dynamic IP addresses directly. That's not happening, and we have the spammers to thank for that. If everyone played nice, that internet would probably still exist. Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Wed, Aug 31, 2022 at 09:14:31AM +0200, marc wrote: > Hi > > Just a quick note that in the last week or so google seems > have ratcheted up its rejection of mail from independent MTAs > a notch or two. > > IF you check your logs, you might see 550 rejects with a message > such as > > Our system has detected that this message is likely > unsolicited mail. To reduce the amount of spam sent > to Gmail, this message has been blocked. Please visit > https://support.google.com/mail/?p=UnsolicitedMessageError > for more information. > > In this case this is for an IP+DNS combination that is known > to never have sent spam. And of course the supreme irony of > the matter is that google itself stands accused of injecting > spam into people's email - see noyb.eu > > The first reaction is to be a bit bleak about this, but > giving it some thought, there might be a silver lining to > this: This might be a significant step in the split into > "internet classic" the familiar favourite versus > the "hinternet.google", the free, convenient, but > also watered-down and shrinkflated version. > > Amusingly I think the DNG list here might have gotten > a headstart on this, with its unconfigured reverse > DNS entry - looking through the recent mails I see > next to no participants from gmail.com - presumably > because they haven't seen mail from here. I use gmail, and seem to be getting email from this list. I wonder if it is because I have it skip the inbox, and go straight into a different label. Mike Schmitz ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Sent from my iPhone > On Aug 31, 2022, at 10:39 AM, marc wrote: > > Hi > > Just a quick note that in the last week or so google seems > have ratcheted up its rejection of mail from independent MTAs > a notch or two. > > IF you check your logs, you might see 550 rejects with a message > such as > > Our system has detected that this message is likely > unsolicited mail. To reduce the amount of spam sent > to Gmail, this message has been blocked. Please visit > https://support.google.com/mail/?p=UnsolicitedMessageError > for more information. > > In this case this is for an IP+DNS combination that is known > to never have sent spam. And of course the supreme irony of > the matter is that google itself stands accused of injecting > spam into people's email - see noyb.eu > > The first reaction is to be a bit bleak about this, but > giving it some thought, there might be a silver lining to > this: This might be a significant step in the split into > "internet classic" the familiar favourite versus > the "hinternet.google", the free, convenient, but > also watered-down and shrinkflated version. > > Amusingly I think the DNG list here might have gotten > a headstart on this, with its unconfigured reverse > DNS entry - looking through the recent mails I see > next to no participants from gmail.com - presumably > because they haven't seen mail from here. > > So I think the only sensible reaction is to get word out > that to participate in this list it is now even more > important find a decent nongmail provider, or even > better - set up your own MX/MTA. > > I know that this can be a bit of a PITA, but if > you maximise for convenience rather than knowledge/privacy, > shouldn't you be using MacOS/Android instead than Devuan ? I’ve been running my own MTA for 15+ years. occasionally I get bounced. recently was bounced by sbcglobal (AT) who doesn’t respond to removal requests. It’s definitely a PITA. However, in all fairness, I was sending to a large group (25 or so)and that might have done it. It’s imperative that you have rdns, spf, dkim and dmarc set up and that it all matches. My MTA will reject you if your ptr doesn’t match your a record and your helo/ehlo hostname. spf, skim and dmarc are all scored via spamassassin. Google rejects, outright, if there is any sort of mismatch in any of that at all. Setting up dnssec for your domain is also helpful. DNG list traffic comes through just fine. Cheers —Curtis > regards > > marc > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
I do have an unconfigured PTR for a couple of reasons, one of those is lack of static IP for now. But I never had problems with gmail. Instead, I have problems with this list which rejects my messages sent from my own MTA because they cannot find a hostname for my IP. So I have to post from my gmail account. Although I'm an addict of true decentralization, fans of rdns/fcrdns and spf as well make me think that independent email is dead. And, just for the record, I have checked this my gmail account, and the inbox contains no less messages than I get to my own a...@declassed.art Axy ср, 31 авг. 2022 г. в 08:16, marc : > Hi > > Just a quick note that in the last week or so google seems > have ratcheted up its rejection of mail from independent MTAs > a notch or two. > > IF you check your logs, you might see 550 rejects with a message > such as > > Our system has detected that this message is likely > unsolicited mail. To reduce the amount of spam sent > to Gmail, this message has been blocked. Please visit > https://support.google.com/mail/?p=UnsolicitedMessageError > for more information. > > In this case this is for an IP+DNS combination that is known > to never have sent spam. And of course the supreme irony of > the matter is that google itself stands accused of injecting > spam into people's email - see noyb.eu > > The first reaction is to be a bit bleak about this, but > giving it some thought, there might be a silver lining to > this: This might be a significant step in the split into > "internet classic" the familiar favourite versus > the "hinternet.google", the free, convenient, but > also watered-down and shrinkflated version. > > Amusingly I think the DNG list here might have gotten > a headstart on this, with its unconfigured reverse > DNS entry - looking through the recent mails I see > next to no participants from gmail.com - presumably > because they haven't seen mail from here. > > So I think the only sensible reaction is to get word out > that to participate in this list it is now even more > important find a decent nongmail provider, or even > better - set up your own MX/MTA. > > I know that this can be a bit of a PITA, but if > you maximise for convenience rather than knowledge/privacy, > shouldn't you be using MacOS/Android instead than Devuan ? > > regards > > marc > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] meta: list
Hi Just a quick note that in the last week or so google seems have ratcheted up its rejection of mail from independent MTAs a notch or two. IF you check your logs, you might see 550 rejects with a message such as Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked. Please visit https://support.google.com/mail/?p=UnsolicitedMessageError for more information. In this case this is for an IP+DNS combination that is known to never have sent spam. And of course the supreme irony of the matter is that google itself stands accused of injecting spam into people's email - see noyb.eu The first reaction is to be a bit bleak about this, but giving it some thought, there might be a silver lining to this: This might be a significant step in the split into "internet classic" the familiar favourite versus the "hinternet.google", the free, convenient, but also watered-down and shrinkflated version. Amusingly I think the DNG list here might have gotten a headstart on this, with its unconfigured reverse DNS entry - looking through the recent mails I see next to no participants from gmail.com - presumably because they haven't seen mail from here. So I think the only sensible reaction is to get word out that to participate in this list it is now even more important find a decent nongmail provider, or even better - set up your own MX/MTA. I know that this can be a bit of a PITA, but if you maximise for convenience rather than knowledge/privacy, shouldn't you be using MacOS/Android instead than Devuan ? regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
