Re: [mailop] Exchange (and GSuite?) versus open source - was Re: The oligopoly has won.

2022-09-14 Thread Matthias Leisi via mailop 
>> The open source eco-system has failed to produce useful alternatives to 
>> Outlook/Exchange(Online) or GSuite.
> 
> Never having had to use either in anger, or had the perspective of an SMB,
> what is missing from the open source offerings ?

Calendar. Calendar delegation. Calendar sharing. 

Delegtion of access to mailboxes. 

Access to shared mailboxes (I know that Dovecot handles that, but how many 
Dovecot admins know that and can manage it in  a scalable way?)

> As far as I can see Exchange does some calendaring which only works with 
> Outlook
> and which has always looked like the tail wagging the dog from my perspective
> (why would I change my entire mail system to use a calendaring system ?).

Because people do not want mail, they want mail and calendar and authentication 
and access and delegation, and integration with their business apps and their 
mobile devices …

Yes, Exchange is awfully poor in how it handles this and how you have to manage 
it. (And GSuite is not really better. And Apple has a lot to catch up to.) 
Overall, the state of affairs is truly awful. It’s so awful that even I have to 
admit that Microsoft is doing it better than anybody else and that you should 
definitely migrate your collaboration to Microsoft.

And yes, I’m painfully aware that Microsoft commercially has no problems to use 
their market power and to leverage licensing terms *just* to the point where it 
starts to hurt *really* bad. But all other competitors, including open source 
alternatives, have failed miserably.

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

2022-09-14 Thread Matthias Leisi via mailop 

> What I’ve said elsewhere is that what consumers, enterprises, and SMBs all 
> need is a healthy selection of services from which to choose.  The problem 
> with the entry costs is that you have to be able to leverage a cloud 
> infrastructure to play these days.  That’s not cheap.

The main issue is not really „cheap“. As I see it, as an SMB around the world, 
you really only have two choices: MS365 or Google. Microsofts licensing makes 
self-hosting impractical, and Google is more or less the only (non-self-hosted) 
alternative, from a mass-market perspective. 

The open source eco-system has failed to produce useful alternatives to 
Outlook/Exchange(Online) or GSuite. These are the two reasons why the oligopoly 
has won: inferior solutions and very precisely targetted licensing terms (did 
you ever try to license a Windows server on a cloud infrastructure to run your 
own Exchange? ha, good luck with that…)

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] X-MS-Exchange-CrossTenant-* headers gone?

2022-08-31 Thread Matthias Leisi via mailop 
Apparently ExchangeOnline is not adding the X-MS-Exchange-CrossTenant-* headers 
any more. Lots of fun if you have tools in your outbound mail flow that 
interact with multiple MS365 tenants and separates them based on the 
X-MS-Exchange-CrossTenant-id header (amongst other use cases). 

So far we’ve seen it with customers hosted in the german MS365 cloud, but not 
with customers in the swiss cloud. Any other observations?

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

2022-01-11 Thread Matthias Leisi via mailop 
>> How would it know the difference if it was Thunderbird, or the user?
> 
> You can guess by timing.
> 
> If the message is moved to spam folder immediately after being fetched by
> client, then it is an automated filter action. If there is at least a few
> seconds delay, then it is probably the user manually moving the message into
> spam folder (the user needs some time to look at least at the subject of
> the message and click the appropriate button).

The mail client with its local spam filter may not be connected at the time the 
message arrives in the inbox. It may come online at a later point and move 
messages to the spam folder with considerable delay.

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Haraka status? Exim the only choice? (v Postfix)

2021-05-01 Thread Matthias Leisi via mailop 

> I used Postfix along time but my experience is that it is incredible 
> difficult to implement custom logic especially across the different 
> binaries/processes it uses to fulfil a mail delivery transaction. Its 
> designed in the "unix philosophy" and has good performance - great but 
> Postfix devs normally react hostile if asked for advanced features that 
> require tracking meta-information about messages across Postfix processes. 
> Its only the RFC compliant mail message state that persisting through the 
> entire transaction, nothing more. Milters can be injected but have 
> limitations and I get headaches from the configuration system. I shouldn't 
> complain too hard tho, because I'm grateful for how solid and secure and 
> bulletproof it has been. Thank you team Postfix.
> 
> But I want more power and customization not only generic mailserver.

For sticking with Postfix, have a look at https://fuglu.org/ 


— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delivery problem on Microsoft e-mail (code 250 but does not receive)

2020-10-21 Thread Matthias Leisi via mailop 

Does it produce a bounce? 

We see cases where eg Recipient verification on MS365 customers simply does not 
work (apparently depending on which cluster they are hosted). Instead of 
rejecting with some 5xx it will bounce later.

— Matthias

Von meinem iPhone gesendet

> Am 20.10.2020 um 12:45 schrieb Daniele Rossi via mailop :
> 
>  Hi,
> 
> we try to send to Microsoft Account and we receive this message:
> 
> Queued mail for delivery -> 250 2.1.5
> The problem is that the mail does not arrive either in spam or in the inbox.
> This happens for most of our ip's.
> 
> Can anyone explain this abnormal behavior to me?
> 
> 
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

2020-07-24 Thread Matthias Leisi via mailop 
> S/MIME offers more traditional digital signatures using CA signed 
> certificates.  I would
> not call that widely deployed, I certainly have never seen it from any 
> marketing/transactional
> mail, maybe once or twice from a medical insurance company.  Support in mail 
> clients is
> fairly widely deployed, possibly more so than DKIM.

Webmail is usually poor in properly showing signature verification. 

One big provider which starts with a „G“ seems to silently ignore attachments 
with „Content-Type: application/pkcs7-signature". :)

(Everything works as it should when accessed over IMAP, no problem there.)

— Matthias


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Pinging Mimecast

2020-07-10 Thread Matthias Leisi via mailop 
Mimecast is apparently sending from 185.58.84.0/24 (specifically  
eu-smtp-delivery-42.mimecast.com / 185.58.84.42). This is not included in what 
customers apparently have in their SPF records 
("include:eu._netblocks.mimecast.com" and 
"include:us._netblocks.mimecast.com“), with the obvious result.

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Post-processing Journal-Mails coming from O365, forwardedMail

2020-07-08 Thread Matthias Leisi via mailop 
> there is a feature in O365 that forwards mails (in/out/both..) to an 
> archive-mailbox for long-term archiving.
> 
> We grab this mails via pop. However our available mail-readers (Thunderbird, 
> Kopano) show the original mail as attachment.
> 
This is the „envelope wrapper“ format. It contains the _final_ recipient(s) of 
the email (eg after aliasing, distribution list expansion etc), and contains 
the original email - headers and body - unchanged. The advantage is that the 
archiving process does not need to do any of the logic Exchange does (no 
further LDAP lookups etc).

> This makes it very hard for handling/searching/reading of these mails.
> 
> Are there any tools available to just have the attachment that is the real 
> and original mail?
> 
These messages are typically read by an email archiving solution (mailpiler, 
mailarchiva, cryoserver, mailstore etc) for long-term storage, full-text search 
and other features.

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Recipient verification / MS365 inconsistent?

2020-07-08 Thread Matthias Leisi via mailop 
For some of our clients who use MS365, we noticed that recipient verification 
_sometimes_ fails (actually, it fails more than it succeeds). What I mean by 
„fail“ (lightly edited for privacy reasons):

> > (EHLO and STARTTLS ...)
> < 220 2.0.0 SMTP server ready
> > EHLO (ourserver)
> < 250 DB5EUR01FT011.mail.protection.outlook.com Hello [91.208.173.165]
> > MAIL FROM: 
> > RCPT TO: <(random non-existing email address)@(customer)>
> > DATA
> > [..]
> > .
> < 250 2.6.0 <159424516309.19130.7744779654254529...@quar04.cleanmail.ch> 
> [InternalId=15603616188757, Hostname=DB7PR03MB3804.eurprd03.prod.outlook.com] 
> 9393 bytes in 0.135, 67.925 KB/sec Queued mail for delivery

This obviously produces a bounce later on. 

By „succeed“, I would expect a 5xx response after the RCPT TO, which happens in 
maybe 1 in 10 cases, but we have not found a real pattern.

According to docs, verification of RCPT TO should be enabled by setting the 
domain as „authoritative“ on MS365 (this setting has been confirmed).

Delivery to existing accounts works as expected.

Anybody else noticed this behaviour? 

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] DNSxL lookups IPv6 - one /128 per DNS query

2020-02-02 Thread Matthias Leisi via mailop 
At dnswl.org, we collect (DNS) logs to identify abusers of our service. During 
last week, the logs increased by a factor of 10 (usually this is pretty stable, 
going up an down a few percents), so we thought we’d investigate. And we found 
something new (to us). 

From one particular IPv6 range, each and every DNS query was sent from a unique 
IPv6 /128, and every /128 seen was used exactly once.

Since we do not correlate source and question of DNS queries received (for 
privacy reasons), we can not tell what exactly was being asked. We can work 
around this issue in a number of ways (by blocking them from our DNS servers, 
excluding them from the log aggregation etc), so no direct harm here. However, 
if such behaviour becomes more widespread, it may have a number of collateral 
effects (for DNS caches, in log handling, in reputation management systems etc).

Is this something others have seen as well (either on the DNSxL lookup side, or 
in SMTP connections)? 

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang, Switzerland
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] No SMTP-Auth in Office365 Mailflow Connectors - seriously Microsoft?

2019-06-14 Thread Matthias Leisi via mailop 
Experienced this as well. Customer mentioned this, and I did not believe him 
until I checked myself… 

— Matthias

> Am 14.06.2019 um 14:42 schrieb Stefan Bauer via mailop :
> 
> Hi,
> 
> can anyone confirm that I'm just blind or that this is not possible with 
> Microsofts Exchange Online (Office365) cloud solutions?
> 
> This works fine in all on-premise installations. I can not specify 
> username/password for smtp authentication nor any certs.
> 
> I just want to set outgoing mails to smarthosts with authentication.
> 
> Any MS admin around that can elaborate on this?
> 
> I'm baffled.
> 
> Stefan
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop