* John Levine via mailop:
> Tip: the media type is sometimes wrong so you're better off sniffing
> the first few bytes of the attachment to see what format it is. No,
> they shouldn't do that either. But they do.
Interesting you should mention that, given that I just watched a video
[1] discussin
* Vladimir Gabrielescu via mailop:
> I would sympathize with the argument plain text is a better medium for
> accessibility reasons, but I think expecting senders to anticipate your
> choice of MUA is a voluntary self exclusion from modernity.
I expect senders on mailing lists (!) to conform to e
* Michael Denney via mailop:
> I'm simply replying via my normal mail client. I didn't realize that
> having HTML in my message would cause anyone problems. AFAIK everyone
> these days has an HTML-Capable mail client, but maybe I was wrong.
There are still loads of MUAs going strong which run ins
* Jaroslaw Rafa via mailop:
> If we did travel into realms of philosophy (which your email
> definitely did :)), then it is worth to note that a language is
> primarily something that one speaks, not writes. Writing is secondary
> to spoken language. You cannot speak emojis, so it's not a language
* Jaroslaw Rafa via mailop:
> What an utterly absurd idea. Are they trying to turn email into yet
> another messenger/social-media type application?
Maybe Google sees a market for a clientele who find "LOL" too difficult
to spell and too time consuming to type?
-Ralph
___
* Simplelists - Andy Beverley via mailop:
> We only rewrite the from address if required because of DMARC, but the
> statement above implies that a special case needs to be made when
> delivering to Yahoo.
Are you sure you are interpreting Yahoo's documentation correctly? I
find it difficult to i
* Matus UHLAR - fantomas via mailop:
> you have spaces in your TXT recors which I believe makes it invalid
Yeah, that looks weird indeed. If you do need to break RRs into segments
to avoid length constraints, and if you are using BIND9, it should look
similar to this:
;; ANSWER SECTION:
24284._d
* Dave Crocker:
> How delightful. Attacking with creation of a post-hoc requirement.
You call that attacking? :-D Damn, but you're acting insecure. Also,
keep your ad hominem approach to yourself, I am not interested.
-Ralph
___
mailop mailing list
mai
* Al Iverson via mailop:
> My answer to the question of why: To make it slightly harder for bad
> guys to pick up and DKIM replay older messages.
The problem I see with trusting the x-tag is that one cannot be sure if
the functionality is implemented, or if the tag is "honored" by third
parties.
* Dave Crocker:
> Longer-term use has, at least, operational import, for access to the
> DKIM key and for access to the message in its signed form. Neither of
> these is automatically cheap, given operational vagaries and given the
> manipulations many email systems do to the messages they handle.
* Al Iverson via mailop:
> I love the idea of the X tag with DKIM to set an expiration date after
> which the signature should no longer be considered valid.
Why is that, I wonder? A digital signature does not age, after all.
Either a signature matches the signed payload or it does not; there is
* Olga Fischer via mailop:
> As automx is deprecated I used automx2 from rseichter.
> That author is very opinionated.
You think? ;-) To my knowledge, you neither filed an issue for automx2
nor contacted me, so I wonder how you came to this conclusion.
-Ralph
* Jeff Pang via mailop:
> Can I setup mailserver to accept messages via sdl/tls only from other
> MTA? How to disable peer MTA send me plaintext mail?
Do you ever research anything yourself before asking questions here? It
seems to me like you are abusing this mailing list to post any thoughts
wh
* Jeff Pang via mailop:
> Yes, it is not reasonable to classify spam emails solely based on the
> user's IP address or the majority weight of IP addresses.
You may think that, or wish it. Blacklists, be they public or in-house,
are actively used in the real world.
-Ralph
* Jeff Pang via mailop:
> My concern is that they only classify spam emails based on IP
> addresses.
Do they really? Are you completely certain it is not a combination of
factors? In any case, it is something you need to discuss with people
who are actually in positions to do something about it.
* Jaroslaw Rafa via mailop:
> The .eu.org free domains have been there since many years and from
> what I know, are rarely abused. But I guess some people immediately
> stop thinking when they hear about "free domains"...
Personally, I don't factor the price of domains into the block/pass
decisio
* Jeff Pang via mailop:
> Is there domain name discrimination in the email industry?
That's a provocative way of asking your question. ;-)
> For example, com, net, and org are considered to have higher
> reputations, while info, xyz, and top are considered to have lower
> ratings. [...] Will thi
* Viktor Dukhovni via mailop:
> But even that has been made significantly easier through projects like:
>
> https://mailinabox.email
>
> which deliver a turnkey software appliance that takes care of SMTP,
> IMAP, DNS, ... Naïve users can start with something along those lines,
> before consid
* Matt Vernhout:
> I'd say my usual experience is different, having worked with dozens of
> organizations moving to new Dedicated IPs for sending marketing emails
> [...]
I have not yet had dealings with customers who were in the business of
sending email for marketing purposes. I can imagine tha
* Anne P. Mitchell:
> Receivers don't block email from new IPs by default; they block them
> when they notice something amiss with the email (be it improper
> authentication, spam complaints, or something else).
That looks like a too generalised assessment to me. As I mentioned in a
different thr
* Michael Breuer via mailop:
> If you start from scratch: After booking your VM / IP check dns
> blocklists for the reputation of your new IP address. If you get a bad
> IP assigned, change it.
Agreed. The hosting company should feel motivated to get their IP
addresses unlisted, and has staff and
* Bjoern Franke via mailop:
> When everybody only uses a service for final delivery we possibly
> end up in a scenario in which only mails from the big players are
> accepted.
Good point!
I'd say that, based on the responses in this thread so far, it is
reasonable to assume that rolling your own
* Suresh Ramasubramanian:
> You might add that it is also possibly due to your being in a
> webhosting provider / datacenter that proactively manages abuse so
> that extremely high volume spammers aren’t sending from any nearby
> IPs.
That is possible, but I think that things have changed since t
* Philip Paeps via mailop:
> With such low volume, you will really struggle to get email delivered
> to the larger mailbox providers, whose filtering is largely based on
> reputation. It's almost impossible to build up (and maintain) a
> reputation unless you can manage at least O(hundreds) of mes
* Tony G. via mailop:
> So for this inquiry I really am asking about reliable hosts - anywhere
> in the world. That may or may not include names like Hetzner, Vultr,
> or AWS [...]
I have operated mail servers (both MX and outbound) on dedicated Hetzner
Servers since the early 2000s, for customer
* Alessandro Vesely via mailop:
> Researchshows that thousands of rules are fine, but hundreds of
> thousands bring it on its knees. I attach a picture.
Nobody spoke of hundreds of thousands of rules. That includes the
OP. Unless this magnitude is ever even remotely reached, I see little
incenti
* Jeff Pang via mailop:
> given currently I have 3000+ block IPs, every normal client requests
> to submission, the ip will be checked through those 3000+ list, which
> slow down the normal client's connection certainly.
I consider this is a case "measure, don't guess". I am right now logged
into
* Jeff Pang via mailop:
> postfix/smtps/smtpd[451948]: warning: unknown[211.184.190.87]: SASL
> LOGIN authentication failed: UGFzc3dvcmQ6
>
> I am afraid too many iptables will slow down the performance of systems.
Are you worried about iptables slowing systems down compared to Postfix
(and what
* Jeff P. via mailop:
> Can cloudflare (or others) deliver messages correctly to this IPv6 MX?
The longish answer is a resounding "maybe". An IPv6-only MX can be
reached only by those third-party servers which support outbound IPv6
connections on their end. Even in 2024, that is by no means every
* Thomas Walter via mailop:
> I am not sure what to make of them. Does anyone else get these?
I received several. I'm guessing that somebody is at the stage of
probing recipient addresses, using message bodies unlikely to occur
naturally.
-Ralph
___
ma
* Patrick Ben Koetter via mailop:
> I'm about to setup a new mailing list server. It will use Mailman 3,
> which is able to add ARC signatures to incoming messages. The lists
> will also rewrite the From:-header and to match the lists name and
> domain. I'm unsure if outbound messages should also
* Hetzner Blacklist via mailop:
> I’m not seeing anything offensive or insulting in our response.
Neither do I. The response simply describes what is happening. When a
third party X complains that Hetzner customer Y is a spammer, I consider
it only appropriate that Hetzner passes the complaint al
* Slavko via mailop:
> BTW, my daughter (who live in Germany) told me, that name, address,
> phone number and birthday date is enough to manipulate with bank
> account in Germany.
I don't know of any German bank where this is the case. In my
experience, banks are quite strict when it comes to acc
* Jaroslaw Rafa via mailop:
> No RFC *obligates* any recipient to honor DMARC *at all*.
Obviously, so why the emphasis? RFCs have only ever been attempts to
establish a reasonable consensus, or as Captain Barbossa put it, "a RFC
is more what you'd call 'guidelines' than actual rules."
> You cann
* Antonie Popovic via mailop:
> Sorry to break it to you, but the bad news about the pct tag is that
> not everyone respects it.
Indeed. In the case of DMARC, the receiving side is obviously always the
one to decide if (and which) actions are taken based on DMARC policies.
Personally, I wonder w
* Alessandro Vesely via mailop:
> I've seen a few DMARC records having pct=20 or similar. At a later
> time some of those domains evolved to pct=100, other removed the DMARC
> record completely. I'm not clear what is the intended use of such values.
>
> What do domain owners expect from an inte
* Alessandro Vesely via mailop:
> SASL methods allow secure authentication over unencrypted channels.
The organisation in question permits PLAIN/LOGIN authentication over
unencrypted channels, without prior STARTTLS. Bad choice.
-Ralph
___
mailop maili
* Thomas Walter via mailop:
> Their conclusion is that all vulnerabilities rely on the transition of
> an insecure connection to a secure connection.
No surprise there.
> While it does not seem to be an urgent issue, it might help if we'd
> get people to switch to implicit TLS where possible…
I
* Vsevolod Stakhov via mailop:
> I would still recommend to use Rspamd for regular expressions
> matching.
That figures. :-)
> you won't need any other milters when using Rspamd: no OpenDKIM/DMARC,
> no additional spam/bayes engine, even no AV milters - all these tasks
> could be done via Rspamd
* Steven Champeon via mailop:
> if you need something special [in Postfix], such as say, blocking mail
> from the idiot with infinite Gmail accounts having common Vietnamese
> surnames in them who keeps trying to sell t-shirts to your role
> accounts, you're out of luck.
I use Postfix plus milter
* Vsevolod Stakhov via mailop:
> [...] I can clearly see that Exim can also do many things internally
> (for example, more sophisticated email routing) that are literally
> impossible to inject or implement via the milter interface (apart from
> adding/removing recipients).
I have yet to encounte
* micah anderson via mailop:
> However, personally, I feel like they *are* spam. I get these on a
> daily basis, and I just delete them.
Given that one has to explicitly enable DMARC reports, how can one
consider them spam?
> Ok, yes, I can turn off the reporting, but does anyone actually do
> a
* Graeme Fowler via mailop:
> Assuming that this message appears, we're in business!
Looks like you are indeed. My thanks to you and the whole team for your
continued work.
-Ralph
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listin
* Anne P. Mitchell:
> the thing is that a default judgement is still a judgement. And
> because they are in the UK doesn't mean that it can't be enforced
> against them.. in the UK.
Did you not read what I quoted from the Spamhaus website? They are based
in Switzerland and Andorra, not the UK. My
* Brandon Long via mailop:
> default judgment, Spamhaus is not a US organization or wasn't properly
> served or whatever.
Looks like it. https://www.spamhaus.org/organization/ states:
"Founded in 1998, Spamhaus is based in Geneva, Switzerland, and
Andorra la Vella, Andorra [...]"
From what
* John Levine via mailop:
> Oh, there's your problem. Hetzner's network spews garbage. I don't
> accept any mail from it at all.
As someone who has been running production mail exchangers and outbound
SMTP relays on Hetzner servers for, oh, 10+ years, I am against your
position. Even Google and M
* Matt Corallo via mailop:
> The goal isn't to sign emails, in fact ideally we wouldn't have to at
> all. The goal is only to get the deliveability advantages of DKIM
> *without* signing (or at least without non-reputably signing) email.
I'm struggling with your stated goal. If you don't DKIM-sig
* Hetzner Blacklist via mailop:
> For the past few years, T-Online have been moving to a system where
> they block all unknown IPs. [...]
This statement matches what I experienced. Freshly installed mail
servers (with matching SPF entries) were unable to send email to
T-Online until I contacted t
* Michael Rathbun via mailop:
> After a telnet to an MX there, I see
>
>> 554 IP=47.190.44.19 - A problem occurred. (Ask your postmaster for
>> help or to contact t...@rx.t-online.de to clarify.) (BL) Connection
>> closed by foreign host.
I remember seeing this particular error code when setting
* Stefan Bauer via mailop:
> I'm thinking about not bouncing this mails back to my users, and give
> them another try after the problem is solved with remote site.
Your idea raises questions:
* How and when would you decide that the recipient responding with 5xx
was due to the message itself o
* Al Iverson via mailop:
> Sorry, Ralph, you're really on the wrong track here.
I'm OK with agreeing to disagree, and the discussion in itself has merit
even if we have different opinions. I did not claim that my method is
suitable for each and every case, however I do know it works nicely for
th
* Al Iverson via mailop:
> This is silly. Stop pushing this.
You may think it "silly", but that won't stop me from using and
promoting this method. It is a cheap and easy way to avoid existing
problems regarding mailing list use.
> If every Googler started posting from monksofcool.net then there
* Brandon Long:
> If we leave googlers.com open, then phishers are going to use it to
> send messages looking like [...] "secur...@googlers.com" and do what
> they do best.
One solution to that is not to use "googlers.com", but to use a domain
name with no visible ties to a particular company. Th
* Brandon Long:
>> I recommend using separate domains, or subdomains, for regular
>> business and for mailing lists [...]
>
> Why?
Because something is definitely wron if an email from ra...@mycorp.com
(an address only used for business) fails SPF or DKIM checks, and I'd
like to know about that.
* John Levine via mailop:
> Mailing lists have only been adding subject tags since the 1980s.
I do not wish to delve into whether these tags are useful or not, but
rewriting subjects or bodies invalidate existing DKIM signatures.
I recommend using separate domains, or subdomains, for regular bus
* Silver Asu via mailop:
> Is there any chance to get IMAP/SMTP/POP3 server settings autodiscover
> to work with modern desktop and mobile Outlook clients?
Have you considered automx2 ? See https://gitlab.com/automx/automx2 .
-Ralph
___
mailop mailing
56 matches
Mail list logo
