[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[raf via Postfix-users]

On Sun, Mar 26, 2023 at 01:05:10PM +1300, Peter via Postfix-users 
 wrote:

> On 25/03/23 11:50, raf via Postfix-users wrote:
> > On Fri, Mar 10, 2023 at 09:11:58AM +1300, Peter via Postfix-users 
> >  wrote:
> > 
> > > * Don't add a Reply-To:.  I actually question if this is really needed as 
> > > we
> > > likely want replies to go to the list the vast majority of time anyways.  
> > > I
> > > have seen other lists explicitly exclude this step and it works well.
> > > 
> > > Peter
> > 
> > Removing Reply-To would remove functionality that is
> > important, even if it is only occasionally required.
> > Off-list replies would become impossible. That is a
> > loss of functionality. Just because something is wanted
> > the vast majority of the time, it doesn't mean that
> > it's OK to enforce it 100% of the time.
> 
> Mailman has a setting that addresses this, reply_goes_to_list. According to
> mm docs, this adds the original From: address as a CC instead of Reply-To.
> This means that an ordinary reply should go to the list (as it's listed in
> From:) and Reply All will include the original sender.  An off-list reply
> could easily be done by Reply All then removing the list address.
> considering that off list replies are much less common than list replies the
> additional action of removing the list address should not be of great
> concern.
> 
> Peter

That's OK since it remains possible to reply off-list.
It's not as easy as single-letter actions to reply
versus reply-to-list, but not all MUAs have a
reply-to-list command.

cheers,
raf

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Matus UHLAR - fantomas via Postfix-users]

Peter via Postfix-users skrev den 2023-03-26 01:05:

Mailman has a setting that addresses this, reply_goes_to_list.
According to mm docs, this adds the original From: address as a CC


On 26.03.23 01:55, Benny Pedersen via Postfix-users wrote:
there will be a day when mailman dont sink ships, so titanik survived 
it, if just mailman was called AFTER rspamd have ARC sign/seal it, 
then mailman can do there changes of origin mail as needed, where ARC 
do still pass for the origin sender, dkim sign forwarders makes more 
fails then solves


Anyone could arc-sign any mail with fake spf/dkim results.
ARC needs to be trusted by recipients' server in order to do anything with 
it.


This is unlike spf/dkim/dmarc where you simply verify the origin.

If random mailing list arc-signed mail without modifying From:, it would 
fail nearly everywhere.


Please, stop pushing for ARC. While useful, it's not enough.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Benny Pedersen via Postfix-users]

Peter via Postfix-users skrev den 2023-03-26 01:05:


Mailman has a setting that addresses this, reply_goes_to_list.
According to mm docs, this adds the original From: address as a CC


there will be a day when mailman dont sink ships, so titanik survived 
it, if just mailman was called AFTER rspamd have ARC sign/seal it, then 
mailman can do there changes of origin mail as needed, where ARC do 
still pass for the origin sender, dkim sign forwarders makes more fails 
then solves


the dkim signer even signs headers that is not in recpients mail as 
recivers, hmm

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Peter via Postfix-users]

On 25/03/23 11:50, raf via Postfix-users wrote:

On Fri, Mar 10, 2023 at 09:11:58AM +1300, Peter via Postfix-users 
 wrote:


* Don't add a Reply-To:.  I actually question if this is really needed as we
likely want replies to go to the list the vast majority of time anyways.  I
have seen other lists explicitly exclude this step and it works well.

Peter


Removing Reply-To would remove functionality that is
important, even if it is only occasionally required.
Off-list replies would become impossible. That is a
loss of functionality. Just because something is wanted
the vast majority of the time, it doesn't mean that
it's OK to enforce it 100% of the time.


Mailman has a setting that addresses this, reply_goes_to_list. 
According to mm docs, this adds the original From: address as a CC 
instead of Reply-To.  This means that an ordinary reply should go to the 
list (as it's listed in From:) and Reply All will include the original 
sender.  An off-list reply could easily be done by Reply All then 
removing the list address.  considering that off list replies are much 
less common than list replies the additional action of removing the list 
address should not be of great concern.



Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Scott Kitterman via Postfix-users]

On March 24, 2023 10:50:35 PM UTC, raf via Postfix-users 
 wrote:
>On Fri, Mar 10, 2023 at 09:11:58AM +1300, Peter via Postfix-users 
> wrote:
>
>> * Don't add a Reply-To:.  I actually question if this is really needed as we
>> likely want replies to go to the list the vast majority of time anyways.  I
>> have seen other lists explicitly exclude this step and it works well.
>> 
>> Peter
>
>Removing Reply-To would remove functionality that is
>important, even if it is only occasionally required.
>Off-list replies would become impossible. That is a
>loss of functionality. Just because something is wanted
>the vast majority of the time, it doesn't mean that
>it's OK to enforce it 100% of the time.

This is true, but only because from is being rewritten.  In my view the old 
approach of not making changes that break DKIM signatures was much simpler.  
Then the ML could happily ignore the existence of DMARC.

Scott K
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[raf via Postfix-users]

On Fri, Mar 10, 2023 at 09:11:58AM +1300, Peter via Postfix-users 
 wrote:

> * Don't add a Reply-To:.  I actually question if this is really needed as we
> likely want replies to go to the list the vast majority of time anyways.  I
> have seen other lists explicitly exclude this step and it works well.
> 
> Peter

Removing Reply-To would remove functionality that is
important, even if it is only occasionally required.
Off-list replies would become impossible. That is a
loss of functionality. Just because something is wanted
the vast majority of the time, it doesn't mean that
it's OK to enforce it 100% of the time.

cheers,
raf

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Benny Pedersen via Postfix-users]

Ralf Hildebrandt via Postfix-users skrev den 2023-03-12 16:10:

* Patrick Ben Koetter via Postfix-users :

approach to subscriber self management. Once you've become a 
registered
MLM platform participant you can easily change settings that will 
apply to all
lists you've subscribed to in one place. I consider that a great 
usability

benefit for subscribers.


Furthermore, mm2 get's rid of the awful "this is your password" mails.


not always that mailman 3 have password set pr new user, so users need 
to use lost password, to get access to web admin page, even users are 
added from majordomo :=)


looking forward to see postfix.org do support dane and have arc seal/arc 
signing back, where rspamd do arc-seal/arc-sign before mailman 3 see any 
thing


i dont use rspamd, if rspamd is doing it right, it possible already 
works, lol :=)


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Ralf Hildebrandt via Postfix-users]

* Patrick Ben Koetter via Postfix-users :

> approach to subscriber self management. Once you've become a registered
> MLM platform participant you can easily change settings that will apply to all
> lists you've subscribed to in one place. I consider that a great usability
> benefit for subscribers.

Furthermore, mm2 get's rid of the awful "this is your password" mails.

-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
   
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Scott Kitterman via Postfix-users]

On Friday, March 10, 2023 7:04:30 AM EST Patrick Ben Koetter via Postfix-users 
wrote:
> * Gerald Galster via Postfix-users :
> 
> > >>> This list uses Mailman configuration settings, not handcrafted code.
> > >>> If people believe that it is worthwhile to change the Mailman
> > >>> implementation or the DMARC spec, then I suggest that they work
> > >>> with the people responsible for that.
> > >> 
> > >> 
> > >> There is no need for changing implementations, it's already there.
> > >> 
> > >> https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config
> > >> /docs/config.html
 
> > >> 
> > >> remove_dkim_headers
> > > 
> > > 
> > > THAT is a global Mailman setting. It cannot be configured on a
> > > per-list basis. The postfix lists are hosted on a multi-tenant
> > > service, it does not run on its dedicated MTA.
> > 
> > 
> > I just wrote that because p@rick (sys4 AG) asked on the mailop
> > mailinglist
> > 2023-02-17 "Should mailing list messages be DKIM signed? (ARC / DKIM)".
> > He was about to setup a new mailing list server with mailman 3.
> > Given there are virtually no other lists in postorious index, chances are
> > this is a new server currently only hosting the postfix mailinglist
> > and some testlists so that settings might not be final yet.
> > 
> > Just out of curiosity it would have been nice to know why he made
> > that choice.
> 
> 
> You mean why I choose to use Mailman 3 and not other MLMs?
> 
> I used to by python.org postmaster for 20 (?) years and there's a natural
> sympathy for anything that comes from pydotorg. Then I used to be on the
> MM3
 developer team in the early 2000s and some of the ideas and concepts I
> came up with have found their way into MM3. Besides my personal historic
> preferences, I choose MM3 because it has been there for a few years now and
> I don't see it being used widely, though I believe it should. We
> (community) need a modern MLM and MM3 is modern. There are some things I
> don't like about MM3. If you come from Postfix MM3 documentation is, to put
> it, frustrating. It's developers who documented what is interesting to
> developers, but there don't seem to be any documents for operators. That
> kicks in when you need to find out how mailman-core, hyperckitty and
> postorius play together. The web application, to me, should really see some
> UX love. I constantly get lost hunting options I saw, but I can't remember
> where. Besides, rendering descriptions / options of parameters visibly into
> the interface blows up each settings page and the rendering lacks
> structure. So you end up scanning through a blob of options trying to catch
> what might to what you want. Wietse can probably tell how much he suffered
> at some point to get MM3 what he wanted it to do for the postfix-mumble
> lists. What I like about MM3 is it's approach to subscriber self
> management. Once you've become a registered MLM platform participant you
> can easily change settings that will apply to all lists you've subscribed
> to in one place. I consider that a great usability benefit for subscribers.
> 
> But most of all I wanted to create a Mailing list platform that is capable
> of and uses modern email technologies. We have ARC in place and need to
> figure out a few undocumented issues we still need to address before it
> will actually work. But that's a temporary problem. I want it to use ARC
> because even though it is still EXPERIMENTAL, it will likely be here to
> stay and ARC has been designed to fix the DMARC issues that had been put on
> our shoulders when DMARC was adopted by major industry players.
> 
> And… while I write work is going on in the background to provide a fully
> DNSSEC enabled DNS stack which will allow us to host a DANE enabled mailing
> list platform.
> 
> ⌁ [p:~] $ dig +short +dnssec MX postfix.org
> 10 list.sys4.de.
> MX 13 2 3600 20230322050014 20230308042038 60616 postfix.org.
> DXMTOwxrFmyCf7fv02gAR0qmVeB78gGwPu74oR17y1l6vls/zbUP7P6C
> G5ZZWtHDCMruSzwISYfdwVBNnDdjXg== ⌁ [p:~] $ dig +short +dnssec A
> list.sys4.de
> 188.68.34.52
> A 8 3 3600 20230315165309 20230308142813 46365 sys4.de.
> Oi9o51moM26dA2Y2zMjMXErEz8wj/o+tadfas9QedSv5AqPg0C0uBaZd
> 31IeAZRxGxFLwECqLqPncJgyyKkNLXlTY2t1qQ60/GT3rjRof9kmIwpO
> lwYgFBwUfsjhz1rPF16W81ya+5DdPJefXuYMN4G6hOWvJPgiMo5qeUGb JFs=
 
> This will allow us to add TLSA RRs to list.sys4.de soonish and then
> postfix.org finally will life what it brought to live when Viktor
> implemented DANE support making Postfix the first and reference MTA on
> this planet to support DANE.
> 
> Secure Email Transport and Email Authentication are the two cornerstones of
> todays email policing and my personal wish is to provide a state of the art
> platform and hopefully a template how to run mailing lists in the 2020s. 
> p@rick


I think that all sounds reasonable, although I think you're overselling ARC, 
but that's a discussion for a different list.

Is there any chance of From 

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Gerald Galster via Postfix-users]

> * Patrick Ben Koetter via Postfix-users :
> 
>> * Gerald Galster via Postfix-users > >:
>> I just wrote that because p@rick (sys4 AG) asked on the mailop mailinglist
>> 2023-02-17 "Should mailing list messages be DKIM signed? (ARC / DKIM)".
>> He was about to setup a new mailing list server with mailman 3.
>> Given there are virtually no other lists in postorious index, chances are
>> this is a new server currently only hosting the postfix mailinglist
>> and some testlists so that settings might not be final yet.
>> 
>> Just out of curiosity it would have been nice to know why he made
>> that choice.
> 
> You mean why I choose to use Mailman 3 and not other MLMs?

No, I meant ARC signing for this mailinglist because I do not see a lot of
benefit to verify a sender across a public mailinglist.

The MTA usually verifies DKIM and rejects mails so only valid mails reach
the mailinglist and additionally you must be a registered user to post.
From my perspective it would be sufficient to strip all incoming DKIM
headers and only sign the outgoing mail as the sender changed to
postifx-us...@postfix.org anyway.

> MLM and MM3 is modern. There are some things I don't like about MM3. If you
> come from Postfix MM3 documentation is, to put it, frustrating.

Installing mailman 3 is a small challenge, especially when mailman core
and the webui need different python versions. That may have changed and
besides that I'm running mailman 3 without issues for years. That's why
I like it although I'm more in favor of perl ;-)

> But most of all I wanted to create a Mailing list platform that is capable of
> and uses modern email technologies. We have ARC in place and need to figure
> out a few undocumented issues we still need to address before it will actually
> work. But that's a temporary problem. I want it to use ARC because even though
> it is still EXPERIMENTAL, it will likely be here to stay and ARC has been
> designed to fix the DMARC issues that had been put on our shoulders when DMARC
> was adopted by major industry players.

While I still deem dkim/arc overkill for a public mailinglist I can understand
there are reasons to showcase a complete setup with all modern technologies.

I'm not convinced arc will be widely adopted. After all it is just a solution
for forwarding/remailing, that should be avoided anyway. Forwarding/aliasing
is useful within a company or a mailprovider where it does not cause problems.
Those mostly arise when emails are forwarded between distinct mailproviders
and for those infrequent cases there are better solutions like fetchmail.

Otherwise, if it would be impossible at some time to deliver emails without
dkim and arc, it would have to become an integral part of MTAs like DANE.
Moreover antispam software needs to evaluate and build dkim/arc reputation
databases to cope with spam ... I'm not sure forwards are worth that effort.

We'll see if it's going to stay. Thanks for elaborating!

Best regards,
Gerald___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Patrick Ben Koetter via Postfix-users]

* Gerald Galster via Postfix-users :
> >>> This list uses Mailman configuration settings, not handcrafted code.
> >>> If people believe that it is worthwhile to change the Mailman
> >>> implementation or the DMARC spec, then I suggest that they work
> >>> with the people responsible for that.
> >> 
> >> There is no need for changing implementations, it's already there.
> >> 
> >> https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html
> >> 
> >> 
> >> remove_dkim_headers
> > 
> > THAT is a global Mailman setting. It cannot be configured on a
> > per-list basis. The postfix lists are hosted on a multi-tenant
> > service, it does not run on its dedicated MTA.
> 
> I just wrote that because p@rick (sys4 AG) asked on the mailop mailinglist
> 2023-02-17 "Should mailing list messages be DKIM signed? (ARC / DKIM)".
> He was about to setup a new mailing list server with mailman 3.
> Given there are virtually no other lists in postorious index, chances are
> this is a new server currently only hosting the postfix mailinglist
> and some testlists so that settings might not be final yet.
> 
> Just out of curiosity it would have been nice to know why he made
> that choice.

You mean why I choose to use Mailman 3 and not other MLMs?

I used to by python.org postmaster for 20 (?) years and there's a natural
sympathy for anything that comes from pydotorg. Then I used to be on the MM3
developer team in the early 2000s and some of the ideas and concepts I came up
with have found their way into MM3. Besides my personal historic preferences,
I choose MM3 because it has been there for a few years now and I don't see it
being used widely, though I believe it should. We (community) need a modern
MLM and MM3 is modern. There are some things I don't like about MM3. If you
come from Postfix MM3 documentation is, to put it, frustrating. It's
developers who documented what is interesting to developers, but there don't
seem to be any documents for operators. That kicks in when you need to find
out how mailman-core, hyperckitty and postorius play together. The web
application, to me, should really see some UX love. I constantly get lost
hunting options I saw, but I can't remember where. Besides, rendering
descriptions / options of parameters visibly into the interface blows up each
settings page and the rendering lacks structure. So you end up scanning
through a blob of options trying to catch what might to what you want. Wietse
can probably tell how much he suffered at some point to get MM3 what he wanted
it to do for the postfix-mumble lists. What I like about MM3 is it's
approach to subscriber self management. Once you've become a registered
MLM platform participant you can easily change settings that will apply to all
lists you've subscribed to in one place. I consider that a great usability
benefit for subscribers.

But most of all I wanted to create a Mailing list platform that is capable of
and uses modern email technologies. We have ARC in place and need to figure
out a few undocumented issues we still need to address before it will actually
work. But that's a temporary problem. I want it to use ARC because even though
it is still EXPERIMENTAL, it will likely be here to stay and ARC has been
designed to fix the DMARC issues that had been put on our shoulders when DMARC
was adopted by major industry players.

And… while I write work is going on in the background to provide a fully
DNSSEC enabled DNS stack which will allow us to host a DANE enabled mailing
list platform.

⌁ [p:~] $ dig +short +dnssec MX postfix.org
10 list.sys4.de.
MX 13 2 3600 20230322050014 20230308042038 60616 postfix.org. 
DXMTOwxrFmyCf7fv02gAR0qmVeB78gGwPu74oR17y1l6vls/zbUP7P6C 
G5ZZWtHDCMruSzwISYfdwVBNnDdjXg==
⌁ [p:~] $ dig +short +dnssec A list.sys4.de
188.68.34.52
A 8 3 3600 20230315165309 20230308142813 46365 sys4.de. 
Oi9o51moM26dA2Y2zMjMXErEz8wj/o+tadfas9QedSv5AqPg0C0uBaZd 
31IeAZRxGxFLwECqLqPncJgyyKkNLXlTY2t1qQ60/GT3rjRof9kmIwpO 
lwYgFBwUfsjhz1rPF16W81ya+5DdPJefXuYMN4G6hOWvJPgiMo5qeUGb JFs=

This will allow us to add TLSA RRs to list.sys4.de soonish and then
postfix.org finally will life what it brought to live when Viktor implemented
DANE support making Postfix the first and reference MTA on this planet to
support DANE.

Secure Email Transport and Email Authentication are the two cornerstones of
todays email policing and my personal wish is to provide a state of the art
platform and hopefully a template how to run mailing lists in the 2020s.

p@rick



-- 
[*] sys4 AG

https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: [P-U] Re: New List Host and Reply-to Header

[Matus UHLAR - fantomas via Postfix-users]

Is it the best idea to add a reply-to header to the author on mailing list 
emails?
The problem I see is many people will hit reply in their email client which 
will create an email from them to the author, bypassing the mailing list.


This has also happened before when someone 'r'eplied to the author.


Unless they remember to manually alter the To: field to keep the conversation 
on the list, it wont be.

Was that the intent?



This (same-domain From: header and DKIM signature) is  DMARC damage control.


On 09.03.23 14:58, postfix--- via Postfix-users wrote:

I totally understand the benefit of putting the list address in the From: 
header.
But why does that mean something *HAS* to be put in the reply-to header?


In order for us to be able to reply to the sender off-list, when needed, 
without manually editing address.


This behaviour is consistent with the former behaviour when headers weren't 
modified (and thus dkim broken).


reply goes to the sender
reply-all goes to the sender and list
list-reply goes to the list (MUA must support it).


AFAIK mailman does NOT change the Reply-To: if sender sets one.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org