[pfx] Re: milter: could it splice (, somehow)?

[Viktor Dukhovni via Postfix-users]

On Sat, Mar 11, 2023 at 01:54:01AM +0100, Steffen Nurpmeso via Postfix-users 
wrote:

> - sign the entire message as for now,

You're confusing the message and the envelope.

> - but include a "cramped=1" tag that signals that all receivers
>   are actually covered by the DKIM signature, so

The envelope is not part of the signed message, and the envelope changes
in transit, and is knowable to the message signer when the message is
first submitted to the mail system.

Whatever problem you're trying to solve, it has nothing to do with
DKIM.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] mailman mangling (Was: Re: milter: could it splice (, somehow)?)

[Steffen Nurpmeso via Postfix-users]

Steffen Nurpmeso wrote in
 <20230311005401.bynjz%stef...@sdaoden.eu>:
 ...
 |>From [.]

And i know it is not popular among UNIX people, who like it
that way, but this "From_" quoting was introduced by mailman
(i presume) when it mangled my quoted-printable to something
non-reversible.

I do not know whether this is configurable for mailman3, but _if_
it still uses MIME for a totally munged message even though it
does not need it no more after munging (type text/plain, charset
US-ASCII, transfer-encoding 7-bit), you know.

It does not really matter, but it modifies the content in
a non-reversible manner, and it is also a stupid algorithm that
only looks for "^From " (or hopefully at least the still stupid
"\n\nFrom ") --- granted the MUA i maintain was also very stupid
regarding such (until i was prodded from a Dr. from SuSE to do
something about it).

Ciao.

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] milter: could it splice (, somehow)?

[Steffen Nurpmeso via Postfix-users]

Hello.

Imagine the DKIM standard would be revised and extended a bit (to
get rid of DMARC and ARC, even, could it be) to

- sign the entire message as for now,

- but include a "cramped=1" tag that signals that all receivers
  are actually covered by the DKIM signature, so

- for any "RCPT TO:<>" not in any of To:, Cc: -- or even for _any_
  "RCPT TO:<>" -- a dedicated message is to be sent to the MX of
  the hostname of the RCPT, with an additional hypothetic
  DKIM-RCPT: header (only the signed "RCPT-TO:<>") prepended to
  the otherwise unchanged message.

>From looking at all the milter related messages and the protocol
description and even the C header file content that Wietse has
posted over the time that i am on this list, it seems impossible
to implement this in a milter easily, or at all -- the milter
could only strip all but one RCPT-TO, for any other RCPT-TO it had
to reconstruct the message, and feed it into say even sendmail(1)
via -t, recipient by recipient -- and how could it avoid being
reinvoked for each of them.

So am i right the best possibility to implement a DKIM that has
been revised in such a manner would be to implement a filter thing
that speaks a bit SMTP so that users could create "postfix ->
filter -> another-postfix-for-sending-out" chain?
Or which other possibilities exist to create a normalized message,
add a signature header, and then (possibly) splice it per RCPT-TO?

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] sender address verification: easy bypass for myhostname/mydomain?

[Steffen Nurpmeso via Postfix-users]

Hello.

I see a thread for "double-bounce check applied to itself" from
February 2021, but it does not exactly fit this bill (i think):

  Mar 11 01:10:36 postfix/smtpd[2936]: connect from 
AWS-OUTLOOK.TOP[85.31.45.162]
  Mar 11 01:10:37 postfix/smtpd[2936]: Anonymous TLS connection established 
from aws-outlook.top[85.31.45.162]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 
(256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) 
server-digest SHA256
  Mar 11 01:10:42 postfix/smtpd[2936]: NOQUEUE: reject: RCPT from 
AWS-OUTLOOK.TOP[85.31.45.162]: 450 4.1.7 : Sender address 
rejected: unverified address: unknown user: "admin"; from= 
to= proto=ESMTP helo=
  Mar 11 01:10:42 postfix/cleanup[2945]: A333C1605C: 
message-id=<20230311001042.a333c16...@sdaoden.eu>
  Mar 11 01:10:43 postfix/smtpd[2936]: disconnect from 
AWS-OUTLOOK.TOP[85.31.45.162] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
commands=5/6
  Mar 11 01:10:43 postfix/qmgr[2779]: A333C1605C: 
from=, size=219, nrcpt=1 (queue active)
  Mar 11 01:10:44 postfix/local[2946]: A333C1605C: to=, 
relay=local, delay=1.4, delays=1.2/0.02/0/0.27, dsn=5.1.1, status=undeliverable 
(unknown user: "admin")
  Mar 11 01:10:44 postfix/qmgr[2779]: A333C1605C: removed

Is there an easy (non-DNS etc) way to say that @sdaoden.eu (or
even @(.+\.)?sdaoden\.eu MUST NOT come from the outside, so
i could put that

  check_policy_service unix:private/postgray,

.. in here ..

  reject_unverified_sender,
  permit

of my smtpd_sender_restrictions?

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Ralph Seichter via Postfix-users]

* Robert A. via Postfix-users Cooper:

> Some of us don't have a choice and are stuck with MS mail products due
> to work policies. while OWA does now support header filtering, that
> has not always been the case.

So you are saying that even Microsoft has finally seen the light. Good,
it took them long enough. Which mailing-list-unfriendly MUAs are left to
consider, then? If any?

> Other may be in similar situations with required clients that don't
> have all the features you want for a power user.

Maybe there are MUAs unsuitable for mailing list out in the wild, but
frankly, I don't see why the 99% of us who use decent software should
suffer for the affected 1% of mailing list subscribers. Some may call
that selfish, but I say: Keep the pressure up to push crappy policies
and crappy MUAs out, there are good alternatives available. Perhaps
that's just me being rebellious, but hey, fight the system. ;-)

-Ralph
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Cooper, Robert A via Postfix-users]

Some of us don't have a choice and are stuck with MS mail products due to work 
policies. while OWA does now support header filtering, that has not always been 
the case.  Other may be in similar situations with required clients that don't 
have all the features you want for a power user.  I would say that 98% of 
listservs I have been on for years all use subject tags, and it's never been a 
problem for me or anyone else on those lists that I've ever heard complain. I 
frankly didn't know this was even an issue for anyone until now.

RobertC


From: Markus Reichelt via Postfix-users 
Sent: Friday, March 10, 2023 13:21
To: postfix-users@postfix.org 
Subject: [pfx] Re: The joke writes itself.

This message is from an External Sender
This message came from outside your organization

--
* Ralph Seichter via Postfix-users  wrote:

> * Patrick Ben Koetter via Postfix-users:
> > I don't need tags.
> Seconded. Do we really need to cater for software that's unable to use
> the "List-Id" headers? These are mailing lists for Postfix users and
> devs, not for a knitting circle, so I think it is fair to assume we
> subscribers all use decent software.

+1

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Helping OpenDKIM and OpenDMARC

[Dan Mahoney via Postfix-users]

Hey there all,

I am one of the people who has maintainer access to OpenDKIM and OpenDMARC.  I 
use both regularly, but I’m also a novice as a C-coder.  (Sysadmin, not 
developer).  As mentioned in another thread, I don’t have access to the web 
hosting stuff or the list management stuff, though I’m tempted to just put up a 
temp site on AWS and ask the person who DOES have access to put in an HTTP 
redirect for both of those.

This is not my day job.  My day job is in DNS operations, and it can be 
insanely busy, but also has lulls.  I’ve also had a family situation that 
derails me at times.  Without breaking confidences or saying too much, brains 
suck sometimes.  (If you know, you know).

=

Anyway,

Here’s a list of the things I’m trying to do, soonish:

1) Get the current “develop” branch of OpenDKIM cut into a release branch that 
includes recent enough SSL that it works on recent version, works with a modern 
autoconf, and works with the key types people are presently using.

2) Get some of the critical patches that are being used in some of the mainline 
OSes into base.

THIS IS HARD.  People jump in and say “Wait, I use GNUTLS, so I need that 
too!”.  People say “Wait, this ancient solaris box I have in the corner running 
mail still uses openSSL 0.9.6, don’t break it on me!”.  People complain about 
the lack of progress which honestly, doesn’t help.  I know.

This is also hard because there’s been a history of community patches breaking 
things on some other OS, or causing vague stability issues.

3) Get testing infrastructure spun up (on AWS or local VMware or somewhre that 
I can spin up for more OSes).  Running unit tests on Slackware (via something 
like Jenkins, or manually) is not as simple as it sounds.

As an example, someone posts a vague bug that says “this breaks for me on 
slackware 15”.  Well, to respond to that, I need to replicate the problem on a 
Slackware 15 box.  Slackware is NOT a friendly OS to just install and get 
running”.  Same for OpenBSD.  Same for Arch Linux.  Same for Alpine Linux.  
Same for….etc.  

Each OS is a special snowflake with regard to how to get a BASE system able to 
configure a network stack and services without the system installing everything 
from X to Cups, maybe some firewall rules so we’re not running an 
open-to-the-world thing, install enough packages to build and keep up to date, 
and get cron running.

I don’t think this project is unsalvageable, and I feel like forking it would 
do more harm than good.  I want something better out the door, too.

I may re-post this to mailop, but if you’re the kind of person that feels able 
to help with some of this, I’ll get (pending boss permission) a new mailing 
list spun up on dayjob’s existing infra that we can use to get going TODAY.  
Please contact me privately.



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Markus Reichelt via Postfix-users]

* Ralph Seichter via Postfix-users  wrote:

> * Patrick Ben Koetter via Postfix-users:
> > I don't need tags.
> Seconded. Do we really need to cater for software that's unable to use
> the "List-Id" headers? These are mailing lists for Postfix users and
> devs, not for a knitting circle, so I think it is fair to assume we
> subscribers all use decent software.

+1

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Postfix lists are migrating to a new list server

[Dan Mahoney via Postfix-users]

> On Mar 10, 2023, at 10:59 AM, Ralph Seichter via Postfix-users 
>  wrote:
> 
> * Jim Popovitch via Postfix-users:
> 
>> On Fri, 2023-03-10 at 17:35 +0200, mailmary--- via Postfix-users wrote:
>> 
>>> Looking at the opendkim/opendmarc right now, they appear dead over
>>> the past 2 years or so, which is sad really.
>> 
>> It's not sad at all. It's a testament to the stability of the project.
>> Sure, both projects could use some polishing maybe, but that is not
>> something that is "sad"
> 
> Looking at the number of open issues and pull requests on GitHub for both
> OpenDKIM and OpenDMARC, the assessment "He's dead, Jim." seems fitting
> to me. To give just one example, Michael Orlitzky and I opened a pull
> request adding OpenRC support (required for Gentoo Linux) to OpenDKIM in
> April 2019 [1], and that PR is still stuck in limbo, as are many other
> enhancements and bugfixes. To me, these are not signs of maturity or
> stability, but of abandonment and death.

So, this is a serious thread hijack off the whole “lists migrating to a new 
server” and I’m not going to respond much here.

We could use help on a bunch of things, and I’m going to try and put together a 
list.  I have administrative access to many things, but critically, NOT the box 
hosting the DNS or the mailing lists.

I want to fix things.  It’s not my day job, and I need help.  Maybe I’ll make a 
separate post here.

-Dan

> 
> -Ralph
> 
> [1] https://github.com/trusteddomainproject/OpenDKIM/pull/41
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Phil Stracchino via Postfix-users]

On 3/10/23 13:54, Ralph Seichter via Postfix-users wrote:

* Patrick Ben Koetter via Postfix-users:


I don't need tags.


Seconded. Do we really need to cater for software that's unable to use
the "List-Id" headers? These are mailing lists for Postfix users and
devs, not for a knitting circle, so I think it is fair to assume we
subscribers all use decent software.



I honestly don't see a need for a tag on the users list.  And I would 
*GUESS* that those subscribed to the dev list probably keep it separate 
from the users list (but maybe not?  It's a free world).


But I would suggest that [announce] has definite value.


--
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[mailmary--- via Postfix-users]

Unfortunately, due to company policy, I can only work with RPM packages from 
either the default repo or EPEL and nothing else. I know several other 
companies that have the same rule. Its not something that I can change, so I 
work with what I have.



On Fri, 10 Mar 2023 11:14:14 -0500 PGNet Dev via Postfix-users 
 wrote:

> > The problem with dkimpy/dkimpy-milter, is that they don't exist in 
> > enterprise distros (Alma, Rocky, Oracle) via EPEL.  
> FWIW, it's a trivial install with python/pip, and plays nicely in a venv.  
> works a charm here.
> 
> rpm spec's also straightforward.
> 
> here's one for Fedora,
> 
>   
> https://src.fedoraproject.org/rpms/python-dkimpy/blob/rawhide/f/python-dkimpy.spec
> 
> none's built for EPEL atm, but the infrastructure is there,
> 
>   https://src.fedoraproject.org/rpms/python-dkimpy
> 
> any interested party could certainly chime in there
> 
> should be similar for dkimpy-milter ...
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Postfix lists are migrating to a new list server

[Ralph Seichter via Postfix-users]

* Jim Popovitch via Postfix-users:

> On Fri, 2023-03-10 at 17:35 +0200, mailmary--- via Postfix-users wrote:
>
>> Looking at the opendkim/opendmarc right now, they appear dead over
>> the past 2 years or so, which is sad really.
>
> It's not sad at all. It's a testament to the stability of the project.
> Sure, both projects could use some polishing maybe, but that is not
> something that is "sad"

Looking at the number of open issues and pull requests on GitHub for both
OpenDKIM and OpenDMARC, the assessment "He's dead, Jim." seems fitting
to me. To give just one example, Michael Orlitzky and I opened a pull
request adding OpenRC support (required for Gentoo Linux) to OpenDKIM in
April 2019 [1], and that PR is still stuck in limbo, as are many other
enhancements and bugfixes. To me, these are not signs of maturity or
stability, but of abandonment and death.

-Ralph

[1] https://github.com/trusteddomainproject/OpenDKIM/pull/41
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Ralph Seichter via Postfix-users]

* Patrick Ben Koetter via Postfix-users:

> I don't need tags.

Seconded. Do we really need to cater for software that's unable to use
the "List-Id" headers? These are mailing lists for Postfix users and
devs, not for a knitting circle, so I think it is fair to assume we
subscribers all use decent software.

-Ralph
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: milter-reject: END-OF-MESSAGE

[Steffen Nurpmeso via Postfix-users]

Gerald Galster wrote in
 :

In my postgray thing i have "allow .dhl.de" (surely for a reason).

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: The joke writes itself.

[Steffen Nurpmeso via Postfix-users]

Matthias Fechner wrote in
 :
 |Am 10.03.2023 um 13:01 schrieb Patrick Ben Koetter via Postfix-users:
 |> In the old days I used the tags to filter my messages and place them \
 |> in the
 |> right mailbox. With the advent of DMARC I stopped that and turned \
 |> to using
 |> List-Id:-headers as filter trigger. They are invisible, they don't \
 |> require
 |> Subject:-header modification and thus don't break DKIM sigs and the \
 |> folder the
 |> message gets placed in tells me which mailing list it comes from.
 |>
 |> I don't need tags.
 |
 |I see it the same way it even disturbs reading the subject line.

I do not as it depends on your way of reading email.
Here anything is thrown into a single download box and read
sequentially, then stuff to be saved is dispatched to other boxes.
This ^ is the historical way of doing things even, from the 70s,
where you have a system inbox (or $MAIL) and the mailer would
manually save to your $MBOX what is to be saved (by default).
So having a human receivable at-a-glance indication is good for my
way of doing things.  Having said that, List-ID: is a good thing
to use (many, many mailing lists i am on do not place tags (no
more)).  Then again if the list DKIM signs anyway, the subject is
again free to tag what the From: will reveal.

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[Jim Popovitch via Postfix-users]

On Fri, 2023-03-10 at 17:35 +0200, mailmary--- via Postfix-users wrote:
> 
> Looking at the opendkim/opendmarc right now, they appear dead over the past 2 
> years or so, which is sad really. 
> 

It's not sad at all.  It's a testament to the stability of the project.
Sure, both projects could use some polishing maybe, but that is not
something that is "sad"

-Jim P.

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[PGNet Dev via Postfix-users]

Thanks.  As of a few minutes ago there's a dkimpy 1.1.1, although there aren't
any changes that will affect you one way or the other if you're using it for
dkimpy-milter.


thx,

Name: dkimpy
Version: 1.1.1

Name: dkimpy-milter
Version: 1.2.3


the 'hardest' part is  that my pip-installed pkgs don't notify on maintenance 
updates!


o/


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[Phil Stracchino via Postfix-users]

On 3/10/23 11:13, Curtis Maurand via Postfix-users wrote:

On 3/7/23 15:36, Bernardo Reino via Postfix-users wrote:

rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't
segfault (so far ;-)


I've been running rspamd for nearly a year and I've been very happy with
it.  It's a huge improvement over amavis/spamassassin. It is very fast.


Same.  I've been running it for    something over five years, I 
don't remember exactly, ever since DSpam (which was EFFING FANTASTIC) 
succumbed to terminal bit-rot due to lack of maintenance.


(I was getting 99.997% overall filtering accuracy with DSpam.)


--
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[Curtis Maurand via Postfix-users]

On 3/8/23 15:30, Scott Techlist via Postfix-users wrote:

On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote:


So what's the option for a more upto date version of DKIM milter for debian?

rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't segfault (so
far ;-)

I'm STILL trying to figure out rspamd's documentation enough to
understand how to enable and configure all of those, so that I can have
one milter instead of four.


I too would be grateful for a pointer to a decent how-to/guide on setting it 
up.  I'm still using amavis and clamd.  Always apprehensive to change horses.


I use it with ispconfig on devuan (debian bullseye without systemd).  
It's works very well.  It was easy to set up and configure.  A lot of 
the configuration can be done through it's web interface.  Setting 
scores marking and rejecting are done via the ispconfig interface. I 
agree that it's documentation is cryptic and not for the faint of 
heart.  They surely don't stick to the KISS method.



--
Curtis
https://curtis.maurand.com

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[PGNet Dev via Postfix-users]

The problem with dkimpy/dkimpy-milter, is that they don't exist in enterprise 
distros (Alma, Rocky, Oracle) via EPEL.

FWIW, it's a trivial install with python/pip, and plays nicely in a venv.  
works a charm here.

rpm spec's also straightforward.

here's one for Fedora,


https://src.fedoraproject.org/rpms/python-dkimpy/blob/rawhide/f/python-dkimpy.spec

none's built for EPEL atm, but the infrastructure is there,

https://src.fedoraproject.org/rpms/python-dkimpy

any interested party could certainly chime in there

should be similar for dkimpy-milter ...
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[Curtis Maurand via Postfix-users]

On 3/7/23 15:36, Bernardo Reino via Postfix-users wrote:

On Tue, 7 Mar 2023, John Stoffel via Postfix-users wrote:

So what's the option for a more upto date version of DKIM milter for 
debian?


rspamd does DKIM, SPF, DMARC and ARC (and lots more), and doesn't 
segfault (so far ;-)


I've been running rspamd for nearly a year and I've been very happy with 
it.  It's a huge improvement over amavis/spamassassin. It is very fast.


--Curtis

--
Curtis
https://curtis.maurand.com

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Marvin Renich via Postfix-users]

* Cooper, Robert A via Postfix-users  [230310 09:59]:
> I posted about the List-ID changing three days ago, but it seems to
> have gotten lost in the prefix discussion.  for the record, I like
> list prefixes. It's easier to filter on subject than on headers that
> may or may not be present from any particular list.
> 
> I've found one change to the mailing list header I didn't expect, and
> my mail filter for the list 'broke' on it.

It seems you like them for purposes having to do with automation, rather
than that they help you read the messages.  This is clearly a job for
the List-Id header.  The fact that it broke once when a major change was
being made to the mailing list is not a reason to prefer subject
filtering over list-id filtering; your filter would have broken if the
[P-U] prefix had been in use for a while and then it was changed to
[pfx].  It is no different.  The list-id is intended to remain constant,
if not for the life of the list, at least it should only change when
major changes are necessary anyway.

> The old server had:
> List-Id: Postfix users 
> 
> The new one has:
> List-Id: "For discussions about using Postfix: questions, problem reports,
> or feature requests. Open subscription, unmoderated,
> posting by members only." 
> 
> (and yes, the new list-id actually has postfix-users.postfix.org, instead of 
> @.)

This may have been an intentional change to conform to RFC 2919 for
List-Id:

  The list identifier will, in most cases, appear like a host name in a
  domain of the list owner.

> RobertC

Additionally, every MUA that I know of recognizes a subject beginning
with "Re:" or "RE:" and when replying avoids duplicating this in the
reply subject.

While I have used mutt exclusively for a long time to send email, I
occasionally use other programs for reading.  I just checked both
Thunderbird and Evolution (and mutt), and none of them recognize
"[prefix] Re:", so unless the person replying realizes it and manually
adjusts the subject, the subject will keep growing with each reply.

I have not heard of any MUA that recognizes "[prefix] Re:", but that
doesn't mean there aren't any.

Please, please, _please_ remove the subject prefix.

...Marvin

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: milter-reject: END-OF-MESSAGE

[Gerald Galster via Postfix-users]

> 2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
> rspamd_task_write_log: id: , qid: <3129536A7A2>, ip: 165.72.200.209, 
> from: , (default: F (soft reject): [5.31/15.00] 
> [BAYES_HAM(-2.99){99.97%;},DCC_BULK(2.00){bulk Body=1 Fuz1=4 
> Fuz2=many;},MIME_HEADER_CTYPE_ONLY(2.00){},MISSING_MIME_VERSION(2.00){},INVALID_MSGID(1.70){},MID_MISSING_BRACKETS(0.50){},MIME_HTML_ONLY(0.20){},MIME_GOOD(-0.10){multipart/related;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},GREYLIST(0.00){greylisted;Fri,
>  10 Mar 2023 10:59:43 GMT;new 
> record;},HAS_ATTACHMENT(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_NO_TLS_LAST(0.00){},R_SPF_DNSFAIL(0.00){(SPF):
>  spf DNS fail;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 
> 17588, time: 251.485ms real, 3.883ms virtual, dns req: 0, digest: 
> , rcpts: , mime_rcpt: 
> 

messages below greylist_min_score are not greylisted.

You could

- change that score
  https://rspamd.com/doc/modules/greylisting.html

- change other scores like DCC_BULK, MIME_HEADER_CTYPE_ONLY, ...
  https://rspamd.com/doc/modules/rspamd_update.html

- accept/change score per sender/recipient/...
  https://rspamd.com/doc/modules/multimap.html

Rspamd is quite complex and there are many options.
Your issue is not related to postfix.

Best regards,
Gerald
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[mailmary--- via Postfix-users]

The problem with dkimpy/dkimpy-milter, is that they don't exist in enterprise 
distros (Alma, Rocky, Oracle) via EPEL.


The popularity of opendkim/opendmarc is due to their packages being available 
via EPEL.


Looking at the opendkim/opendmarc right now, they appear dead over the past 2 
years or so, which is sad really. I hope the project owners decide to either 
close the projects or give them away to someone else. There is no reason to 
beat a dead horse.



On Fri, 10 Mar 2023 10:19:40 -0500 PGNet Dev via Postfix-users 
 wrote:

> ime, dkimpy/dkimpy-milter are great alternatives to opendkim stagnation/bloat
> 
> here, in production on Fedora boxes,
> 
>   Name: dkimpy
>   Version: 1.1.0
> 
>   Name: dkimpy-milter
>   Version: 1.2.3
> 
> have been working with postfix with no issues at all, at least for my use 
> cases.
> 
> much appreciated!
> ___
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Michael Fladerer via Postfix-users]

Hi.

On Fri Mar 10, 2023 at 14:57:41 +, Cooper, Robert A via Postfix-users wrote:
> I posted about the List-ID changing three days ago, but it seems to have 
> gotten lost in the prefix discussion.  for the record, I like list prefixes. 
> It's easier to filter on subject than on headers that may or may not be 
> present from any particular list.
> 
> I've found one change to the mailing list header I didn't expect, and my mail 
> filter for the list 'broke' on it.
> 
> The old server had:
> List-Id: Postfix users 
> 
> The new one has:
> List-Id: "For discussions about using Postfix: questions, problem reports,
> or feature requests. Open subscription, unmoderated,
> posting by members only." 
> 
> (and yes, the new list-id actually has postfix-users.postfix.org, instead of 
> @.)

can't you simply adjust the filter rule?  That's what I did...

> RobertC
> (ps and before anyone gets mad at me for top-posting replies, take a minute 
> to tell me how to make OWA do that. I can't find any way to change it.)

I don't really use owa but I have access to an installation so I
checked.  When I click on 'reply' in the message composition frame
appears a small two arrow icon in the top right corner of the frame.
After clicking it the view changes into a full composition view
including the original message text in which you can position your text
anywhere you like.

HTH.

Best regards,
Michael

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[PGNet Dev via Postfix-users]

* Scott Kitterman via Postfix-users :

That would be great.  I started dkimpy-milter for two reasons: I wanted to
experiment with the new DKIM crypto types that lead to RFC 8463 and there
didn't seem to be much activity with opendkim maintenance (this is, of course,
ironic given how well I did with dkimpy-milter maintence recently).

I did finally get a new release out recently and as far as I can tell with the
updates to pymilter, dkimpy, and dkimpy-milter the crashes from non-ASCII/
UTF-8 data are a ting of the past (if someone knows otherwise, please file
bugs).


ime, dkimpy/dkimpy-milter are great alternatives to opendkim stagnation/bloat

here, in production on Fedora boxes,

Name: dkimpy
Version: 1.1.0

Name: dkimpy-milter
Version: 1.2.3

have been working with postfix with no issues at all, at least for my use cases.

much appreciated!
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: milter-reject: END-OF-MESSAGE

[Bill Cole via Postfix-users]

On 2023-03-10 at 05:59:00 UTC-0500 (Fri, 10 Mar 2023 11:59:00 +0100)
Adrian Huryn via Postfix-users 
is rumored to have said:


Thanks for reply.
Logs from rspamd

[...]
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; lua; 
greylist.lua:348: greylisted until "Fri, 10 Mar 2023 10:59:43 GMT", 
new record
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
lua_task_set_pre_result: : set pre-result to soft reject: 'Try 
again later'


Now we know that you're using rspamd and that you have it configured to 
do "greylisting," which *BY DESIGN* defers messages from unfamiliar 
sources for a short period. I'm guessing that you are in UTC+1 (CEST) 
and this looks like a 5 minute deferral, which is reasonable for 
greylisting.


This is not a Postfix issue, it is an example of rspamd working as it 
was designed and configured to work. Consult your rspamd documentation 
or whatever support channels exist for rspamd.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Scott Kitterman via Postfix-users]

On Friday, March 10, 2023 7:04:30 AM EST Patrick Ben Koetter via Postfix-users 
wrote:
> * Gerald Galster via Postfix-users :
> 
> > >>> This list uses Mailman configuration settings, not handcrafted code.
> > >>> If people believe that it is worthwhile to change the Mailman
> > >>> implementation or the DMARC spec, then I suggest that they work
> > >>> with the people responsible for that.
> > >> 
> > >> 
> > >> There is no need for changing implementations, it's already there.
> > >> 
> > >> https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config
> > >> /docs/config.html
 
> > >> 
> > >> remove_dkim_headers
> > > 
> > > 
> > > THAT is a global Mailman setting. It cannot be configured on a
> > > per-list basis. The postfix lists are hosted on a multi-tenant
> > > service, it does not run on its dedicated MTA.
> > 
> > 
> > I just wrote that because p@rick (sys4 AG) asked on the mailop
> > mailinglist
> > 2023-02-17 "Should mailing list messages be DKIM signed? (ARC / DKIM)".
> > He was about to setup a new mailing list server with mailman 3.
> > Given there are virtually no other lists in postorious index, chances are
> > this is a new server currently only hosting the postfix mailinglist
> > and some testlists so that settings might not be final yet.
> > 
> > Just out of curiosity it would have been nice to know why he made
> > that choice.
> 
> 
> You mean why I choose to use Mailman 3 and not other MLMs?
> 
> I used to by python.org postmaster for 20 (?) years and there's a natural
> sympathy for anything that comes from pydotorg. Then I used to be on the
> MM3
 developer team in the early 2000s and some of the ideas and concepts I
> came up with have found their way into MM3. Besides my personal historic
> preferences, I choose MM3 because it has been there for a few years now and
> I don't see it being used widely, though I believe it should. We
> (community) need a modern MLM and MM3 is modern. There are some things I
> don't like about MM3. If you come from Postfix MM3 documentation is, to put
> it, frustrating. It's developers who documented what is interesting to
> developers, but there don't seem to be any documents for operators. That
> kicks in when you need to find out how mailman-core, hyperckitty and
> postorius play together. The web application, to me, should really see some
> UX love. I constantly get lost hunting options I saw, but I can't remember
> where. Besides, rendering descriptions / options of parameters visibly into
> the interface blows up each settings page and the rendering lacks
> structure. So you end up scanning through a blob of options trying to catch
> what might to what you want. Wietse can probably tell how much he suffered
> at some point to get MM3 what he wanted it to do for the postfix-mumble
> lists. What I like about MM3 is it's approach to subscriber self
> management. Once you've become a registered MLM platform participant you
> can easily change settings that will apply to all lists you've subscribed
> to in one place. I consider that a great usability benefit for subscribers.
> 
> But most of all I wanted to create a Mailing list platform that is capable
> of and uses modern email technologies. We have ARC in place and need to
> figure out a few undocumented issues we still need to address before it
> will actually work. But that's a temporary problem. I want it to use ARC
> because even though it is still EXPERIMENTAL, it will likely be here to
> stay and ARC has been designed to fix the DMARC issues that had been put on
> our shoulders when DMARC was adopted by major industry players.
> 
> And… while I write work is going on in the background to provide a fully
> DNSSEC enabled DNS stack which will allow us to host a DANE enabled mailing
> list platform.
> 
> ⌁ [p:~] $ dig +short +dnssec MX postfix.org
> 10 list.sys4.de.
> MX 13 2 3600 20230322050014 20230308042038 60616 postfix.org.
> DXMTOwxrFmyCf7fv02gAR0qmVeB78gGwPu74oR17y1l6vls/zbUP7P6C
> G5ZZWtHDCMruSzwISYfdwVBNnDdjXg== ⌁ [p:~] $ dig +short +dnssec A
> list.sys4.de
> 188.68.34.52
> A 8 3 3600 20230315165309 20230308142813 46365 sys4.de.
> Oi9o51moM26dA2Y2zMjMXErEz8wj/o+tadfas9QedSv5AqPg0C0uBaZd
> 31IeAZRxGxFLwECqLqPncJgyyKkNLXlTY2t1qQ60/GT3rjRof9kmIwpO
> lwYgFBwUfsjhz1rPF16W81ya+5DdPJefXuYMN4G6hOWvJPgiMo5qeUGb JFs=
 
> This will allow us to add TLSA RRs to list.sys4.de soonish and then
> postfix.org finally will life what it brought to live when Viktor
> implemented DANE support making Postfix the first and reference MTA on
> this planet to support DANE.
> 
> Secure Email Transport and Email Authentication are the two cornerstones of
> todays email policing and my personal wish is to provide a state of the art
> platform and hopefully a template how to run mailing lists in the 2020s. 
> p@rick


I think that all sounds reasonable, although I think you're overselling ARC, 
but that's a discussion for a different list.

Is there any chance of From 

[pfx] Re: [P-U] Re: Postfix lists are migrating to a new list server

[Scott Kitterman via Postfix-users]

On Wednesday, March 8, 2023 1:52:47 AM EST Patrick Ben Koetter via Postfix-
users wrote:
> * Scott Kitterman via Postfix-users :
> 
> ...
> 
> 
> > For Debian, if someone can find/test patches, I can get them into Debian's
> > package.  I assume other distributors are similar.  Feel free to update
> > the Debian bug with information.  It's unfortunate we don't have a better
> > maintained solution.
> 
> In Germany the German government is preparing an initiative to foster open
> source projects that are considered to be vital for e.g. the security of
> people when they are on the internet.
> 
> At eco e.v., Germanies lobby organization for businesses on the internet,
> we are currently investigating if opendkim and opendmarc could receive
> grant from the government.
> 
> openspf, opendkim and opendmarc have been very useful when the IETF created
> the RFCs, because you need "rough consensus and running code", and the
> programs always served to provide the latter, but then, after they had
> become the de facto standard applications, no one took on the task of
> "software gardening" and so bugs that had been discovered did not get fixed
> and new functionality has not been added. That's one of the reasons it has
> become harder to run a modern mail platform on your own if you are not a
> major player.

That would be great.  I started dkimpy-milter for two reasons: I wanted to 
experiment with the new DKIM crypto types that lead to RFC 8463 and there 
didn't seem to be much activity with opendkim maintenance (this is, of course, 
ironic given how well I did with dkimpy-milter maintence recently).

I did finally get a new release out recently and as far as I can tell with the 
updates to pymilter, dkimpy, and dkimpy-milter the crashes from non-ASCII/
UTF-8 data are a ting of the past (if someone knows otherwise, please file 
bugs).

Scott K


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Cooper, Robert A via Postfix-users]

I posted about the List-ID changing three days ago, but it seems to have gotten 
lost in the prefix discussion.  for the record, I like list prefixes. It's 
easier to filter on subject than on headers that may or may not be present from 
any particular list.

I've found one change to the mailing list header I didn't expect, and my mail 
filter for the list 'broke' on it.

The old server had:
List-Id: Postfix users 

The new one has:
List-Id: "For discussions about using Postfix: questions, problem reports,
or feature requests. Open subscription, unmoderated,
posting by members only." 

(and yes, the new list-id actually has postfix-users.postfix.org, instead of @.)

RobertC
(ps and before anyone gets mad at me for top-posting replies, take a minute to 
tell me how to make OWA do that. I can't find any way to change it.)


From: Marvin Renich via Postfix-users 
Sent: Friday, March 10, 2023 07:16
To: postfix-users@postfix.org 
Subject: [pfx] Re: The joke writes itself.

This message is from an External Sender
This message came from outside your organization

--
* Mal via Postfix-users  [230310 03:23]:
>
>
> On 10/03/2023 5:24 pm, Viktor Dukhovni via Postfix-users wrote:
> > I was also quite happy with
> > no tags at all.
>
> +1 no tags

I wholeheartedly agree.  The subject tag hinders, rather than helps,
reading list mail.  The List-Id provides better functionality than
subject tags.

And while we're at it, all that extra text in the List-Id is just too
much.  Can you please shorten it so that the entire header fits in 72
characters?  Perhaps something like

List-Id: 
"https://urldefense.com/v3/__http://www.postfix.org/lists.html__;!!KwNVnqRv!HUEhK5o5tV5OYqDlqPAGQCxr0UIWs4F0DpXiJS7EmY8QLv-001l2fMSdPT0_-DRoefKwoUxzXCDyFiMBmFrR9rLy7Q$
 " 

...Marvin

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Sender Caninical Condition

[Wietse Venema via Postfix-users]

SysAdmin EM via Postfix-users:
> Good days, request help, is it possible to use conditions in the
> sender_canonical file? we are migrating an entire system and some customers
> do not have our SPF added.
> 
> I would like to add a condition for you to rewrite the from when it does
> not match a condition.
> 
> Example,
> 
> If the from is not domain1.com and domain2.com do a rewrite of the from by
> no-re...@mydomain.com.
> 
> Any helps?

A regexp or pcre table could do that:

/etc/postfix/main.cf:
sender_canonical_maps = regexp:/etc/postfix/sender_canonical.regexp

/etc/postfix/sender_canonical.regexp:
!/@(domain1\.example|domain2\.example)$/ no-reply@mydomain.example

Don't forget the '@', '\', and '$'.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: milter_header_checks + WARN length limit

[Wietse Venema via Postfix-users]

Aleksandr Stankevic:
> Hi,
> 
> I understand that there's always a limit - this is expected.
> But the unexpected part was that the limit is very different on same-ish
> functions.
> I think making the limit the same for both scenarios would be best - if
> either 60 or 200 ( more preferred :P ).

Done, in Postfix 3.8. I also updated a similar limit in the smtp
header/body checks.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Gerald Galster via Postfix-users]

> * Patrick Ben Koetter via Postfix-users :
> 
>> * Gerald Galster via Postfix-users > >:
>> I just wrote that because p@rick (sys4 AG) asked on the mailop mailinglist
>> 2023-02-17 "Should mailing list messages be DKIM signed? (ARC / DKIM)".
>> He was about to setup a new mailing list server with mailman 3.
>> Given there are virtually no other lists in postorious index, chances are
>> this is a new server currently only hosting the postfix mailinglist
>> and some testlists so that settings might not be final yet.
>> 
>> Just out of curiosity it would have been nice to know why he made
>> that choice.
> 
> You mean why I choose to use Mailman 3 and not other MLMs?

No, I meant ARC signing for this mailinglist because I do not see a lot of
benefit to verify a sender across a public mailinglist.

The MTA usually verifies DKIM and rejects mails so only valid mails reach
the mailinglist and additionally you must be a registered user to post.
From my perspective it would be sufficient to strip all incoming DKIM
headers and only sign the outgoing mail as the sender changed to
postifx-us...@postfix.org anyway.

> MLM and MM3 is modern. There are some things I don't like about MM3. If you
> come from Postfix MM3 documentation is, to put it, frustrating.

Installing mailman 3 is a small challenge, especially when mailman core
and the webui need different python versions. That may have changed and
besides that I'm running mailman 3 without issues for years. That's why
I like it although I'm more in favor of perl ;-)

> But most of all I wanted to create a Mailing list platform that is capable of
> and uses modern email technologies. We have ARC in place and need to figure
> out a few undocumented issues we still need to address before it will actually
> work. But that's a temporary problem. I want it to use ARC because even though
> it is still EXPERIMENTAL, it will likely be here to stay and ARC has been
> designed to fix the DMARC issues that had been put on our shoulders when DMARC
> was adopted by major industry players.

While I still deem dkim/arc overkill for a public mailinglist I can understand
there are reasons to showcase a complete setup with all modern technologies.

I'm not convinced arc will be widely adopted. After all it is just a solution
for forwarding/remailing, that should be avoided anyway. Forwarding/aliasing
is useful within a company or a mailprovider where it does not cause problems.
Those mostly arise when emails are forwarded between distinct mailproviders
and for those infrequent cases there are better solutions like fetchmail.

Otherwise, if it would be impossible at some time to deliver emails without
dkim and arc, it would have to become an integral part of MTAs like DANE.
Moreover antispam software needs to evaluate and build dkim/arc reputation
databases to cope with spam ... I'm not sure forwards are worth that effort.

We'll see if it's going to stay. Thanks for elaborating!

Best regards,
Gerald___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: The joke writes itself.

[Marvin Renich via Postfix-users]

* Mal via Postfix-users  [230310 03:23]:
> 
> 
> On 10/03/2023 5:24 pm, Viktor Dukhovni via Postfix-users wrote:
> > I was also quite happy with
> > no tags at all.
> 
> +1 no tags

I wholeheartedly agree.  The subject tag hinders, rather than helps,
reading list mail.  The List-Id provides better functionality than
subject tags.

And while we're at it, all that extra text in the List-Id is just too
much.  Can you please shorten it so that the entire header fits in 72
characters?  Perhaps something like

List-Id: "http://www.postfix.org/lists.html; 

...Marvin

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Sender Caninical Condition

[SysAdmin EM via Postfix-users]

I’ve created the next rule but I don’t know if it’s works.

!if !/^(.*)@(domainclient1.com|domainclient2.com|domainclient3.com)$/
nore...@mydomain.com
endif

At the moment there are only domains that have our spf, as there are many
domains that do not have our spf, I want to create a rule to rewrite the
from of all emails but with some exclusions.

Any helps??


On Fri, Mar 10, 2023 at 9:17 AM SysAdmin EM  wrote:

> Good days, request help, is it possible to use conditions in the
> sender_canonical file? we are migrating an entire system and some customers
> do not have our SPF added.
>
> I would like to add a condition for you to rewrite the from when it does
> not match a condition.
>
> Example,
>
> If the from is not domain1.com and domain2.com do a rewrite of the from
> by no-re...@mydomain.com.
>
> Any helps¿??
>
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Sender Caninical Condition

[SysAdmin EM via Postfix-users]

Good days, request help, is it possible to use conditions in the
sender_canonical file? we are migrating an entire system and some customers
do not have our SPF added.

I would like to add a condition for you to rewrite the from when it does
not match a condition.

Example,

If the from is not domain1.com and domain2.com do a rewrite of the from by
no-re...@mydomain.com.

Any helps¿??
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: choose the right email address to send to the lists

[Corey Hickman via Postfix-users]

On 10/03/2023 19:30, cor...@free.fr wrote:

I saw some people using email addresses like yahoo, AOL, mail.ru to
post messages to the lists (such as debian-user, postfix-user etc).

I am thinking those addresses which have the strictest DKIM setup are
not suitable to send a list mail, they will be blocked by many
recipients (list members).

For example, yahoo has this DMARC setting:

v=DMARC1; p=reject; pct=100; rua=mailto:d...@rua.agari.com;
ruf=mailto:d...@ruf.agari.com;

And Mail.ru:

v=DMARC1;p=reject;rua=mailto:dmarc_...@corp.mail.ru

And zoho.com:

v=DMARC1; p=reject; sp=reject; fo=0;
rua=mailto:dmarcaggregat...@zoho.com;
ruf=mailto:dmarcaggregat...@zoho.com

The all have "p=reject" rules which mean when DKIM (most modern email
providers have this enabled) break at the recipient end, this mail
will be rejected by the recipient MTA.

As we know DKIM will fail due to:

1. SPF fail (for the From: address in header) - this will 100% happen
regardless list server implements SRS or not.
2. DKIM fail (for header address as well) - this will most probably
happen since some list servers change the message content by adding a
signature etc.


So we should choose a email address which at least has no "p=reject"
in their DKIM policy.




I am sorry for the typos. What I meant is DMARC, not DKIM. :)

sorry,
Corey
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Patrick Ben Koetter via Postfix-users]

* Gerald Galster via Postfix-users :
> >>> This list uses Mailman configuration settings, not handcrafted code.
> >>> If people believe that it is worthwhile to change the Mailman
> >>> implementation or the DMARC spec, then I suggest that they work
> >>> with the people responsible for that.
> >> 
> >> There is no need for changing implementations, it's already there.
> >> 
> >> https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html
> >> 
> >> 
> >> remove_dkim_headers
> > 
> > THAT is a global Mailman setting. It cannot be configured on a
> > per-list basis. The postfix lists are hosted on a multi-tenant
> > service, it does not run on its dedicated MTA.
> 
> I just wrote that because p@rick (sys4 AG) asked on the mailop mailinglist
> 2023-02-17 "Should mailing list messages be DKIM signed? (ARC / DKIM)".
> He was about to setup a new mailing list server with mailman 3.
> Given there are virtually no other lists in postorious index, chances are
> this is a new server currently only hosting the postfix mailinglist
> and some testlists so that settings might not be final yet.
> 
> Just out of curiosity it would have been nice to know why he made
> that choice.

You mean why I choose to use Mailman 3 and not other MLMs?

I used to by python.org postmaster for 20 (?) years and there's a natural
sympathy for anything that comes from pydotorg. Then I used to be on the MM3
developer team in the early 2000s and some of the ideas and concepts I came up
with have found their way into MM3. Besides my personal historic preferences,
I choose MM3 because it has been there for a few years now and I don't see it
being used widely, though I believe it should. We (community) need a modern
MLM and MM3 is modern. There are some things I don't like about MM3. If you
come from Postfix MM3 documentation is, to put it, frustrating. It's
developers who documented what is interesting to developers, but there don't
seem to be any documents for operators. That kicks in when you need to find
out how mailman-core, hyperckitty and postorius play together. The web
application, to me, should really see some UX love. I constantly get lost
hunting options I saw, but I can't remember where. Besides, rendering
descriptions / options of parameters visibly into the interface blows up each
settings page and the rendering lacks structure. So you end up scanning
through a blob of options trying to catch what might to what you want. Wietse
can probably tell how much he suffered at some point to get MM3 what he wanted
it to do for the postfix-mumble lists. What I like about MM3 is it's
approach to subscriber self management. Once you've become a registered
MLM platform participant you can easily change settings that will apply to all
lists you've subscribed to in one place. I consider that a great usability
benefit for subscribers.

But most of all I wanted to create a Mailing list platform that is capable of
and uses modern email technologies. We have ARC in place and need to figure
out a few undocumented issues we still need to address before it will actually
work. But that's a temporary problem. I want it to use ARC because even though
it is still EXPERIMENTAL, it will likely be here to stay and ARC has been
designed to fix the DMARC issues that had been put on our shoulders when DMARC
was adopted by major industry players.

And… while I write work is going on in the background to provide a fully
DNSSEC enabled DNS stack which will allow us to host a DANE enabled mailing
list platform.

⌁ [p:~] $ dig +short +dnssec MX postfix.org
10 list.sys4.de.
MX 13 2 3600 20230322050014 20230308042038 60616 postfix.org. 
DXMTOwxrFmyCf7fv02gAR0qmVeB78gGwPu74oR17y1l6vls/zbUP7P6C 
G5ZZWtHDCMruSzwISYfdwVBNnDdjXg==
⌁ [p:~] $ dig +short +dnssec A list.sys4.de
188.68.34.52
A 8 3 3600 20230315165309 20230308142813 46365 sys4.de. 
Oi9o51moM26dA2Y2zMjMXErEz8wj/o+tadfas9QedSv5AqPg0C0uBaZd 
31IeAZRxGxFLwECqLqPncJgyyKkNLXlTY2t1qQ60/GT3rjRof9kmIwpO 
lwYgFBwUfsjhz1rPF16W81ya+5DdPJefXuYMN4G6hOWvJPgiMo5qeUGb JFs=

This will allow us to add TLSA RRs to list.sys4.de soonish and then
postfix.org finally will life what it brought to live when Viktor implemented
DANE support making Postfix the first and reference MTA on this planet to
support DANE.

Secure Email Transport and Email Authentication are the two cornerstones of
todays email policing and my personal wish is to provide a state of the art
platform and hopefully a template how to run mailing lists in the 2020s.

p@rick



-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: choose the right email address to send to the lists

[Bjoern Franke via Postfix-users]

Am 10.03.23 um 12:30 schrieb Corey Hickman via Postfix-users:

I saw some people using email addresses like yahoo, AOL, mail.ru to post
messages to the lists (such as debian-user, postfix-user etc).

I am thinking those addresses which have the strictest DKIM setup are
not suitable to send a list mail, they will be blocked by many
recipients (list members).



That's where DMARC mitigation comes in place and sets a From like "Corey 
Hickman via Postfix-users " and the Reply-To 
the orginal sender - just to avoid these issues.


Regards
Bjoern

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] choose the right email address to send to the lists

[Corey Hickman via Postfix-users]

I saw some people using email addresses like yahoo, AOL, mail.ru to post 
messages to the lists (such as debian-user, postfix-user etc).


I am thinking those addresses which have the strictest DKIM setup are 
not suitable to send a list mail, they will be blocked by many 
recipients (list members).


For example, yahoo has this DMARC setting:

v=DMARC1; p=reject; pct=100; rua=mailto:d...@rua.agari.com; 
ruf=mailto:d...@ruf.agari.com;


And Mail.ru:

v=DMARC1;p=reject;rua=mailto:dmarc_...@corp.mail.ru

And zoho.com:

v=DMARC1; p=reject; sp=reject; fo=0; 
rua=mailto:dmarcaggregat...@zoho.com; 
ruf=mailto:dmarcaggregat...@zoho.com


The all have "p=reject" rules which mean when DKIM (most modern email 
providers have this enabled) break at the recipient end, this mail will 
be rejected by the recipient MTA.


As we know DKIM will fail due to:

1. SPF fail (for the From: address in header) - this will 100% happen 
regardless list server implements SRS or not.
2. DKIM fail (for header address as well) - this will most probably 
happen since some list servers change the message content by adding a 
signature etc.



So we should choose a email address which at least has no "p=reject" in 
their DKIM policy.


For example, gmail is good:
v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com

Free.fr (the one I am using):
v=DMARC1;p=none;adkim=r;aspf=r;sp=none

GMX.net:
v=DMARC1; p=none; sp=quarantine; rua=mailto:dmarcrep...@gmx.net; 
ruf=mailto:dmarc-...@gmx.net; adkim=r;aspf=r; fo=1



They all have "p=none" so they probably have no delivery issues to 
mailing lists.


Just my thought though...

Thanks
Corey H



___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: The joke writes itself.

[Matthias Fechner via Postfix-users]

Am 10.03.2023 um 13:01 schrieb Patrick Ben Koetter via Postfix-users:

In the old days I used the tags to filter my messages and place them in the
right mailbox. With the advent of DMARC I stopped that and turned to using
List-Id:-headers as filter trigger. They are invisible, they don't require
Subject:-header modification and thus don't break DKIM sigs and the folder the
message gets placed in tells me which mailing list it comes from.

I don't need tags.


I see it the same way it even disturbs reading the subject line.

Gruß
Matthias

--

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: The joke writes itself.

[Patrick Ben Koetter via Postfix-users]

* Phil Biggs via Postfix-users :
> Friday, March 10, 2023, 5:54:02 PM, Viktor Dukhovni via Postfix-users  wrote:
> 
> > I was also quite happy with no tags at all.

In the old days I used the tags to filter my messages and place them in the
right mailbox. With the advent of DMARC I stopped that and turned to using
List-Id:-headers as filter trigger. They are invisible, they don't require
Subject:-header modification and thus don't break DKIM sigs and the folder the
message gets placed in tells me which mailing list it comes from.

I don't need tags.

p@rick


-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Fwd: milter-reject: END-OF-MESSAGE

[Adrian Huryn via Postfix-users]

Thanks for reply.
Logs from rspamd
2023-03-10 11:54:42 #31829(rspamd_proxy) <71bd42>; proxy; 
proxy_accept_socket: accepted milter connection from 
/var/run/rspamd/milter.sock port 0
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; milter; 
rspamd_milter_process_command: got connection from 165.72.200.209:15292
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
rspamd_message_parse: loaded message; id: ; queue-id: 
<3129536A7A2>; size: 17588; checksum: 
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
spf_symbol_callback: cannot make spf request for [undef]
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; surbl; 
surbl_test_url: disable surbl multi.uribl.com as it is reported to be 
offline
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; dkim_signing; 
dkim_sign_tools.lua:40: ignoring unauthenticated mail
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; lua; 
greylist.lua:348: greylisted until "Fri, 10 Mar 2023 10:59:43 GMT", new 
record
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
lua_task_set_pre_result: : set pre-result to soft reject: 'Try 
again later'
2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
rspamd_task_write_log: id: , qid: <3129536A7A2>, ip: 
165.72.200.209, from: , (default: F (soft 
reject): [5.31/15.00] [BAYES_HAM(-2.99){99.97%;},DCC_BULK(2.00){bulk 
Body=1 Fuz1=4 
Fuz2=many;},MIME_HEADER_CTYPE_ONLY(2.00){},MISSING_MIME_VERSION(2.00){},INVALID_MSGID(1.70){},MID_MISSING_BRACKETS(0.50){},MIME_HTML_ONLY(0.20){},MIME_GOOD(-0.10){multipart/related;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},GREYLIST(0.00){greylisted;Fri, 
10 Mar 2023 10:59:43 GMT;new 
record;},HAS_ATTACHMENT(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_NO_TLS_LAST(0.00){},R_SPF_DNSFAIL(0.00){(SPF): 
spf DNS fail;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 
17588, time: 251.485ms real, 3.883ms virtual, dns req: 0, digest: 
, rcpts: , mime_rcpt: 

2023-03-10 11:54:43 #31829(rspamd_proxy) <71bd42>; proxy; 
rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 4 
regexps matched, 163 regexps total, 79 regexps cached, 0B bytes scanned 
using pcre, 6.08k bytes scanned total



Best, Adrian.

W dniu 10.03.2023 o 11:47, Matus UHLAR - fantomas via Postfix-users pisze:


On 10.03.23 11:32, Adrian Huryn via Postfix-users wrote:

Mar 10 11:23:56 poczta postfix/smtpd[28240]: input attribute name: (end)
Mar 10 11:23:56 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 354 End data with .
Mar 10 11:23:56 poczta postfix/cleanup[28321]: 7F2A2352540: 
message-id=a977fd00-bf2d-11ed-b354-8f9f1ca3e8dd
Mar 10 11:23:57 poczta postfix/cleanup[28321]: 7F2A2352540: 
milter-reject: END-OF-MESSAGE from 
gateway11d.dhl.com[165.72.200.204]: 4.7.1 Try again later; 
from= to= proto=ESMTP 
helo=
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: status
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: 
status

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute value: 256
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: reason
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: 
reason
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute value: 
451 4.7.1 Try again later
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: (list terminator)

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: (end)
Mar 10 11:23:57 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 451 4.7.1 Try again later

Mar 10 11:23:57 poczta postfix/smtpd[28240]: abort all milters
Mar 10 11:23:57 poczta postfix/smtpd[28240]: milter8_abort: abort 
milter unix:/var/run/rspamd/milter.sock

Mar 10 11:23:57 poczta postfix/smtpd[28240]: watchdog_pat: 0x80441e770
Mar 10 11:23:57 poczta postfix/smtpd[28365]: connect from 
unknown[50.239.39.42]
Mar 10 11:24:00 poczta postfix/trivial-rewrite[28243]: warning: do 
not list domain alva.com.pl in BOTH virtual_mailbox_domains and 
relay_domains
Mar 10 11:24:00 poczta postfix/smtpd[28365]: NOQUEUE: reject: RCPT 
from unknown[50.239.39.42]: 450 4.7.1 Client host rejected: cannot 
find your reverse hostname, [50.239.39.42]; from=<> 
to= proto=ESMTP helo=
Mar 10 11:24:00 poczta postfix/smtpd[28365]: disconnect from 
unknown[50.239.39.42] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
commands=5/6
Mar 10 11:24:02 poczta postfix/smtpd[28240]: < 
gateway11d.dhl.com[165.72.200.204]: QUIT
Mar 10 11:24:02 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 221 2.0.0 Bye


your milter is apaprently dead, we know nothing of it.
start your milter and look at its logs.


W dniu 10.03.2023 o 11:24, mailmary--- via Postfix-users pisze:
Are you using OpenDMARC? if you do, then its because OpenDMARC is 
broken and crashes on some types of emails.


Look above those log lines for the actual crash, it looks like:

"can't read SMFIC_BODYEOB reply packet 

[pfx] Re: Fwd: milter-reject: END-OF-MESSAGE

[Matus UHLAR - fantomas via Postfix-users]

On 10.03.23 11:32, Adrian Huryn via Postfix-users wrote:

Mar 10 11:23:56 poczta postfix/smtpd[28240]: input attribute name: (end)
Mar 10 11:23:56 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 354 End data with 
.
Mar 10 11:23:56 poczta postfix/cleanup[28321]: 7F2A2352540: 
message-id=a977fd00-bf2d-11ed-b354-8f9f1ca3e8dd
Mar 10 11:23:57 poczta postfix/cleanup[28321]: 7F2A2352540: 
milter-reject: END-OF-MESSAGE from gateway11d.dhl.com[165.72.200.204]: 
4.7.1 Try again later; from= 
to= proto=ESMTP helo=
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: status

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: status
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute value: 256
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: reason

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: reason
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute value: 
451 4.7.1 Try again later
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: (list terminator)

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: (end)
Mar 10 11:23:57 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 451 4.7.1 Try again later

Mar 10 11:23:57 poczta postfix/smtpd[28240]: abort all milters
Mar 10 11:23:57 poczta postfix/smtpd[28240]: milter8_abort: abort 
milter unix:/var/run/rspamd/milter.sock

Mar 10 11:23:57 poczta postfix/smtpd[28240]: watchdog_pat: 0x80441e770
Mar 10 11:23:57 poczta postfix/smtpd[28365]: connect from 
unknown[50.239.39.42]
Mar 10 11:24:00 poczta postfix/trivial-rewrite[28243]: warning: do not 
list domain alva.com.pl in BOTH virtual_mailbox_domains and 
relay_domains
Mar 10 11:24:00 poczta postfix/smtpd[28365]: NOQUEUE: reject: RCPT 
from unknown[50.239.39.42]: 450 4.7.1 Client host rejected: cannot 
find your reverse hostname, [50.239.39.42]; from=<> 
to= proto=ESMTP helo=
Mar 10 11:24:00 poczta postfix/smtpd[28365]: disconnect from 
unknown[50.239.39.42] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
commands=5/6
Mar 10 11:24:02 poczta postfix/smtpd[28240]: < 
gateway11d.dhl.com[165.72.200.204]: QUIT
Mar 10 11:24:02 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 221 2.0.0 Bye


your milter is apaprently dead, we know nothing of it.
start your milter and look at its logs.


W dniu 10.03.2023 o 11:24, mailmary--- via Postfix-users pisze:

Are you using OpenDMARC? if you do, then its because OpenDMARC is broken and 
crashes on some types of emails.

Look above those log lines for the actual crash, it looks like:

"can't read SMFIC_BODYEOB reply packet header"

unfortunately, OpenDMARC seems like a dead project so don't expect a fix, maybe 
you should prepare to move to another DMARC verification utility.

If you are not using OpenDMARC then look for the output of the milter that 
caused the 4.7.1 retry error.



On Fri, 10 Mar 2023 11:13:35 +0100 Adrian Huryn via Postfix-users 
 wrote:

Hello. I have problem from cuple of days.
When DHL try to send me an email, we get
Mar 10 11:04:06 poczta postfix/cleanup[26141]: EB48B36AABA:
milter-reject: END-OF-MESSAGE from gateway11b.dhl.com[165.72.200.202]:
4.7.1 Try again later; from=
to= proto=ESMTP helo=

And i see i have more this milter-reject: END-OF-MESSAGE in logs from
different domains (gmail etc.)

I try to add @dhl.com to rbl_override
in main.cf
smtpd_client_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   check_client_access hash:/usr/local/etc/postfix/rbl_override,

But this not work. Can anyone help me ? I dont know what more info i
need to send, when i get this info i add it.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: about openSRS for forwarding

[Matus UHLAR - fantomas via Postfix-users]

On 10.03.23 19:25, pyh--- via Postfix-users wrote:

I am running a postfix server for email forwarding.

Should I enable openSRS for this forwarding service?


if you want to forward mail and also allow users to do that, you apparently 
should do SRS. Otherwise forwarding destination can reject mail from you.


You don't need to use opensrs - I tested postfix with postsrsd.

Since the sender is changed in canonical classes (before mail is accepted), 
I have created another postfix instance for outgoing mail, where all 
non-local domains get rewritten, so it does not happen for incoming mail.



what's the flaw on SRS?


you must be able to catch any problem before DSNs for all forwarded mail 
(e.g. spam) start causing troubles.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Fwd: milter-reject: END-OF-MESSAGE

[Adrian Huryn via Postfix-users]

Hello. No i user rspamd and i think dmarc is in there.
I set debug for dhl.com and i get this :

Mar 10 11:23:56 poczta postfix/smtpd[28240]: input attribute name: (end)
Mar 10 11:23:56 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 354 End data with .
Mar 10 11:23:56 poczta postfix/cleanup[28321]: 7F2A2352540: 
message-id=a977fd00-bf2d-11ed-b354-8f9f1ca3e8dd
Mar 10 11:23:57 poczta postfix/cleanup[28321]: 7F2A2352540: 
milter-reject: END-OF-MESSAGE from gateway11d.dhl.com[165.72.200.204]: 
4.7.1 Try again later; from= 
to= proto=ESMTP helo=
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: status

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: status
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute value: 256
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: reason

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: reason
Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute value: 451 
4.7.1 Try again later
Mar 10 11:23:57 poczta postfix/smtpd[28240]: public/cleanup socket: 
wanted attribute: (list terminator)

Mar 10 11:23:57 poczta postfix/smtpd[28240]: input attribute name: (end)
Mar 10 11:23:57 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 451 4.7.1 Try again later

Mar 10 11:23:57 poczta postfix/smtpd[28240]: abort all milters
Mar 10 11:23:57 poczta postfix/smtpd[28240]: milter8_abort: abort milter 
unix:/var/run/rspamd/milter.sock

Mar 10 11:23:57 poczta postfix/smtpd[28240]: watchdog_pat: 0x80441e770
Mar 10 11:23:57 poczta postfix/smtpd[28365]: connect from 
unknown[50.239.39.42]
Mar 10 11:24:00 poczta postfix/trivial-rewrite[28243]: warning: do not 
list domain alva.com.pl in BOTH virtual_mailbox_domains and relay_domains
Mar 10 11:24:00 poczta postfix/smtpd[28365]: NOQUEUE: reject: RCPT from 
unknown[50.239.39.42]: 450 4.7.1 Client host rejected: cannot find your 
reverse hostname, [50.239.39.42]; from=<> to= 
proto=ESMTP helo=
Mar 10 11:24:00 poczta postfix/smtpd[28365]: disconnect from 
unknown[50.239.39.42] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
Mar 10 11:24:02 poczta postfix/smtpd[28240]: < 
gateway11d.dhl.com[165.72.200.204]: QUIT
Mar 10 11:24:02 poczta postfix/smtpd[28240]: > 
gateway11d.dhl.com[165.72.200.204]: 221 2.0.0 Bye


Best. Adrian.

__

i-Pi Sp. z o.o.
ul. Norwida 10
56-416 Twardogóra
tel: +48 783 314 404
mail: a...@i-pi.pl

W dniu 10.03.2023 o 11:24, mailmary--- via Postfix-users pisze:

Hello,

Are you using OpenDMARC? if you do, then its because OpenDMARC is broken and 
crashes on some types of emails.

Look above those log lines for the actual crash, it looks like:

"can't read SMFIC_BODYEOB reply packet header"

unfortunately, OpenDMARC seems like a dead project so don't expect a fix, maybe 
you should prepare to move to another DMARC verification utility.


If you are not using OpenDMARC then look for the output of the milter that 
caused the 4.7.1 retry error.



On Fri, 10 Mar 2023 11:13:35 +0100 Adrian Huryn via Postfix-users 
 wrote:


Hello. I have problem from cuple of days.
When DHL try to send me an email, we get
Mar 10 11:04:06 poczta postfix/cleanup[26141]: EB48B36AABA:
milter-reject: END-OF-MESSAGE from gateway11b.dhl.com[165.72.200.202]:
4.7.1 Try again later; from=
to= proto=ESMTP helo=

And i see i have more this milter-reject: END-OF-MESSAGE in logs from
different domains (gmail etc.)

I try to add @dhl.com to rbl_override
in main.cf
smtpd_client_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    check_client_access hash:/usr/local/etc/postfix/rbl_override,

But this not work. Can anyone help me ? I dont know what more info i
need to send, when i get this info i add it.

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] about openSRS for forwarding

[pyh--- via Postfix-users]

* { font-size: 13px; font-family: 'MS Pゴシック', sans-serif;}p, ul, ol, blockquote 
{ margin: 0;}a { color: #0064c8; text-decoration: none;}a:hover { color: 
#0057af; text-decoration: underline;}a:active { color: #004c98;}
Hello,




I am running a postfix server for email forwarding.

Should I enable openSRS for this forwarding service? what's the flaw on SRS?




Thanks.

Yong
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Fwd: milter-reject: END-OF-MESSAGE

[mailmary--- via Postfix-users]

Hello,

Are you using OpenDMARC? if you do, then its because OpenDMARC is broken and 
crashes on some types of emails.

Look above those log lines for the actual crash, it looks like:

"can't read SMFIC_BODYEOB reply packet header"

unfortunately, OpenDMARC seems like a dead project so don't expect a fix, maybe 
you should prepare to move to another DMARC verification utility.


If you are not using OpenDMARC then look for the output of the milter that 
caused the 4.7.1 retry error.



On Fri, 10 Mar 2023 11:13:35 +0100 Adrian Huryn via Postfix-users 
 wrote:

> Hello. I have problem from cuple of days.
> When DHL try to send me an email, we get
> Mar 10 11:04:06 poczta postfix/cleanup[26141]: EB48B36AABA: 
> milter-reject: END-OF-MESSAGE from gateway11b.dhl.com[165.72.200.202]: 
> 4.7.1 Try again later; from= 
> to= proto=ESMTP helo=
> 
> And i see i have more this milter-reject: END-OF-MESSAGE in logs from 
> different domains (gmail etc.)
> 
> I try to add @dhl.com to rbl_override
> in main.cf
> smtpd_client_restrictions =
>    permit_mynetworks,
>    permit_sasl_authenticated,
>    check_client_access hash:/usr/local/etc/postfix/rbl_override,
> 
> But this not work. Can anyone help me ? I dont know what more info i 
> need to send, when i get this info i add it.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Fwd: milter-reject: END-OF-MESSAGE

[Adrian Huryn via Postfix-users]

Hello. I have problem from cuple of days.
When DHL try to send me an email, we get
Mar 10 11:04:06 poczta postfix/cleanup[26141]: EB48B36AABA: 
milter-reject: END-OF-MESSAGE from gateway11b.dhl.com[165.72.200.202]: 
4.7.1 Try again later; from= 
to= proto=ESMTP helo=


And i see i have more this milter-reject: END-OF-MESSAGE in logs from 
different domains (gmail etc.)


I try to add @dhl.com to rbl_override
in main.cf
smtpd_client_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  check_client_access hash:/usr/local/etc/postfix/rbl_override,

But this not work. Can anyone help me ? I dont know what more info i 
need to send, when i get this info i add it.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: The joke writes itself.

[Jaroslaw Rafa via Postfix-users]

Dnia 10.03.2023 o godz. 18:18:50 Phil Biggs via Postfix-users pisze:
> 
> Likewise, To keep my mail client's threaded view sane I resorted to using 
> header_checks:
> 
> /^Subject: \[pfx\] (.*)$/ REPLACE Subject: $1

What a mail client has problem with threading because of a tag in the
subject?

Threading is supposed to work based on "Reference:" and/or "In-Reply-To:"
headers. Only in lack of those, it falls back to subject (my mail client
also specially marks such messages in the thread to signal this fact).

I have no problems with threading regardless any tag being present in the
subject, its position, or lack thereof.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: The joke writes itself.

[Mal via Postfix-users]

On 10/03/2023 5:24 pm, Viktor Dukhovni via Postfix-users wrote:
> I was also quite happy with
> no tags at all.

+1 no tags

Mal


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Matus UHLAR - fantomas via Postfix-users]

Is it the best idea to add a reply-to header to the author on mailing list 
emails?
The problem I see is many people will hit reply in their email client which 
will create an email from them to the author, bypassing the mailing list.


This has also happened before when someone 'r'eplied to the author.


Unless they remember to manually alter the To: field to keep the conversation 
on the list, it wont be.

Was that the intent?



This (same-domain From: header and DKIM signature) is  DMARC damage control.


On 09.03.23 14:58, postfix--- via Postfix-users wrote:

I totally understand the benefit of putting the list address in the From: 
header.
But why does that mean something *HAS* to be put in the reply-to header?


In order for us to be able to reply to the sender off-list, when needed, 
without manually editing address.


This behaviour is consistent with the former behaviour when headers weren't 
modified (and thus dkim broken).


reply goes to the sender
reply-all goes to the sender and list
list-reply goes to the list (MUA must support it).


AFAIK mailman does NOT change the Reply-To: if sender sets one.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org