Hi,
Dňa 8. 9. o 22:44 Brandon Long via mailop napísal(a):
> Hmm, blocking connections is highly unusual for us, as it doesn't provide
> any feedback, usually we respond with a 5xx banner or to HELO. I would
> check to see if you can reach www.google.com on IPv6 from the same box, and
> if you
Hi,
Dňa Mon, 13 Sep 2021 14:41:34 -0700 Brandon Long via mailop
napísal:
> I did get the IP offlist, and my initial investigation didn't find it
> on any block lists.
Thanks for investigation, it was not google fail. I am sorry for
wasting your time.
regards
--
Slavko
http://slavino.sk
Ahoj,
Dňa Mon, 13 Sep 2021 22:46:47 +0100 Chris Malton via mailop
napísal:
> Last I looked, HE tunnels block TCP port 25 unless explicitly
> requested to be unblocked.
>
> Looks to still be the case from their FAQ -
> https://ipv6.he.net/certification/faq.php
>
Once again thanks, it is
Dňa 7. 9. o 20:20 John Levine via mailop napísal(a):
> It appears that John Capo via mailop said:
>> The only IPv6 issues I have seen, other than transit only via HE, is
>> delivering to Google. Google seems to assume that mail via IPv6 is spam.
>> The same mail flow via IPv4 is OK with
Dňa 13. septembra 2021 21:46:47 UTC používateľ Chris Malton
napísal:
>
>Last I looked, HE tunnels block TCP port 25 unless explicitly requested
>to be unblocked.
Oh, many thanks for it. I miss or forgot this. I am sorry that i blame google
;-)
I didn't care about this for long time, as i had
Dňa 9. septembra 2021 17:44:14 UTC používateľ Brandon Long via mailop
napísal:
>
>I can't do any investigation without knowing your IP address or net.
>
Hi,
I send you IPs offlist, did you got it?
regards
Slavko
___
mailop mailing list
Hi,
Dňa Sat, 07 Aug 2021 19:15:57 +1000 Noel Butler via mailop
napísal:
> So you think it's better to have the potential to inconvenience
>
> over the likelihood of a dozen or so people who may have loss of a
> legit mail?
>
> I'm not one to bow to the tiny minorities, also, T's are most
Hi,
Dňa Tue, 21 Sep 2021 17:08:54 +0200 Alessio Cecchi via mailop
napísal:
> For "do something" I means:
>
> - too many logins from different country
> - too many fast login
You do not tell what IMAP/POP3 server are you using, but eg. with
dovecot you can use/apply these (and more) policies
Ahoj,
Dňa Fri, 24 Sep 2021 12:36:23 -0400 Bill Cole via mailop
napísal:
> On 2021-09-24 at 11:50:24 UTC-0400 (Fri, 24 Sep 2021 17:50:24 +0200)
> Slavko via mailop
> is rumored to have said:
>
> > While i cannot comment mentioned OVH domain, i will ask, why anyone
> >
Ahoj,
Dňa Fri, 24 Sep 2021 14:45:08 + Steven Champeon via mailop
napísal:
> Looking up the domain in Google gives you the parent organization, as
> well as a link to a French Wikipedia page containing their address,
> leadership, history, URL, etc. so the net effect is that GDPR
>
Ahoj,
Dňa Tue, 12 Oct 2021 19:52:38 +0100 Vsevolod Stakhov via mailop
napísal:
> You can do it with Rspamd as well:
>
> > rspamadm dkim_keygen -d example.com -s dkim -t ed25519
> vYJfhPrDPls0CBf4Y5H1usrJu6OxDaYubEAldoyza9X4PwjpomnSnMJyf0tNLfDj5KvVAVGMI+DF3sPSDj3USA==
> dkim._domainkey IN TXT
Hi,
Dňa 12 Oct 2021 12:12:27 -0400 John Levine via mailop
napísal:
> The perl and python DKIM modules still don't support ed25519 keys.
> They're on my list of things to do, but pretty far down the list.
python's dkimpy (and its CLI tool) is able to check ed25519, but by
default it checks only
Hi,
Dňa Fri, 08 Oct 2021 16:33:12 + Faisal Misle via mailop
napísal:
> It seems Google has not been sending any DMARC reports since 10/3.
> Our internal data shows Google has not been sending us reports to our
> RUAs
Reports are send now, but twice a day, and today even thrice (report ID
Dňa 12. 10. o 11:02 Sidsel Jensen via mailop napísal(a):
> My question to you: What are your thoughts on starting to sign with ed25519
> keys and what is currently holdning you back?
I am using dual sign with ed25519 keys for some months already (i do not
remember exactly without checking
Dňa 15. 10. o 0:04 Hans-Martin Mosner via mailop napísal(a):
> 1. Rspamd (embedded in a Mailu installation) for low-maintenance operation.
> That packages includes several mechanisms
> to score messages and handle them according to score intervals. This does
> a relatively good job but
Hi,
Dňa Tue, 28 Sep 2021 17:27:48 + Faisal Misle via mailop
napísal:
> That usually means the address does not exist in Office 365.
>
Thanks to both (i got one offlist response too).
Reading here about problems with mail delivery to microsoft, i was not
sure if it is not my mistake, and
Hi,
my rua report was rejected at RCPT stage with:
SMTP error from remote mail server after RCPT
TO::
550 5.4.1 Recipient address rejected: Access denied. AS(201806281)
[DB5EUR01FT030.eop-EUR01.prod.protection.outlook.com]
I search the Internet, but i found multiple similar posts,
Hi,
please i want to ask how to deal with pure SPF when DMARC is in use. I
understand how to deal with SPF within DMARC checks and i do not want to
diskuss this.
But what if domain owner specify eg. -all (or ~all) and SPF check
against SMTP.From (or EHLO) fails (or softfails) with this rule?
Hi,
thanks for all answers, all was useful.
Note: I am talking (asking) about incoming emails, not about my domain.
Dňa Mon, 4 Oct 2021 14:15:03 +0200 Alessandro Vesely via mailop
napísal:
> You can consider either the union or the intersection.
OK, i read suggested 6.7 and 10.1 sections of
Hi,
Dňa 4 Oct 2021 23:06:53 -0400 John Levine via mailop
napísal:
> I think you will find that rejecting on SPF -all (other than the
> special case of a bare -all meaning we send no mail) will make you
> reject a lot of perfectly good mail. So don't do that.
I check log for last month (30
Hi,
Dňa Mon, 4 Oct 2021 21:15:25 +0200 Alessandro Vesely via mailop
napísal:
> That's if exim can lookup dnswl and accept spf=fail for whitelisted
> IPs.
Ah, i understand now, thanks. I think about it too awkwardly ;-)
regards
--
Slavko
http://slavino.sk
pgpF0bsgW4OUX.pgp
Description:
Ahoj,
Dňa Mon, 27 Sep 2021 08:04:18 -0700 Michael Peddemors via mailop
napísal:
> Yes, an individual probably SHOULD be able to opt out from whois IF
> THEY WANT, however if if they expect people to allow traffic from
> their domain, they should understand that transparency is important,
>
Ahoj,
Dňa Sat, 25 Sep 2021 12:11:19 +0200 Alessandro Vesely via mailop
napísal:
> On Fri 24/Sep/2021 19:55:51 +0200 Slavko Via Mailop wrote:
> > Good analogy, as street is as public as the Internet is. You do not
> > answer if are you publishing your identity on the street.
>
Hi,
Dňa 24. 9. o 11:40 Jaroslaw Rafa via mailop napísal(a):
> This *is* a law that "helps protect the innocent victims". Yes, it is
> sometimes poorly (or intentionally wrongly) implemented, such an abusing the
> "legitimate interest" concept included in the GDPR by many advertisers to
> still
Hi,
Dňa Tue, 21 Sep 2021 15:02:37 +0200 Alexey Shpakovsky via mailop
napísal:
> However, we live in an imperfect world, and if some email provider
> would declare themselves "big" but offer unlimited number of free
> email addresses for spammers - then everyone else will likely just
> block the
Hi,
Dňa Tue, 21 Sep 2021 18:30:46 +0200 Alexey Shpakovsky via mailop
napísal:
> On Tue, September 21, 2021 17:39, Slavko via mailop wrote:
>
> > I am curious, do you block whole gmail.com?
>
> No, but at one time I was pretty close to blocking yahoo, having 0
> friend
Hi,
Dňa Sun, 5 Dec 2021 19:51:15 + ml+mailop--- via mailop
napísal:
> "What's the problem you are trying to solve?"
Basically no problem here. I never seen message with unqualified
postmaster (RCPT). To be honest, i miss this part of RFC before.
I only try to understand, how to deal with
Hi,
Dňa Fri, 3 Dec 2021 11:55:21 + Glowfish Domainadministrator via
mailop napísal:
> nslookup 96.63.189.196.spam.spamrats.com
> Server: 127.0.0.53
> Address:127.0.0.53#53
I use systemd's resolver as cache too (on one machine) and i meet DNSSEC
problems with it too. I
Ahoj,
Dňa Thu, 30 Dec 2021 17:00:57 +0100 Nicolas JEAN via mailop
napísal:
> So I really want dovecot to know the originating IP for the _first_
> login attempt.
I tried the proposed patch and it works, that mean the remote ip is set
from first (login) request. That is indeed best solution.
Hi,
Dňa Tue, 4 Jan 2022 15:32:57 -0800 Brandon Long via mailop
napísal:
> For anyone who cares about their dmarc reports, I'd highly recommend
> using a third party service for analyzing them, they will be better
> set up to handle the load.
please, is this suggestion meant universally, or it
Dňa 28. decembra 2021 17:08:24 UTC používateľ Nicolas JEAN via mailop
napísal:
>Did you encounter the issue of the first IMAP connection not forwarding
>the actual client IP to dovecot? (the one sent from roundcube's login page)
Terrible to tell now, as i didn't care before and i am not at PC
Dňa 28. decembra 2021 15:55:57 UTC používateľ Nicolas JEAN via mailop
napísal:
>Still, even if I'm going to have all legalities cleared and my terms of
>service updated...
>My conclusion is that today, there's no technical way to forward client
>IPs from roundcube to dovecot/postfix.
At
Ahoj,
Dňa Tue, 28 Dec 2021 18:08:24 +0100 Nicolas JEAN via mailop
napísal:
> Did you encounter the issue of the first IMAP connection not
> forwarding the actual client IP to dovecot?
OK, i try it, and i see it:
imap-login: Login: user=, method=PLAIN, rip=::1, ...
imap-login: Login: user=,
Hi,
Dňa Mon, 22 Nov 2021 22:43:49 +0100 Jaroslaw Rafa via mailop
napísal:
> In some countries (for example in my country) ISPs are legally
> required to block domains that are on government's "block list" in
> their resolvers. These domains are resolved to an IP address of a
> website with
Ahoj,
Dňa Wed, 17 Nov 2021 11:51:46 -0600 Scott Mutter via mailop
napísal:
> Don't forget local compromises - keyloggers, spyware, and other
> malware - running on an end-user's system.
If one use good email client/browser, locally stored passwords are not a
problem as they are encrypted:
Hi,
Dňa Wed, 17 Nov 2021 13:31:50 -0600 Scott Mutter via mailop
napísal:
> Unless you are sending an encrypted password to your mail server (in
> which case, the compromiser still has the necessary to log into your
> email account) then this has to be decrypted some how by the email
>
Hi,
Dňa Fri, 12 Nov 2021 16:15:34 -0600 Jarland Donnell via mailop
napísal:
> This is who runs it: https://area51services.com/
I tried to report problem to them via contact form, but they require
phone number, which i am not willing to provide them and form doesn't
accept the fake one (or i do
Hi,
Dňa 12 Nov 2021 19:59:11 -0500 John Levine via mailop
napísal:
> When I do an A lookup on bl.0spam.org or 2.0.0.127.bl.0spam.org it
> works fine, valid DNSSEC.
Yes, this works for me too with positive answer, but fails for NXDOMAIN
answers, see below.
> Where are you looking for an SOA,
Dňa 14. novembra 2021 8:00:26 UTC používateľ "Dan Mahoney (Gushi) via mailop"
napísal:
>It didn't look very sophisticated -- basic port 25 blast with no response
>parsing. Missing message-ids.
I reject remote mails without Message-ID header, but here they are rare.
Most of scripts do not
Ahoj,
Dňa Sun, 14 Nov 2021 10:02:31 + Simon Arlott via mailop
napísal:
> In this case, the signature is for the SOA with serial 2021110401 but
> the current SOA serial is 2021110501:
> https://gist.github.com/nomis/239c16f5f2321600e9397933b193d955
Please, i am curious, how did you get the
Ahoj,
Dňa Sun, 14 Nov 2021 10:40:01 +1000 Noel Butler via mailop
napísal:
> On 13/11/2021 21:58, Renaud Allard via mailop wrote:
>
> > It fails here too
> >
> > # time dig 2.0.0.127.bl.0spam.org
> >
> > ; <<>> dig 9.10.8-P1 <<>> 2.0.0.127.bl.0spam.org
> > ;; global options: +cmd
> > ;;
Hi,
I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check
script, but in more days their DNS server returns SERVFAIL.
Please, are these RBL gone or it is only mistake in its configuration?
regards
--
Slavko
https://www.slavino.sk
pgpPxqibrEsKY.pgp
Description: Digitálny
Dňa 12. novembra 2021 20:30:25 UTC používateľ Michael Peddemors via mailop
napísal:
>If you check mxtoolbox or hetrixtools, and see an IP listed, but you
>don't see it listed in your queries, or blocked/flagged by the chosen
>RBL, it is most likely a DNS problem.
>
>Many open resolvers are
Dňa 12. novembra 2021 22:15:34 UTC používateľ Jarland Donnell via mailop
napísal:
>This is who runs it: https://area51services.com/
Thanks
Slavko
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Dňa 1. novembra 2021 23:09:56 UTC používateľ Michael Peddemors via mailop
napísal:
>The 'current' link.. (it does change) is..
>
>https://www.microsoft.com/en-us/download/confirmation.aspx?id=41653
Please, what have Microsoft with SpamRats?
Slavko
Dňa 1. novembra 2021 21:40:50 UTC používateľ Michael Peddemors via mailop
napísal:
>RATS-AZURE might be your friend, but we combine that with other checks
>to auto detect spammers from Azure..
Please, is it described somewhere? I cannot see it in https://spamrats.com/
regards
Slavko
Ahoj,
Dňa Tue, 2 Nov 2021 07:21:31 -0700 Michael Peddemors via mailop
napísal:
> SpamRats has nothing to do with Microsoft, but it does have two lists
> that can help with Spammers on Azure.
I am sorry, it was my misunderstanding what it is linked. I initially
think that you point me to
Dňa 5. 11. o 9:31 Patrick Ben Koetter via mailop napísal(a):
> rspamd, which has been used in the example avove, seems to handle
> ed25519-sha256 verification quite well. Anyone using other DKIM verifiers
> which have problems with ed25519-sha256 verification and take it badly i.e. do
> anything
Hi,
Dňa Mon, 13 Dec 2021 18:19:07 +0100 Alessandro Vesely via mailop
napísal:
> Is it customary to reject messages with multiple addresses in From:?
> Why?
AFAIK, DMARC works with only one From: address, thus sites which
are verifying DMARC tends to reject multiple addresses in it.
regards
Hi,
Dňa Mon, 13 Dec 2021 09:51:48 -0800 Brandon Long
napísal:
> Basically, yes, DMARC doesn't handle multiple from addresses,
> otherwise one could do From: m...@whatever.com, accou...@google.com and
> which domain would this
> be considered from? I guess one could evaluate DMARC for both.
>
Hi,
Dňa Sun, 5 Dec 2021 10:12:24 + ml+mailop--- via mailop
napísal:
> RFC 5321 SMTP October
> 2008
>
>o The reserved mailbox name "postmaster" may be used in a RCPT
> command without domain qualification (see Section 4.1.1.3) and
>
Hi,
Dňa Sun, 5 Dec 2021 11:24:04 + ml+mailop--- via mailop
napísal:
> Anyway, my mail was only about a clear violation of the (SMTP) RFC
> by comcast.
Yes, i understand that, and my question was not to you only (sorry, if
it was not clean).
I think a little about it, but i cannot find
Hi,
Dňa Sun, 18 Jul 2021 06:54:07 +0200 Slavko via mailop
napísal:
> To see from where they come i did simple Python(3) script, which reads
> list of IP from stdin and prints some stats based on GeoLite2 DBs.
> When i feed it with IPs parsed from today dovecot's fail2ban log i
> can
Hi,
Dňa 17 Jul 2021 20:41:14 -0400 John Levine via mailop
napísal:
> It appears that Thomas Hochstein via mailop said:
> About 12,000 here. It's a botnet, it's not targeting you any more
> than any other random server it can find, and I don't know of any way
> to block it. You can use
Hi,
Dňa Mon, 19 Jul 2021 00:34:40 +0100 Tim Bray via mailop
napísal:
> I didn't really get on with fail2ban. I do have it running, but it
> pulls very little for exim.
>
> I did write my own script to follow the exim mainlog with a bunch of
> regexp and drop IP addresses into ipset. (task
Hi,
Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole via mailop
napísal:
> > The only usable way seems to be GoiIP blocking countries, but i
> > afraid that it is wrong way.
>
> Why?
Hard to describe it in English for me, but i will try.
I consider blocking access by country as discriminating
Hi all!
I registered here only in recent time and this is my first post here (i
am sorry, my English is not best)...
In recent days i bother with many login attempt to my personal mail
server, which i use for some years. I meet distributed dictionary
attack to IMAP server which was partially
Ahoj,
Dňa Thu, 6 Jan 2022 11:02:48 -0800 Brandon Long via mailop
napísal:
> On Thu, Jan 6, 2022 at 5:55 AM Alessandro Vesely
> wrote:
>
> > For a different question, if google has proper methods and checks to
> > receive DMARC reports, why doesn't it deploy them for hosted domains
> > too?
Ahoj,
Dňa Fri, 11 Mar 2022 13:41:27 -0600 Michael Rathbun via mailop
napísal:
> They frequently fail the timeout setting on a DNSBL checker tool I
> use. Running the tool again pulls the records in cache that arrived
> after the timeout. The resolver is a local instance of bind.
I use local
Hi,
for relative long time (some weeks) i have troubles with SORBS RBL. I do
not use it at MTA nor rspamd level, but only in my script, which i run
only manually when i need to inspect some IP status in depth, thus i
cannot exceed any limits.
But queries to SORBS (concrete to
Ahoj,
Dňa Fri, 11 Mar 2022 11:20:24 -0800 Dan Mahoney via mailop
napísal:
> Why are you instead not doing a dig against these ips? It's clear
> you understand that ICMP may be blocked, so why not use a check
> method that actually uses the protocol you'd use to query them?
(send only to Dan
Ahoj,
Dňa Sat, 12 Mar 2022 10:09:43 +1000 Noel Butler via mailop
napísal:
> Secondly, like most DNSBL's they probably use rbldnsd, this does not
> support TCP, only UDP
Sure, that is true for their rbldnsX.sorbs.net (they even responds to
version chaos), but not true for their nsX.sorbs.net
Ahoj,
Dňa Fri, 11 Mar 2022 20:20:23 -0500 Luis E. Muñoz via mailop
napísal:
> Just wrapping up a trial with them for a traffic sample. We saw no
> issues in processing north of 300 million messages. Care to share
> what issues did you see?
The sorbs.net provides 15 NS records, from which at
Ahoj,
Dňa Wed, 23 Feb 2022 13:10:56 + "Sinclair, John via mailop"
napísal:
> to rolling and hosting my own email server for the family. What's
I use own mail server for some years (5 or so), using exim (+ rspamd
now) and dovecot (+ xapian FTS & roundcube) on Debian Linux, which
starts for
Dňa 27. marca 2022 4:48:06 UTC používateľ Mike via mailop
napísal:
>The question would be, in my mind, why would not yahoo not seem to care
>if mail is not delivered to its customers?
IMO, it is really simple. First ask yourself, who is interested in
email delivery? Sender or recipient?
While
Ahoj,
Dňa Fri, 7 Jan 2022 11:18:21 -0800 Brandon Long via mailop
napísal:
> Google is providing a service to users at a price with a set of
> limits. There are many
> limits to the system, as there are limits to the mail systems other
> companies provide.
I had two simple questions and you
Hi,
Dňa Thu, 14 Apr 2022 12:43:12 -0400 Bill Cole via mailop
napísal:
> Basic robustness demands that after a 250-at-EoD, the receiving
> system should not simply drop a message but either deliver it or
> bounce it. Failures should not be silent. Delivery to somewhere other
> than the INBOX is
Dňa 24. augusta 2023 11:10:48 UTC používateľ Graeme Fowler via mailop
napísal:
>On 24 August 2023 11:12:07 Jaroslaw Rafa via mailop wrote:
>
>
>> If it is just a random netblock of some ISP that just happens to contain
>> some spamming IPs (even a lot of them) inside - no, never block the
Ahoj,
Dňa Tue, 12 Sep 2023 12:28:13 +0200 Camille - Clean Mailbox via mailop
napísal:
> └─# openssl s_client -connect mx.clean-mailbox.com:25 -starttls smtp
I can do TLS1.0, TLS1.2 & TLS1.3 handshake with your server and GnuTLS
reports certificate as valid, thus the certificate itself seems to
Ahoj,
Dňa Tue, 12 Sep 2023 09:25:59 +0200 Geert Hendrickx via mailop
napísal:
> The reason is likely the certificate itself, not the chain; this
> server offers (only) an ECC certificate, and while the vast majority
> of clients are compatible with this today, some still only support
> RSA.
Dňa 12. septembra 2023 6:12:16 UTC používateľ "Taavi Eomäe via mailop"
napísal:
>No. The chain may contain an expired root certificate. A client must only
>validate the chain until the first trusted root. LetsEncrypt's should be
>trusted first, certificate chain must be validated until that
Dňa 12. septembra 2023 6:18:56 UTC používateľ Camille - Clean Mailbox via
mailop napísal:
>Also I think it's normal that the client doesn't like the answer of my servers
>if the client tries to initiate a SSLv3 connection, as I've disabled it in
>Postfix.
While i am not familiar with postfix
Dňa 24. októbra 2023 8:44:49 UTC používateľ Christof Meerwald via mailop
napísal:
>On Tue, Oct 24, 2023 at 12:17:30PM +0800, Philip Paeps via mailop wrote:
>> crt.sh provides a handy service you can poll.
>>
>> They provide JSON output.
>
>They also provide an Atom feed you can use with your
Dňa 29. októbra 2023 18:40:37 UTC používateľ pgnd via mailop
napísal:
>in each case, the same "dkim=neutral (no key) header.i=..." anomaly is
>presence in headers
I cannot tell what gmail's "no key" means, but in our country it means,
that key cannot be fetched/parsed for some reason. AFAIK
Dňa 30. októbra 2023 10:11:11 UTC používateľ John R Levine via mailop
napísal:
> By the way, have you asked the author of RFC8463 which defines ed25519
> signatures what his opinion is on this?
No, i idn't. Please, can you share that?
regards
--
Slavko
https://www.slavino.sk/
Dňa 30. októbra 2023 12:01:41 UTC používateľ "L. Mark Stone via mailop"
napísal:
>If you browse to https://www.rfc-editor.org/rfc/rfc8463 and scroll to the
>bottom you'll see the author's name and contact information.
>
>Things should become a bit clearer then...
Yes and no. For me it opens
Dňa 28. októbra 2023 12:39:59 UTC používateľ pgnd via mailop
napísal:
>i suspect the culprit is that GMail's mis-handling the ed25519 dkim key, but i
>can't verify it since no response from @Google Postmaster.
>but, only @gmail recipients seems to be having this issue
AFAIK gmail doesn't
Dňa 30. októbra 2023 15:42:35 UTC používateľ "Gellner, Oliver via mailop"
napísal:
>John and you had that discussion already in
>https://list.mailop.org/private/mailop/2023-April/025022.html. The net result
>was:
Yes, but until now i didn't realize that he is RFC's author (or i
forgot that),
Dňa 21. 9. o 9:27 Gellner, Oliver via mailop napísal(a):
The bugs don't have to be security related, they just lead to wrongly computed DKIM signatures,
because some implementations applied the steps defined in the RFC for the relaxed canonicalization
in a wrong way or wrong order or
Ahoj,
Dňa Sat, 30 Sep 2023 10:19:01 +0100 Simon Arlott via mailop
napísal:
> "< jgh> one's in the resolver library. I find it questionable that
> it's being raised against Exim, as if we have to protect ourselves
> against a library. But AFAIK it's still open.
>
> < jgh> whatever the system
Dňa 2. 10. o 18:34 Brandon Long via mailop napísal(a):
I've raised a bug to take a look, this looks like a too broad dkim replay
rule.
I am not sure if that is the same, but in last two days i see these
bounces from github's DMARC rua address for my DMARC reports:
** Message blocked **
Dňa 9. 10. o 8:44 Kirill Miazine via mailop napísal(a):
The reason for a long retry is that I have to manually decrypt mailstore
partition in case of server reboot. Exim would accept the message, but
defer delivery until the mount appears. I wanted to have some time in
case of a reboot and me
Dňa 6. októbra 2023 13:29:36 UTC používateľ Bernardo Reino via mailop
napísal:
>This is unrelated, but yes, I believe DMARC considers that when deciding
>when/whom to send the reports.
You can omit the believe, rspamd does that checks. i have
mentioned gmx.* domains in noReportSend list due
Dňa 5. 10. o 9:58 Bernardo Reino via mailop napísal(a):
I have the same issue. Unfortunately there's a lot of servers which
request DMARC reports, but then outright reject them (or use an invalid
address).
My list of no_dmarc_reporting_domains.txt (in RSPAMD) keeps growing,
slowly.
But
Hi,
recently i noticed, that one RPZ from abuse.ch floods my logs about
syntax error in it. As i contributed to improve its RPZs syntax some
(long) time ago, i go to their site to find email address as previously,
to report that.
I found no email address but link to contact form at spamhaus
Dňa 22. októbra 2023 12:50:52 UTC používateľ Philip Paeps
napísal:
>Note that, as far as email is concerned, plaintext downgrade attacks are much
>more likely than fraudulent certificates.
Hmm, and what about MUAs?
regards
--
Slavko
https://www.slavino.sk/
Hi all,
while not directly about email, recently was published details
about success MiTM attack against XMPP server, the attacker
was able to decrypt TLS communication without notice (from
both sides, the server and client) and was success for at least
three months, see
Dňa 22. októbra 2023 19:18:33 UTC používateľ Jeroen via mailop
napísal:
>...most MTAs and MUAs support it out of the box.
Is list of these availeble somewhere?
regards
--
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
Dňa 23. októbra 2023 10:26:57 UTC používateľ Jaroslaw Rafa via mailop
napísal:
>However, all this discussion is hardly related to email, as - as many have
>noted - there's hardly any certificate checking at all between MTAs.
Do you want to tell, that MUAs communications are not part of email?
Ahoj,
Dňa Fri, 6 Oct 2023 12:17:31 +0200 Slavko via mailop
napísal:
> Dňa 6. 10. o 9:39 Marco via mailop napísal(a):
>
> > Have you tried to inform the postmaster of them to notice about the
> > problem?
>
> Not yet, if problem will persist for more days, i w
Dňa 6. 10. o 9:39 Marco via mailop napísal(a):
Am 06.10.2023 schrieb Slavko via mailop :
But this is not usual SPAM with fake or misconfigured rua mailbox, it
is domain (github.com) where i send reports for long time and only
last days it returns NDR...
Have you tried to inform
Dňa 8. októbra 2023 12:26:41 UTC používateľ "Marco M. via mailop"
napísal:
>> 550 5.1.1 : Recipient address rejected: User
>> unknown in virtual mailbox table
>
>That is the right way to deal with that.
Except that who know what "virtual mailbox table" means...
regards
--
Slavko
Dňa 24. 10. o 4:04 Ian Kelling via mailop napísal(a):
Anyone know how to monitor C-T logs? I looked around a bit and didn't
see how to actually do it for let's encrypt certs.
I recently installed https://github.com/SSLMate/certspotter
Hard to say any opinion yet, as i install it on one my
Hi all,
i recently start to sign subdomain's (no bulk, nor mass, nor advertising,
etc) mails by parent (main) domain key, mostly to simplify DNS setup,
thus mails looks eg.:
DKIM-Signature: ... d=example.org
From:
That works and AFAIK it is permited/mentioned in RFC and IMO
have to
Dňa 20. augusta 2023 19:35:35 UTC používateľ John Levine via mailop
napísal:
>It's only useful as documentation for the sender in case you get a
>message back in a complaint. I add it but there's no need to do so.
Ok, thanks.
--
Slavko
https://www.slavino.sk/
Dňa 21. augusta 2023 14:51:14 UTC používateľ Al Iverson via mailop
napísal:
>The problem is that even if you have DMARC in place, it is VERY easy
>to configure SPF checking so that SPF-failing mail is blocked at the
>edge...you never get far enough to denote DKIM passing. Having
>accidentally
Dňa 21. augusta 2023 7:44:45 UTC používateľ Alessandro Vesely via mailop
napísal:
>Are you actually moving email addresses to a subdomain?
No, no changes in mail, only in DKIM.
>It is also possible to set:
>
> DKIM-Signature: ... d=sub.example.org
Yes, that i used, and that is what i
Dňa 26. augusta 2023 11:29:34 UTC používateľ Alessandro Vesely via mailop
napísal:
>On Fri 25/Aug/2023 23:12:56 +0200 postfix wrote:
>> users either underuse, or overconsume. In both cases they are paying more
>> than what a market without subscription would do.
>
>Aha, so that's why they tend
Dňa 25. augusta 2023 16:01:42 UTC používateľ Michael Orlitzky via mailop
napísal:
>In short: cheap implies bad but bad doesn't imply cheap.
Yes, Windows is cheap. But Linux is even free, thus it must
be really, really bad...
regards
--
Slavko
https://www.slavino.sk/
Dňa 19. apríla 2022 13:54:30 UTC používateľ "Lichtinger, Bernhard via mailop"
napísal:
>It looks like Gmail imposes a DMARC policy of reject for every sender domain
>ignoring the actual DNS entries for DMARC or their absence.
In other words, gmail know better what is better for me (my
1 - 100 of 313 matches
Mail list logo
