On 2021-01-06 at 14:23 +0100, Dan Malm via mailop wrote:
> This might have some implications for anyone running a mail server on
> Ubuntu as smtp delivery to recipients with a "legacy" SSL configuration
> will break with SSL errors like for example: "SSL
> routines:tls_process_ske_dhe:dh key too
On 2020-12-16 at 12:10 -0500, Dave Shevett via mailop wrote:
> Wer're actually running on a linode now that's pretty much dedicated
> to running mailman. The issue is there's still a lot of yak-shaving
> to make it all work, in particular understanding how to get dkim
> signatures to work when
On 2020-12-08 at 16:13 +0200, Mary via mailop wrote:
> So in postfix you'd do something like this? (under header_checks)
>
> /^From:.*<(.*)>/ REPLACE From: $1
>
> I wrote that in my email client, so I don't expect my regex to work. I guess
> it would be fun to see how much damage I can do with
On 2020-11-21 at 14:31 +, Stuart Henderson via mailop wrote:
> On 2020/11/21 13:59, Thomas Walter via mailop wrote:
> > On 21.11.20 12:54, Jaroslaw Rafa via mailop wrote:
> > > You can configure your MTA to disable IPv6 only for delivery to Google -
> > > at
> > > least with Postfix it should
On 2020-11-20 at 10:18 +, Tim Bray via mailop wrote:
> On 20/11/2020 08:01, Andrew C Aitchison via mailop wrote:
> > The developers would like to use a "standard" schema;
> > does anyone use or know of a JSON schema for mail servers logs ?
>
> Tricky - a streaming file format is not going to
Folks,
One of the sources of mail for a domain I need to care about (nats.io)
per DMARC reports is office.com; eg:
cwlgbr01ft010.eop-gbr01.prod.protection.office.com.
5.188.213.206 5.188.213.198
Do Microsoft do domain verification before allowing a sender domain to
be used?
I'm trying
Folks,
The zsh.org project had to move hosting, including email, on a shorter
final timescale than ideal for things like IP warming, so had to go live
abruptly on its new addresses. I'm helping out but not driving the
effort. Some providers are blocking, so if you have manual allow-list
stuff,
On 2020-07-24 at 15:29 -0700, Luis E. Muñoz wrote:
> I would push DANE a bit up in the list. DNSSEC can be a drag to some, but it
> is really the way to go in terms of decentralization of encryption. It is
> also a good practice.
Absolutely, but the context here was sending to Gmail, who don't
On 2020-07-24 at 15:40 -0400, Phil Pennock via mailop wrote:
[ snip lots ]
I was asked by someone with a link to a mailing-list archive entry to
turn this into a blog-post which could be cited, so I've done so; there
are some additions of RFC and website cross-references which might make
On 2020-07-24 at 09:54 +0100, Klaus Ethgen via mailop wrote:
> As my mails are always plain text, signed by PGP and coming from a mail
> server that I can assure is never sending spam or even high amount of
> mails, that is not in any blacklist, I wonder, what makes it google to
> believe that my
On 2020-07-15 at 11:54 -0400, John Levine wrote:
> In article <20200713214707.ga26...@fullerene.field.pennock-tech.net> you
> write:
> >Exim has implemented a=ed25519-sha256 for some time, and verifies it.
> >By mail volume that's not a lot, but by independent installs it counts a
> >bit more.
On 2020-07-10 at 17:59 -0700, Brandon Long via mailop wrote:
> Anyways, ecc has been added to DKIM, but I'm not sure how widely deployed
> verifying it is.
> https://tools.ietf.org/html/rfc8463
Exim has implemented a=ed25519-sha256 for some time, and verifies it.
By mail volume that's not a lot,
On 2020-05-28 at 13:35 -0600, Daniele Nicolodi via mailop wrote:
> Does anyone know if there is any alternative to Outlook to access
> Exchange Online mailboxes that require modern authentication?
>
> The IT department of the organization that is pushing thins says that
> modern authentication
On 2019-10-14 at 15:07 +0200, Thomas Walter via mailop wrote:
> Even more interesting: In Germany, this can be seen as not delivering an
> email to the recipient which is against the law. The user might be using
> POP3 or is not subscribed to the IMAP folder and therefore does not see
> the SPAM
On 2019-09-25 at 21:18 +1200, Simon Lyall via mailop wrote:
> Just had a bunch of people at a domain get unsubscribed from this list.
> Appears to be some weird Google rule (which probably made sense with they
> were not the MX for 30% of all active domains)
>
> Any chance of them fixing it (or
On 2019-08-28 at 18:42 +0100, Tim Bray via mailop wrote:
> Probably mainly for Debian users.
>
> libgnutls30 3.6.7-4(Debian Buster)
>
> exim4-daemon-heavy 4.89-2+deb9u5 (Debian Stretch)
>
> Run these together and it tries to use TLS1.3 when sending email. And
> google seems to close the
On 2019-04-29 at 19:51 +0100, Andrew C Aitchison via mailop wrote:
> I'm trying to alert the exim developers to the suggestions that people
> have made in this thread; but it would be easier to ask them to subscribe to
> mailop if the archive didn't have an expired certificate.
I'm on mailop, I
On 2018-09-13 at 16:30 +0300, Vladimir Dubrovin via mailop wrote:
> For opportunistic TLS, there is no difference between certificate signed
> by CA and self-signed certificate (or even unsigned), because
> cerificatate is usually not validated. Certificate validation is useless
> here, because
On 2018-05-22 at 14:58 -0400, Eric Tykwinski wrote:
> MTA-STS will probably hit more on the valid certificate deal, but it's on the
> mta-sts record to get the policy.
> DANE just says this certificate is good, could be expired, self-signed, et al
> as long as it passes the hash.
DANE has two
On 2018-04-27 at 14:58 -0700, SM wrote:
> There is some information in RFC 6125.
Hi, and thanks.
It covers in appendix B.4 two previous pieces of guidance, one of which
helps a little.
The first is a vague "probably" which fails to help; I think the text
(from 2002) predated most people
Folks, mail-providers especially, a heads-up:
I've committed a change for the next release of Exim (not imminent)
which is a "default configuration file" change to the suggested
configuration for talking to mail smarthosts.
The changes are all around TLS. The new Exim suggested smarthost
On 2018-04-17 at 14:28 -0400, Phil Pennock wrote:
> and for the DANE case, Exim
> always sends SNI.
I'm going prematurely senile. I could have sworn this was true but I
can find no evidence of it. Since RFCs 7671 and 7672 mandates SNI of
the
On 2018-04-17 at 16:47 +, Brandon Long via mailop wrote:
> So, according to our tls folks, that cert is only served to TLS 1.3 clients
> that don't send SNI,
> so they wonder if you're using a pre-release version of OpenSSL without any
> changes.
Yes, Exim supports TLS 1.3 if GnuTLS or
On 2018-04-16 at 13:04 -0400, Phil Pennock wrote:
> What's confusing to me, the next morning, is that included in the Gmail
> overrides is a force-enabling of validation (yes, using the CA system,
> but selective for remote domains where I choose to trust they're not
> going to press
On 2018-04-16 at 11:45 -0700, Ned Freed wrote:
> AFAIK this does not happen in MTA-STS, that is, at no time is the MX hostname
> obtained from the DNS checked against the "mx" list from the MTA-STS policy.
> Rather, the DNS-ID of the certificate returned by the server is checked
> against
> the
On 2018-04-16 at 05:28 +, Brandon Long via mailop wrote:
> I always thought of SNI has the equivalent of the Host HTTP header, so it
> should be the hostname you're connecting to.
>
> That's my reading of rfc 6066 at least, and what Gmail expects.
In the HTTP Host header case, the hostname
On 2018-04-11 at 14:41 -0700, Carl Byington wrote:
> So we could (do what they want) interpret mx:mail.example.com as if it
> were a:mail.example.com
FWIW, both RFC 4408 from 2006 and RFC 7208 from 2014 explicitly
"MUST NOT" this behavior.
Section 5.4 in each.
> What does your code do when it
On 2017-07-25 at 22:10 -0400, Eric Tykwinski wrote:
> Sorry, probably straying from the topic, but does anyone know any good SMTP
> tests for DANE.
> I’m using https://dane.sys4.de/ currently and it works, but I would like
> something with some more details if possible.
Self-pimping:
On 2017-02-15 at 22:40 -, John Levine wrote:
> I like DO for web hosting and their provisioning is great, but I
> wouldn't try to send mail from DO.
DO block port 25 outbound on IPv6. So I wouldn't, either.
(I was going to put a monitoring box on a new DO VPS, away from my
regular colo, but
Hey,
Old story, shadow IT setup, email for a domain being handled by pobox,
person who set it up has left, no authentication information stored in
company password manager system. I'm trying to get back access so we
can pay pobox money and get things running again.
(Which is, understandably,
On 2015-06-23 at 16:35 +0200, Johann Klasek wrote:
On Sat, Jun 20, 2015 at 11:33:00AM -0500, Frank Bulk wrote:
http://www.circleid.com/posts/20150620_logjam_openssl_and_email_deliverabili
ty/
FYI, just a heads up.
OpenSSL now rejects handshakes using DH parameters shorter than 768
31 matches
Mail list logo
