On Fri, May 31, 2024 at 06:22:03PM -0700, Brandon Long via mailop wrote:
> There's also nothing to prevent you from DKIM signing your bounce messages.
This can be a bit more complicated with, e.g., Postfix, because Postfix
tries to avoid potentially fragile content processing of bounces, so
in pa
Anyone else on Aussie Broadband static IP space having trouble receiving email
from (some) Proofpoint outbound servers?
I am currently unable to receive some important email because SMTP (TCP)
connections are apparently timing out between the outbound ProofPoint SMTP
relays and my MX host "mx1.
On Wed, Jun 05, 2024 at 11:08:31AM +0200, Tobias Fiebig via mailop wrote:
> Yeah, I misread 8616 there, then; My brain somewhat autoclicked to
> "well, if there can be UTF8 you must be able to mime encode."
No, RFC2047 encoding of headers applies only to header parts that are an
ABNF *phrase* in
On Wed, Jun 05, 2024 at 11:30:27AM +0200, Slavko via mailop wrote:
> Do you want to tell, that if d= and/or s= tags contains internationalized
> domain name/label, it must be in A-label (ASCII encoded) form? Or how it is
> supposed to be handled please?
For maximal simplicity and robustness use t
On Wed, Jun 05, 2024 at 05:29:16PM +0100, Vsevolod Stakhov via mailop wrote:
> In fact, the original distinction between structured and unstructured
> headers defined in the RFC2047 just makes parsing extremely complicated and
> I personally consider it as an example of a standard being accepted w
On Mon, Jun 03, 2024 at 09:41:45PM +0930, Joseph B via mailop wrote:
> > I am also unable to ping the sending machine from "mx1.imrryr.org",
> > while it is pingable from Munich and LA:
>
> Ripe ATLAS probes on Aussie Broadband are also unable to ping the host you
> mentioned, while other AU IS
On Thu, Jun 06, 2024 at 08:38:48AM +0100, Vsevolod Stakhov via mailop wrote:
> > Such willful disregard of essential interoperability requirements in
> > "rspamd" means I will not use it unless you back off from your current
> > position, and will strongly discourage others (e.g. postfix-users lis
On Thu, Jun 06, 2024 at 10:23:28AM +0200, Tobias Fiebig via mailop wrote:
> > To a degree, but not to the point of accepting total garbage
> > (RFC2047-encoded DKIM-Signature headers), or especially, generating
> > total garbage (producing RFC2047-encoded DKIM-Signature headers).
>
> Just to clar
On Mon, Jun 10, 2024 at 12:06:26PM +0200, Kirill Miazine via mailop wrote:
> Although there are better alternatives to 2 1 1 with Let's Encrypt, some
> still use 2 1 1, and it seems Exchange Online is not happy when there are 14
> TLSA records (why 14? because https://letsencrypt.org/certificates/
On Mon, Jun 10, 2024 at 10:06:26PM +1000, Viktor Dukhovni via mailop wrote:
> > Although there are better alternatives to 2 1 1 with Let's Encrypt, some
> > still use 2 1 1, and it seems Exchange Online is not happy when there are 14
> > TLSA records (why 14? because
On Fri, Jun 21, 2024 at 07:20:17AM +0800, Jeff Pang via mailop wrote:
> It seems the black ips are coming endlessly. Most of the bad actions
> are like this one:
>
> postfix/smtps/smtpd[451948]: warning: unknown[211.184.190.87]: SASL LOGIN
> authentication failed: UGFzc3dvcmQ6
>
> I am afraid
On Sat, Jun 22, 2024 at 07:01:00AM +0800, Jeff Pang via mailop wrote:
> do you know if there is a reverse proxy for submission?
None should be necessary.
> For instance, my server is in the US, while some customers are in EU,
> so I consider to deploy a reverse proxy in EU for speeding up their
On Fri, Jun 28, 2024 at 08:40:20AM +0200, Benny Pedersen via mailop wrote:
> > Does anyone here have a UTF-8 email address you'd let me send some
> > test messages to?
>
> so you know any dns servers that support utf-8 ?
[ Benny, here and on postfix-users, I'd like to encourage you to refrain
On Fri, Jun 28, 2024 at 07:50:09PM -0400, Jim P. via mailop wrote:
> I just received back a bounce that was delivered to my @live.com
> address, the one that sent the test message a few days ago. Here is
> what it contains:
Reading your first post brought to mind the recent report of potential
i
On Fri, Jul 05, 2024 at 07:45:10PM +0800, Jeff Pang via mailop wrote:
> When an user requests to join mailing list, which address should we
> take? The envelope address, or the header From address?
The envelope sender address is the address to use for bounces, SPF and
little else. It can change
On Tue, Jul 09, 2024 at 10:17:15AM +0800, Philip Paeps via mailop wrote:
> With such low volume, you will really struggle to get email delivered to the
> larger mailbox providers, whose filtering is largely based on reputation.
> It's almost impossible to build up (and maintain) a reputation unles
On Tue, Jul 09, 2024 at 11:20:53AM +0800, Philip Paeps wrote:
> > That's not my experience. My server for less than 10 users, sends
> > single-digit messages per day to the too big to fail email providers
> > with no apparent issues. And my server even moved to a new network
> > provider recentl
On Tue, Jul 09, 2024 at 07:40:04AM +0100, Andrew C Aitchison via mailop wrote:
> > +1 for Mythic Beasts. You also have some choice over the region that you
> > host in. Let's support the small hosting providers :)
>
> I too am very happy with Mythic Beasts,
> although I use their email service, r
On Tue, Jul 09, 2024 at 06:34:50PM +0200, Ralph Seichter via mailop wrote:
> It takes some technical knowledge and putting in work to keep
> a mail server running smoothly,
But even that has been made significantly easier through projects like:
https://mailinabox.email
which deliver a turn
On Wed, Jul 10, 2024 at 04:51:05PM -0400, John Levine via mailop wrote:
> I agree that overall, the new TLD program has been a failure and makes
> a mockery of ICANN's claim to operate as a public charity in the
> interests of the public.
Strong words indeed... The bubble does appear to have bur
On Mon, Jul 15, 2024 at 09:33:14PM +0200, Marco Davids (SIDN) via mailop wrote:
> Why not try something completely different, like https://www.xmox.nl/ ?
>
> It installs in minutes (literally) and gives you, out-of-the-box, everything
> you want with regard to DMARC, DKIM, SPF, MTA-STS, STARTTLS
On Mon, Jul 29, 2024 at 10:55:41AM -0400, Scott Q. via mailop wrote:
> Anyone else dealing with Outlook not rewriting the header From
> upon forwarding a meeting invite ?
>
> This is obviously wrong and breaks on domains with strict DMARC
> policy.
A relatively simple workaround is to attach the
On Wed, Jul 31, 2024 at 10:44:10PM +0200, Mechiel Lukkien via mailop wrote:
> > It's DANE implementation looks (cursory read of the code) incorrect to
> > me. I'd recommend against using non-mainstream security software.
>
> do you remember what looked wrong? i'm very interested in any leads
> (a
On Sun, Aug 11, 2024 at 05:25:19PM +, Slavko via mailop wrote:
> Dňa 11. augusta 2024 15:20:50 UTC používateľ "Scott Q. via mailop"
> napísal:
> >I've noticed this maybe 3-4 years ago. Could not tie it to any
> >legitimate customer or application.
>
> Yes, not real users, IPs are mostly fro
On Sun, Aug 11, 2024 at 08:12:19PM -0400, Scott Q. wrote:
> In my case the connections were hanging forever. That's why we
> had to get our IDS to kill them after ~5 seconds or they would take up
> a lot of connection slots.
When idle connections don't hang up unilaterally, Postfix times them out
On Mon, Aug 12, 2024 at 07:34:28AM +, Slavko via mailop wrote:
> Dňa 11. augusta 2024 23:46:43 UTC používateľ Viktor Dukhovni via mailop
> napísal:
>
> >I see some similar traffic (remote disconnects after ~8-30s) on my server:
>
> Please, what would be reasonable
On Tue, Aug 13, 2024 at 05:40:05PM -0700, incoming-mailop--- via mailop wrote:
> In our case we had a client who was repeated flagging our mailings as
> spam. We contacted the client and all was resolved.
I have distant recollection of reports that some users don't understand
the difference betw
On Wed, Aug 14, 2024 at 06:48:38AM -0700, Dave Crocker via mailop wrote:
> Making a distance-sensitive assumption about traffic behavior is a
> suprisingly bad idea for anything having to do with the Internet. Resources
> and their uses can be -- and often are -- a long way away and using
> conne
On Tue, Aug 27, 2024 at 06:18:01AM +0200, Bryan Holloway via mailop wrote:
> The password is correct, but it insists on verification from this user's no
> longer existing cellphone. Yet the back-up account exists. For some reason
> gmail refuses to try and use it, which would solve the underlying
On Thu, Aug 29, 2024 at 09:58:19AM -0700, Mark Fletcher via mailop wrote:
> Hi All,
> Over the past couple of years, we've had several instances of the following
> behavior:
>
> - Someone controlling several Yahoo/Hotmail/Gmail accounts will sign them
> up to mailing lists. Each address will sign
On Wed, Aug 28, 2024 at 12:03:01PM -0700, Brandon Long wrote:
> > Welcome to two-factor denial of service. I try to resist signing up for
> > such baked-in disasters as much as I can, but the powers that be (hello
> > GitHub) have made it impossible in many cases.
> >
> > It is a sad state of aff
On Thu, Aug 29, 2024 at 04:02:49PM -0400, Kevin A. McGrail via mailop wrote:
> And reading some of the other responses, because the emails are being
> forwarded, I'm assuming that DKIM wouldn't pass [...]
The most signficant benefit of DKIM message content authentication over
SPF is precisely tha
On Sat, Aug 31, 2024 at 08:16:22AM +0100, Matthew Richardson via mailop wrote:
> I also wish to keep accounts/credentials indefinately, and think I have
> concluded that this can be adequately achieved using TOTP as well as unique
> email address/password combinations for each account.
>
> TOTP i
On Tue, Sep 03, 2024 at 10:17:22PM +, Graeme Slogrove via mailop wrote:
> Microsoft documentation states that they support message headers up to 256KB
>
> https://learn.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#message-limits:
On Wed, Sep 04, 2024 at 05:56:10AM +, ml+mailop--- via mailop wrote:
> On Wed, Sep 04, 2024, Viktor Dukhovni via mailop wrote:
>
> > However, when milters are in use, the per-logical header limit is
> > silently capped at 6 bytes in aid of compatibility with the mil
On Sun, Oct 06, 2024 at 11:58:11AM +0200, Slavko via mailop wrote:
> Ahoj,
>
> Dňa 5 Oct 2024 16:29:26 -0400 John Levine via mailop
> napísal:
>
> > A domain name is a sequence of labels, with each label being a string
> > of 65 octets or less. Hostnames are a subset of domain names, where
> > e
On Sat, Oct 05, 2024 at 01:05:04PM +, Slavko via mailop wrote:
> + both are able to use underscored labels (eg. _dmarc), in contrast
> of idna library, which rejects that domain name with invalid char
The ICU library encodes domain names that consist of valid U-labels and
NR-LDH labels to A
On Mon, Oct 07, 2024 at 02:30:57PM -0600, Anne P. Mitchell, Esq. via mailop
wrote:
> Does anyone have a real human contact at
> unifiedlayer/hostgator/bluehost? Or should we just blackhole them?
> Massive ongoing spam, we've given them the (constant!) IP address,
> they just do the shell game of
> On 20 Oct 2024, at 7:09 AM, Gellner, Oliver via mailop
> wrote:
>
> Apple Mail shows Reply-To headers. Not only by default, but always, you
> cannot hide them.
> The downside is that it does not show the email addresses but only the
> display names, both for the From and the Reply-To headers
On Fri, Oct 04, 2024 at 09:37:18PM +, Slavko via mailop wrote:
> i am playing with IDNA in python and i found, that these IDNA
> (2003/2008) related things are "underdocumented" in both,
> the idna library and aiodns/dnspython and there are various
> problems, which needs try-error game.
The
On Mon, Oct 28, 2024 at 07:48:42AM +, Pete Long wrote:
> > On 28 Oct 2024, at 05:32, Viktor Dukhovni via mailop
> > wrote:
> >
> > Mind you, why is there a trailing "#" at the end of the "p=" value,
> > that's not a valid Base6
On Wed, Oct 23, 2024 at 02:35:51PM +0200, Ralf Schenk via mailop wrote:
> I'm asking if someone is using CSA's (https://certified-senders.org/)
> certified senders whitelist which is now delivered in JSON together with a
> simple updater script to convert this in a whitelist/table usable by postfi
On Wed, Oct 23, 2024 at 04:05:18PM +0200, Ralf Schenk via mailop wrote:
> It's not public available. It's structure is simple but it has a huge number
> of individual IP's listed not networks. So it's suited for an Postfix access
> table and comments about company and abuse-address
> https://www.p
On Sun, Oct 27, 2024 at 06:40:06PM +, Pete Long via mailop wrote:
> The issue has now been resolved. I'm not entirely sure how but all
> I've done on my end is to generate a new pair of DKIM keys today and
> pop the public key in DNS for valar.uk.net.
The new key encoding has no internal whit
On Sat, Oct 26, 2024 at 02:16:51PM -0400, John Levine via mailop wrote:
> It appears that Gino via mailop said:
> >Those awful RSA keys. What's the consensus on using only ed25519 DKIM
> >signatures?
>
> You'll lose a lot of mail, because very few systems implement them.
>
> I wrote the RFC and
On Thu, Oct 24, 2024 at 02:58:00AM +1100, Viktor Dukhovni via mailop wrote:
> The below works if it is not too costly to hold the entire thing in
> memory. It can be optimised for streaming, but the "jq" script becomes
> harder to understand.
>
The streaming version (e
On Fri, Oct 25, 2024 at 08:27:21PM +0200, Matus UHLAR - fantomas via mailop
wrote:
> you have spaces in your TXT recors which I believe makes it invalid:
>
> default._domainkey.valar.uk.net. 300 IN TXT "v=DKIM1; k=rsa;
> p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr51Z83Plk5XDJOCp8wk7
>
On Wed, Oct 23, 2024 at 08:56:11PM +0200, Ralf Schenk via mailop wrote:
> Hey,
>
> cool ! Thank you. One of my young employees asked an AI and got a working
> python solution, too. This also tries to compact the list by building
> networks in CIDR form from the huge number of individual IP's. As o
On Tue, Nov 12, 2024 at 10:57:51AM -0600, Chad Dailey via mailop wrote:
> Had an issue that started last week around 0304 CST 11/7/2024, mail
> deliverability for our Exchange service went to zero. Looking closer it
> appears that the DNSSEC chain is failing, because an invalid RCODE is being
> r
On Wed, Nov 13, 2024 at 09:28:39AM -0400, Adriano Barbosa via mailop wrote:
> Anyone having issues in receiving (yes, receiving, not sending to)
> emails from Gmail today? I can receive from other domains and from other
> big ones like Microsoft and Apple, but only not from Gmail.
> I tested sendi
On Sun, Sep 22, 2024 at 09:25:36AM +0300, Atro Tossavainen via mailop wrote:
> > Get a Linux machine in an AS that doesn't host abusers (check the AS
> > using http://www.uceprotect.net/de/rblcheck.php) and install your MTA there.
>
> I might not advocate for UCEProtect as a source of truth for an
On Sun, Sep 22, 2024 at 09:14:17AM +0200, Bastian Blank via mailop wrote:
> > > I might not advocate for UCEProtect as a source of truth for anything.
> > > But that's just my €0.02.
> >
> > Ditto, they aggressively list Aussie Broadband's entire AS,
> > https://www.uceprotect.net/en/rblcheck.
On Mon, Sep 23, 2024 at 03:56:20PM -0700, Michael Peddemors via mailop wrote:
> On 2024-09-23 14:52, Brotman, Alex via mailop wrote:
> > Hello,
> >
> > It appears as though TM has a segment of our network incorrectly listed as
> > "dial-up". I'm looking for a contact over there who might be able
On Thu, Sep 19, 2024 at 11:54:40AM -0700, Seth Mattinen via mailop wrote:
> On 9/19/24 11:53, Marco Moock wrote:
> > Am 19.09.2024 um 11:29:23 Uhr schrieb Seth Mattinen via mailop:
> >
> > > Looking for someone who handles mail in duke.edu for a
> > > sub-delegation. I am having problems with mail
On Thu, Sep 19, 2024 at 11:29:23AM -0700, Seth Mattinen via mailop wrote:
> Looking for someone who handles mail in duke.edu for a sub-delegation. I am
> having problems with mail delays on @dm.duke.edu due to DNS lookup failures
> causing domain does not exist errors.
The are of course (soft-fai
On Wed, Nov 06, 2024 at 02:47:00PM +0100, Mechiel Lukkien via mailop wrote:
> While we're on the topic of underscores. What about underscores in MX records?
They're invalid in both the owner name and the exchange name.
> I've seen mx records like _dc-mx.[domain] set by cloudflare.
Is by cloudfl
On Mon, Nov 18, 2024 at 01:08:19PM +, Gellner, Oliver via mailop wrote:
> On 18.11.2024 at 13:33 Fehlauer, Norbert via mailop wrote:
> > is using ECC certificates for SMTP TLS (sending/receiving) something
> > thats a common thing nowadays or does that involes the risk of not
> > being reached
On Mon, Nov 18, 2024 at 05:16:44PM +0100, Geert Hendrickx via mailop wrote:
> I think most of those, at least including gmail.com, use dual (ECC+RSA)
> certs, typically with preference for ECC, so "support ECC" doesn't mean
> "not support RSA".
Indeed I have little visibility on dual cert servers
On Mon, Nov 18, 2024 at 03:02:59PM +0100, Michael Grimm via mailop wrote:
> > +1. Saving a few bytes transmitting certs is not that compelling with
> > SMTP, so there's a reasonable case for sticking with RSA.
>
> Or provide both RSA and ECC certificates if the MTA in question supports it
> [1]
On Sun, Nov 17, 2024 at 01:30:24AM +0100, Olga Fischer via mailop wrote:
> Some of our domains receive TLS reports for connections their mx's
> didn't make on behalf of any user of such a domain.
This makes no sense, because unlike DMARC reports which are sent by
receiving (server) systems, TLS r
On Sun, Nov 17, 2024 at 10:09:59PM +, Andrew C Aitchison via mailop wrote:
> > There is active work on TLSRPT support in Postfix, if this sees
> > non-trivial adoption, the volume of reports [may] go up a bit.
>
> Thanks. I'm thinking about adding these reports to/for Exim.
> Is https://www.p
On Thu, Dec 05, 2024 at 03:01:04PM +, Gellner, Oliver via mailop wrote:
> > Well, the correct reply code is 452. The correct enhanced status code is
> > 4.5.3:
> > https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml
>
> The IANA link claims that the
On Thu, Dec 05, 2024 at 06:20:11AM -0800, Michael Peddemors via mailop wrote:
> And for the record, ESP's and senders should NEVER assume that they can send
> even 100 recipients.
Well, senders really SHOULD be able to, the fact that some large
providers feel at liberty to violate the specificati
On Wed, Dec 04, 2024 at 09:13:01AM +, Winni Neessen via mailop wrote:
> other systems like Mox had a similar issue:
> https://list.mailop.org/private/mailop/2024-November/029764.html Fix
> for this was also to disable session tickets. Since more than one MTA
> is affected, feels like MS might
On Wed, Dec 04, 2024 at 12:22:20PM +0100, Renaud Allard via mailop wrote:
>
>
> On 12/4/24 12:00 PM, Cyril Nicodeme via mailop wrote:
> > Hi everyone,
> >
> > I was wondering if there was a standardized limit, or a "common sense"
> > limit on how many (valid) RCPT command a client can send. If t
On Fri, Dec 27, 2024 at 09:19:12AM -0500, Michael Denney via mailop wrote:
> I need to go make my coffee before I keep responding so I can boot my
> brain up fully.
While you're making coffee, as a brief respite from contemplating the
pain inflicted on SOHO email operators by the TBTF email provi
On Thu, Jan 30, 2025 at 06:38:14PM +, Andrew C Aitchison via mailop wrote:
>
> On Mon, 18 Nov 2024, Viktor Dukhovni via mailop wrote:
>
> > Exim is after all (IIRC) still using my dated code for DANE cert
> > validation over OpenSSL. Though with OpenSSL 1.0.2 long
On Fri, Jan 31, 2025 at 12:41:58AM +, Matt Palmer via mailop wrote:
> On Thu, Jan 30, 2025 at 02:03:51PM +0100, Matus UHLAR - fantomas via mailop
> wrote:
> > Nowadays, we can mark domains that don't send mail using Null MX (rfc 7505).
>
> The title of RFC7505 is "A "Null MX" No Service Reso
On Sat, Feb 01, 2025 at 04:11:48PM +0800, Philip Paeps via mailop wrote:
> > I'm afraid that sending email from a NullMX domain that does not accept
> > any bounces, replies, postmaster queries, ... is a lost cause. Plenty
> > of systems will reject attemtps to send mail from such a domain, mine
On Wed, Dec 04, 2024 at 07:23:07PM -0700, Andrew Barker via mailop wrote:
>RFC 5321, indicates the correct code for too many recipients is code
>452. It also notes that some old servers might also return 552 due to
>an error in an older RFC. Both codes should be treated as a temporary
On Wed, Dec 04, 2024 at 08:01:34PM -0600, Grant Taylor via mailop wrote:
> On 12/4/24 09:45, Viktor Dukhovni via mailop wrote:
> > No, not a "421", since that would normally also be a connection abort,
> > and none of the recipients would get the mail.
>
> What
On Wed, Jan 29, 2025 at 01:46:59PM +0100, Matus UHLAR - fantomas via mailop
wrote:
> > On 2025/01/28 16:55, Fehlauer, Norbert via mailop wrote:
> > > if a domain has no mx record than a fallback to A/ for the
> > > domain is possible. Is this fallback only to happen when no mx
> > > record e
On Thu, Feb 13, 2025 at 04:54:13PM -0600, Mike Hammett via mailop wrote:
> This seems a bit elementary, but it's not working as I'd expect.
>
> I'm trying to send an email to a well-known mailing list (voiceops).
> My mail server (Proxmox Mail Gateway) seems to be skipping over the
> server at pr
On Fri, Feb 14, 2025 at 10:31:12AM +0100, Bjoern Franke via mailop wrote:
> Hi,
>
> >
> > If the problem is actually Proxmox not implementing MX handling
> > correctly, the obvious solution is to use an MTA that does.
> >
> >
> > https://web.archive.org/web/20230308041144/https://dilbert.c
On Tue, Mar 18, 2025 at 09:39:16AM +, Fehlauer, Norbert via mailop wrote:
> Just wanted to share some insights after using the ECC certificates on
> a few MTAs over the past month. I only did see problems with sending
> Cisco ESA's, which don't have ECC certificate support enabled for
> outbou
On Mon, Mar 17, 2025 at 02:39:11PM +0100, Dan Malm via mailop wrote:
> I'm currently (and have been for 30+ days) seeing issues delivering
> messages to Microsoft over IPv6. ~10% of messages delivered over IPv6
> to Microsoft gets an error like this on the initial delivery attempt:
>
> "Service
On Wed, Mar 19, 2025 at 11:47:21PM +, Brotman, Alex via mailop wrote:
> I'm seeing periodic failures to usps.com (specifically
> "email.informeddelivery.usps.com", but the MX for both hosted at the
> same gpphosted names). It's not all the time, only during what I
> would guess to be high vol
On Sat, Mar 22, 2025 at 10:37:31AM -0500, Bob Lindner via mailop wrote:
> Has anyone run into issues sending mail to email addresses at sbcglobal.net,
> bellsouth.net, att.net, att.net, ameritech.net, nvbell.net, flash.net,
> swbell.net, prodigy.net, pacbell.net, currently.com, and snet.net? All
On Tue, Mar 18, 2025 at 01:49:56PM +0100, Dan Malm via mailop wrote:
> On 2025-03-17 15:02, Viktor Dukhovni via mailop wrote:
> > Any chance you can share a few of the domain names? Have you tried
> > resolving the ._domainkey. TXT RRset via DNSviz or,
> > perhaps better, R
On Fri, Apr 04, 2025 at 08:17:19PM -0500, Lyle Giese via mailop wrote:
> But in the mean time the logs started showing a few more services failing to
> send to my smart host, like SendGrid and another mass mailing outfit(no big
> loss but concerning). So I bit the bullet and bought a very cheap(<
On Thu, Apr 03, 2025 at 01:25:52AM +0200, Winni Neessen via mailop wrote:
> On Wed, 2 Apr 2025 at 18:13:43, Viktor Dukhovni via mailop wrote:
>
> > I am unable to reproduce your reported behaviour. With a slightly
> > modified "posttls-finger" (to send RSET before
On Fri, Apr 04, 2025 at 11:54:28PM -0400, John Levine via mailop wrote:
> It appears that Viktor Dukhovni via mailop said:
> >On Fri, Apr 04, 2025 at 08:17:19PM -0500, Lyle Giese via mailop wrote:
> >
> >> But in the mean time the logs started showing a few more s
On Mon, Apr 07, 2025 at 01:21:44PM -0400, John Levine via mailop wrote:
> We particularly want good logging so when someone asks why didn't I
> get my update we can tell them without grepping
> through a whole day's logs.
For timely delivery status info, I'd recommend enabling VERP and having
the
On Sun, Mar 30, 2025 at 11:57:09AM -0400, Jan Schaumann via mailop wrote:
> Viktor Dukhovni via mailop wrote:
> > The observed TLS handshakes from the (very likely botnet) nodes offer
> > support for hybrid Post-Quantum key exchange (X25519MLKEM768) (which my
> > TLS stack t
The observed TLS handshakes from the (very likely botnet) nodes offer
support for hybrid Post-Quantum key exchange (X25519MLKEM768) (which my
TLS stack then prefers, ensuring its use when supported).
I would not have expected botnets to be quite so bleeding edge in their
TLS support, use of hybrid
On Tue, Apr 01, 2025 at 12:12:50PM +0200, Wolfgang Breyha via mailop wrote:
> # smtpdane -mx aok.de
> found 2 MX records for "aok.de" across 1 preference levels
> "aok.de" MX preference 10: [mx1.aok.de. mx2.aok.de.]
> found 1 TLSA records for "_25._tcp.mx1.aok.de."
> 3 1 1 683a23a957746ab61ccb
On Mon, Apr 07, 2025 at 06:38:56AM -0700, Mark Milhollan via mailop wrote:
> On Mon, 7 Apr 2025, Klaus Ethgen wrote:
>
> > With this Lets-Encrypt-stuff comes that the certificate needs to be
> > replaced every 3 Months. I do not have all the time to replace them that
> > often.
>
> FYI, it seems
On Tue, Apr 22, 2025 at 01:29:53PM +1000, Viktor Dukhovni via mailop wrote:
> One likely source of problems may have been the default
> "[!UNAVAIL=return]" element of the "hosts:" entry in nsswitch.conf:
>
> hosts: files myhostname resolve [!UNAVAIL=retur
This morning (GMT+1000), my Postfix MTA refused some legitimate email
relayed via [52.62.108.212] (550, so not a transient lookup error from
getnameinfo(3)) due to apparent lack of a PTR record:
Apr 22 09:23:57 amnesiac postfix/smtpd[315022]: NOQUEUE: reject: RCPT
from unknown[52.62.10
On Mon, Apr 07, 2025 at 12:47:33PM -0400, Bill Cole via mailop wrote:
> On 2025-04-07 at 09:38:56 UTC-0400 (Mon, 7 Apr 2025 06:38:56 -0700 (PDT))
> Mark Milhollan via mailop
> is rumored to have said:
>
> > Mainly it is for browsers but that would force some senders to go along
> > if their recei
On Tue, Feb 18, 2025 at 07:59:49AM +, Mark Delany via mailop wrote:
> I'm seeing a curious submission failure with the latest macOS Mail.app
> (Sequoia 15.3.1)
> and wondering whether others are seeing it also. The submission mechanism is
> via an
> stunnel into an SMTP server and stunnel/op
On Wed, Feb 19, 2025 at 01:28:11AM +1100, Viktor Dukhovni via mailop wrote:
> On Tue, Feb 18, 2025 at 07:59:49AM +, Mark Delany via mailop wrote:
>
> > I'm seeing a curious submission failure with the latest macOS Mail.app
> > (Sequoia 15.3.1)
> > and wondering
On Sat, Mar 22, 2025 at 08:56:39PM -0500, Bob Lindner wrote:
> Thank you, Viktor. I do think this is possibly a networking issue, as
> things work well until Client Hello, where everything just stops. tcpdump
> below.
Retransmission with no ACKs is indicative of a firewall issue more than
an ap
On Mon, Mar 24, 2025 at 11:54:48AM +, Brotman, Alex wrote:
> Thanks, and so you think in periods where traffic is greater that the
> responses are taking too long, so the whole thing is causing timeouts
> when validation is attempted?
Combining large responses that require TCP fallback, and m
On Thu, Apr 03, 2025 at 10:09:19AM +0200, Winni Neessen via mailop wrote:
> I wonder if it's some kind of TLS related sequence that posttls-finger
> understands and simply ignores?
>
> Anyways, thanks again for double checking.
Don't know what changed, but testing again, I now see the problem ju
On Thu, Apr 03, 2025 at 03:08:40PM +, Slavko via mailop wrote:
> On 3. apríla 2025 10:16:17 UTC, Andrew C Aitchison via mailop
> wrote:
>
> >I get those bytes too, followed by the error message
>
> Here nothing special:
>
> ...
> 1450: 3235 302d 534d 5450 5554 4638 0d0a 3235 2
On Wed, Apr 02, 2025 at 05:17:18PM +0200, Winni Neessen via mailop wrote:
> I am currently analysing a weird behaviour when communicating with
> SMTP servers at qq.com. When connecting to their SMTP server via TLS
> (explicit or implicit doesn't matter) and I send a "EHLO" followed by
> a "RSET" a
On Wed, May 07, 2025 at 08:15:42AM -0400, Dave Brockman via mailop wrote:
> It is possible a firewall or middleware box is denying crypto algos?
I think more likely the resulting packet size than the specific key
exchange group, but my question is intended to ferret out how common
this problem mi
The OpenSSL project has received a reproducible report that SMTP
connections to boeing.com's MX hosts time out when the SMTP client is
linked with OpenSSL 3.5, which defaults to sending an X25519MLKEM768
keyshare. As seen in the "tcpdump" decode below my signature, the TLS
ClientHello (1448 bytes)
On Fri, May 16, 2025 at 09:23:13PM -0500, Grant Taylor via mailop wrote:
> On 5/16/25 6:19 AM, Gellner, Oliver via mailop wrote:
> > Thanks for the information. Using certificates from a third party for
> > client authentication, where you have no control what other certificates
> > are being issue
1 - 100 of 111 matches
Mail list logo
