On 10/15/16 20:56, David Jones wrote:
>
> >What I was hoping for was, that as someone who does bother checking, to
>
> >find out a solution that would help me prevent from receiving spoofed
> >e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is
> >not able to do that. I am
On 15 Oct 2016, at 14:50, Petr Bena wrote:
I was looking to accomplish something similar, but seems that SA can't
do that and there are probably no open source plugins or postfix hooks
that allow this (so far).
This class of problem is one reason to pick MIMEDefang as your tool for
On 10/15/16 20:35, Antony Stone wrote:
> On Saturday 15 October 2016 at 20:30:25, Axb wrote:
>
>> On 10/15/2016 08:13 PM, Petr Bena wrote:
>>> What I was hoping for was, that as someone who does bother checking, to
>>> find out a solution that would help me prevent from receiving spoofed
>>>
On 15 Oct 2016, at 14:13, Petr Bena wrote:
That would obviously work and blocked hackers from spoofing,
No, it would not do so.
It's clear that you didn't bother reading Dianne Skoll's message and
considering or testing her counter-example.
but as you said, it would also break some other
>Thanks for that, I will do that, another thing that comes to my mind:
>if my mail server sign every single e-mail with DKIM, that e-mail
>should be signed even if it's redistributed by mailing list daemon
>or not? I see my own e-mails here and e-mails of some other people
>in this list to be
Hello,
What I was hoping for was, that as someone who does bother checking, to
find out a solution that would help me prevent from receiving spoofed
e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is
not able to do that. I am looking for a way how to detect that e-mail is
On 15.10.16 21:08, Petr Bena wrote:
> if my mail server sign every single e-mail with DKIM, that e-mail should
> be signed even if it's redistributed by mailing list daemon or not?
Sadly, there are mailing list admins who think it wise to have subject
lines or message bodies modified, e.g. by
>What I was hoping for was, that as someone who does bother checking, to
>find out a solution that would help me prevent from receiving spoofed
>e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is
>not able to do that. I am looking for a way how to detect that e-mail is
On 10/15/2016 08:35 PM, Antony Stone wrote:
On Saturday 15 October 2016 at 20:30:25, Axb wrote:
On 10/15/2016 08:13 PM, Petr Bena wrote:
What I was hoping for was, that as someone who does bother checking, to
find out a solution that would help me prevent from receiving spoofed
e-mails
On 15.10.16 20:13, Petr Bena wrote:
> One of solutions that I proposed is an optional SA plugin that would
> treat the email found in "From:" header as envelope sender and check
> against that, raising the score or doing something if it failed.
A sending mail on behalf of B does not
On Saturday 15 October 2016 at 20:30:25, Axb wrote:
> On 10/15/2016 08:13 PM, Petr Bena wrote:
> >
> > What I was hoping for was, that as someone who does bother checking, to
> > find out a solution that would help me prevent from receiving spoofed
> > e-mails
> There is no publicly available
On 10/15/2016 08:13 PM, Petr Bena wrote:
Hello,
What I was hoping for was, that as someone who does bother checking, to
find out a solution that would help me prevent from receiving spoofed
e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is
not able to do that. I am looking
On 15.10.16 17:33, Petr Bena wrote:
> I started this discussion stating the fact that SPF, DKIM and DMARC
> don't prevent people from being able to spoof your email address.
These mechanisms are not meant to prevent spoofing (and they can't),
just to make it easier to detect spoofing on the
I don't understand your point. I started this discussion stating the
fact that SPF, DKIM and DMARC don't prevent people from being able to
spoof your email address.
And you tell me that I don't understand email security because SPF, DKIM
and DMARC don't prevent people from being able to spoof my
On 15 Oct 2016, at 11:33, Petr Bena wrote:
I don't understand your point. I started this discussion stating the
fact that SPF, DKIM and DMARC don't prevent people from being able to
spoof your email address.
And you tell me that I don't understand email security because SPF,
DKIM
and DMARC
On 10/15/2016 1:51 PM, Matus UHLAR - fantomas wrote:
I can immediately guess this rule would need way too many exceptions to be
useful. And when anyone in the world subscribed to any list, it would
need an exception.
On 15.10.16 15:35, Petr Bena wrote:
Nope, the exception would go for a whole
I already do that I use DNSBL but they have too small expiry time, if
they blacklist someone, in two days they are free to spam again. If it
worked and I didn't keep getting spammed by same IP's and same senders
all time I wouldn't have to hardcode them into my configuration, which
is indeed
Nope, the exception would go for a whole mailing list, not for every of
its users. Anyway given that this would be optional plugin for sa, it
would be only used by people / organizations who care about authenticity
of the message sender and these that would be OK with the fact that mail
On 10/15/2016 04:57 PM, Dianne Skoll wrote:
On Sat, 15 Oct 2016 15:35:25 +0200
Petr Bena wrote:
Believe me, there are people or organizations who would happily
exchange ability to use mailing lists within some domain for
guarantee that their emails can't be spoofed in no way
On Sat, 15 Oct 2016 15:35:25 +0200
Petr Bena wrote:
> Believe me, there are people or organizations who would happily
> exchange ability to use mailing lists within some domain for
> guarantee that their emails can't be spoofed in no way (at least
> within their own domain).
On Fri, 14 Oct 2016 23:24:21 +0200
Petr Bena wrote:
> How does DKIM prevent others from spoofing your mail address? People
> will still receive unsigned e-mails that look like they were sent by
> you even if they were not.
DKIM by iself does not. DKIM plus DMARC sort-of does.
On 10/15/2016 04:13 PM, Petr Bena wrote:
I already do that I use DNSBL but they have too small expiry time, if
they blacklist someone, in two days they are free to spam again. If it
worked and I didn't keep getting spammed by same IP's and same senders
all time I wouldn't have to hardcode them
Hi,
I would like to implement some sort of semi-automated or dynamic sender
black listing. Basically what I would like to accomplish is to have a
dynamic blacklist (not something hardcoded in config files, but rather
some sort of a database, possibly SQL based) so that I could relatively
On 10/15/2016 01:45 PM, Petr Bena wrote:
Hi,
I would like to implement some sort of semi-automated or dynamic sender
black listing. Basically what I would like to accomplish is to have a
dynamic blacklist (not something hardcoded in config files, but rather
some sort of a database, possibly SQL
On 15.10.16 07:04, Thomas Barth wrote:
I got a false positive because the test AM.WBL results in score 7. It
was a mail by email.apple.com (a bill). What is AM.WBL? I cant find
it in the test list: https://spamassassin.apache.org/tests_3_3_x.html
Do I have to set "score AM.WBL 0"?
On 14.10.16 16:26, Bowie Bailey wrote:
On the other hand, SA is a points-based system. If you checked SPF
based on the From header, you could then whitelist known list servers
and other exceptions and add a point or so to the rest. If you set
the score at 0.001 and monitored the non-spam
26 matches
Mail list logo