Plain old greylisting can yield many false positives, but recent
implementations of milter-greylist for example will not greylist
messages that validates SPF. It helps *a lot*.
The question is: does it only help "a lot", or is the result "zero false
positives"? I personally don't belie
On 2019-11-22 04:21 GMT, Wesley Peng wrote:
> The email I am using is with domain of mail.ru, which has the
> strictest DMARC policy setting.
>
> So mailing list like postfix-users doesn't deliver my message to
> myself on this domain. And google groups rewrite the sender address
> to their own ad
On Fri, 22 Nov 2019 at 08:42, Nick wrote:
> On 2019-11-22 04:21 GMT, Wesley Peng wrote:
> > The email I am using is with domain of mail.ru, which has the
> > strictest DMARC policy setting.
> >
> > So mailing list like postfix-users doesn't deliver my message to
> > myself on this domain. And goo
Hi
the mail I sent from mail.ru to this list got dropped, I didn’t get the message
I sent.
On Fri, Nov 22, 2019, at 4:41 PM, Nick wrote:
> On 2019-11-22 04:21 GMT, Wesley Peng wrote:
> > The email I am using is with domain of mail.ru, which has the
> > strictest DMARC policy setting.
> >
> > S
I meant I didn’t get it in my mail.ru inbox. The other providers may or may not
reject it. Thanks.
On Fri, Nov 22, 2019, at 5:52 PM, Wesley Peng wrote:
> Hi
>
> the mail I sent from mail.ru to this list got dropped, I didn’t get the
> message I sent.
>
>
> On Fri, Nov 22, 2019, at 4:41 PM, Ni
On Fri, 22 Nov 2019 at 09:56, Wesley Peng wrote:
> I meant I didn’t get it in my mail.ru inbox. The other providers may or
> may not reject it. Thanks.
>
> On Fri, Nov 22, 2019, at 5:52 PM, Wesley Peng wrote:
>
> Hi
>
> the mail I sent from mail.ru to this list got dropped, I didn’t get the
> mes
Hello List,
is there a clean way to optionally present a client certificate to a Postfix
MX configured with
smtpd_tls_received_header=yes
smtpd_tls_ask_ccert = yes
smtpd_tls_CApath=/etc/ssl/certs
without breaking the use of TLS or even the mail delivery to MXes that are
verifying presented cl
On 11/21/19 11:47 PM, Wesley Peng wrote:
> Richard Damon wrote:
>> That is a question to ask them. Basically the strict DMARC policy is
>> designed for transactional email, where spoofing is a real danger. The
>> side effect of it is that addresses on such a domain really shouldn't be
>> used on ma
Dnia 22.11.2019 o godz. 10:45:42 Wesley Peng pisze:
>
> So mailing list makes DKIM or SPF failed?
>
> Thank you for your helps.
My opinion is that the actual problem is that people who invented SPF and/or
DMARC had wrong assumptions about how email works/should work.
They assumed email is a str
Would this list break SPF then? Thanks
On Fri, Nov 22, 2019, at 7:15 PM, Richard Damon wrote:
> On 11/21/19 11:47 PM, Wesley Peng wrote:
> > Richard Damon wrote:
> >> That is a question to ask them. Basically the strict DMARC policy is
> >> designed for transactional email, where spoofing is a re
No. It's how DMARC uses SPF.
Scott K
On November 22, 2019 11:25:47 AM UTC, Wesley Peng wrote:
>Would this list break SPF then? Thanks
>
>On Fri, Nov 22, 2019, at 7:15 PM, Richard Damon wrote:
>> On 11/21/19 11:47 PM, Wesley Peng wrote:
>> > Richard Damon wrote:
>> >> That is a question to ask
On Fri, 22 Nov 2019 at 11:26, Jaroslaw Rafa wrote:
> Dnia 22.11.2019 o godz. 10:45:42 Wesley Peng pisze:
> >
> > So mailing list makes DKIM or SPF failed?
> >
> > Thank you for your helps.
>
> My opinion is that the actual problem is that people who invented SPF
> and/or
> DMARC had wrong assumpt
On 11/22/19 6:25 AM, Jaroslaw Rafa wrote:
> Dnia 22.11.2019 o godz. 10:45:42 Wesley Peng pisze:
>> So mailing list makes DKIM or SPF failed?
>>
>> Thank you for your helps.
> My opinion is that the actual problem is that people who invented SPF and/or
> DMARC had wrong assumptions about how email w
Dnia 22.11.2019 o godz. 11:40:29 Dominic Raferd pisze:
>
> The limitations you describe affect SPF but not DMARC because DMARC can
> rely *either* on SPF *or* on DKIM.
But it probably depends on how the *recipient* configured DMARC checking and
the sender can't do anything about it - am I right?
Dnia 22.11.2019 o godz. 07:24:03 Richard Damon pisze:
>
> Base SPF works through a traditional forwarder, because the base rules
> for SPF allow the message to pass based on the domain of the Sender:
> header, not just the From:. A proper forwarder will add a Sender: header
> for itself, to indica
On Fri, 22 Nov 2019 at 12:45, Jaroslaw Rafa wrote:
> Dnia 22.11.2019 o godz. 11:40:29 Dominic Raferd pisze:
> >
> > The limitations you describe affect SPF but not DMARC because DMARC can
> > rely *either* on SPF *or* on DKIM.
>
> But it probably depends on how the *recipient* configured DMARC ch
Dnia 22.11.2019 o godz. 13:16:41 Dominic Raferd pisze:
> Even so, the eu.org DMARC policy is 'none' so it is *not* advising receiver
> to quarantine or block emails that fail the DMARC policy (which begs the
> question of why bother with a DMARC policy at all of course).
Many domains have DMARC po
On 22.11.19 06:15, Richard Damon wrote:
Normal forwarding will break SPF,
note that by "normal forwarding" Richard meant the old-school
"re-send mail to new recipient, keep its contents and the envelope sender"
where the keeping envelope sender is what breaks SPF. This is imho valid,
because
On 22.11.19 07:24, Richard Damon wrote:
Base SPF works through a traditional forwarder, because the base rules
for SPF allow the message to pass based on the domain of the Sender:
header, not just the From:. A proper forwarder will add a Sender: header
for itself, to indicate that while it was no
Hi,
I've set up sieve vacation reply but my postfix setup is using
smtp_sasl_password_maps and smtp_sender_dependent_authentication.
The problem is that Sieve will send the reply with "from=<>" to prevent
bounces.
This means that Postfix has no way to authenticate to my ISP because it
does
* merr...@fn.de:
> We did get a lot of spam messages from Chinese providers. We speak not
> Chinese, do you think if it is possible to reject all mails from
> China?
SpamAssassin, which is often used in combination with Postfix, has a
plugin called "RelayCountry" that allows you to change the spa
* Lars Kollstedt:
> is there a clean way to optionally present a client certificate to a
> Postfix MX [...]
I hope I don't misinterpret your question here. When acting as an SMTP
client, Postfix should present the certificate you have defined via
smtp_tls_cert_file if the receiving Postfix (the S
On Fri, Nov 22, 2019 at 12:11:21PM +0100, Lars Kollstedt wrote:
> Is there a clean way to optionally present a client certificate to a
> Postfix MX without breaking the use of TLS or even the mail delivery
> to MXes that are verifying presented client certificates against a
> local CA, and rejecti
SA (Spamassassin) is good idea, I saw most people running their own mail
servers are using it.
On Sat, Nov 23, 2019, at 4:35 AM, Ralph Seichter wrote:
> * merr...@fn.de:
>
> > We did get a lot of spam messages from Chinese providers. We speak not
> > Chinese, do you think if it is possible to r
Hi
when validating DMARC, it use the envelop address, or use from address from the
header? Thanks
On 11/22/19 7:12 PM, Wesley Peng wrote:
> Hi
>
> when validating DMARC, it use the envelop address, or use from address
> from the header? Thanks
>
DMARC specifically says that validation is to be based on the From:
Header of the message (which is different than how SPF and DKIM work by
themselves
merr...@fn.de writes:
> [...] do you think if it is possible to reject all mails from China? Thanks
How about moving to Gmail(Google Apps)? Gmail's spam defense is not bad, i
think. Plus don't block China. Blocking China is blocking money.
Sincerely,
--
^고맙습니다 _地平天成_ 감사합니다_^))//
On 11/22/19 6:25 AM, Wesley Peng wrote:
> Would this list break SPF then? Thanks
>
This list sends with an envelope sender in the lists domain, so it
doesn't break general SPF, it will break DMARC SPF, since that check SPF
only to the From: domain.
This list doesn't modify messages in a way to br
Thanks for helps.
On Sat, Nov 23, 2019, at 11:07 AM, Richard Damon wrote:
> On 11/22/19 6:25 AM, Wesley Peng wrote:
> > Would this list break SPF then? Thanks
> >
> This list sends with an envelope sender in the lists domain, so it
> doesn't break general SPF, it will break DMARC SPF, since that
29 matches
Mail list logo
