Re: Somewhat OT: DMARC and this list

2017-05-20 Thread RW
On Sat, 20 May 2017 14:02:48 -0500 (CDT) Dave Funk wrote: > When you get major amounts of Ham from O-365 most of the tokens > derived from O-365 messages get 0.000 score. So when spammers use > O-365 even blatant spam gets a Bayes score of 00%. (and this is after > putting all the O-365 headers in

Re: Somewhat OT: DMARC and this list

2017-05-20 Thread Dave Funk
On Sat, 20 May 2017, David Jones wrote: From: David B Funk [snip..] The message from you that I'm replying to here (both the one that came directly to me and the copy I got thru the  Apache list server) are -totally- devoid of DKIM headers. (If you'd like to see it I can put it up in paste-bi

Re: Somewhat OT: DMARC and this list

2017-05-20 Thread David Jones
>From: David B Funk   >On Fri, 19 May 2017, David Jones wrote: >>> From: David B Funk >>   >>> On Fri, 19 May 2017, RW wrote: >> On Fri, 19 May 2017 14:13:22 -0500 (CDT) David B Funk wrote: ne. > > My read on this is that "@ena.com" is living dangerously. They

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread RW
On Fri, 19 May 2017 22:40:41 +0200 Benny Pedersen wrote: > problem with rfcs for dmarc is that its not possible to whitelist > maillists servers so thay never reject on policy reject, what would > happend if we all reject on a single domain that have policy > reject ?, then no one would be subs

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread David B Funk
On Fri, 19 May 2017, David Jones wrote: From: David B Funk   On Fri, 19 May 2017, RW wrote: On Fri, 19 May 2017 14:13:22 -0500 (CDT) David B Funk wrote: ne. My read on this is that "@ena.com" is living dangerously. They publish SPF records and DMARC records (with p=reject) but do NOT DK

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Benny Pedersen
Alan Hodgson skrev den 2017-05-19 22:34: Well, it's not the list. Others' signatures are coming through fine. problem is that dkim is not showing to apache.org mailserver, so downstream testing dmarc rejects, undesired config in many ways I had to tell OpenDMARC to whitelist ena.com to get

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Benny Pedersen
David Jones skrev den 2017-05-19 21:36: SPF:PASS with IP 96.5.1.12 DKIM: PASS with domain ena.com DMARC: PASS authentication-results: spamassassin.apache.org; dkim=none (message not signed) header.d=none;spamassassin.apache.org; dmarc=none action=none header.from=ena.com; is somethin

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Alan Hodgson
On Friday 19 May 2017 20:11:42 David Jones wrote: > >Urgg, I see that now. I looked at a few of David Jones' posts to this list > >and saw that they weren't DKIM signed, so I extrapolated that to a general > >asumption. > > They are DKIM signed so something must be striping the headers. > Well,

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread David Jones
>From: David B Funk   >On Fri, 19 May 2017, RW wrote: >> On Fri, 19 May 2017 14:13:22 -0500 (CDT) >> David B Funk wrote: >> >> ne. >>> >>> My read on this is that "@ena.com" is living dangerously. They >>> publish SPF records and DMARC records (with p=reject) but do NOT DKIM >>> sign their mai

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread David B Funk
On Fri, 19 May 2017, RW wrote: On Fri, 19 May 2017 14:13:22 -0500 (CDT) David B Funk wrote: ne. My read on this is that "@ena.com" is living dangerously. They publish SPF records and DMARC records (with p=reject) but do NOT DKIM sign their mail. Most of them pass DKIM, a minority aren't sig

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread David Jones
>From: RW   >On Fri, 19 May 2017 14:13:22 -0500 (CDT) >David B Funk wrote: >ne.  >> >> My read on this is that "@ena.com" is living dangerously. They >> publish SPF records and DMARC records (with p=reject) but do NOT DKIM >> sign their mail. >Most of them pass DKIM, a minority aren't signe

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread RW
On Fri, 19 May 2017 14:13:22 -0500 (CDT) David B Funk wrote: ne. > > My read on this is that "@ena.com" is living dangerously. They > publish SPF records and DMARC records (with p=reject) but do NOT DKIM > sign their mail. Most of them pass DKIM, a minority aren't signed.

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread David B Funk
On Fri, 19 May 2017, Dianne Skoll wrote: Hi, Tons of list traffic keeps getting quarantined because of DMARC. For example, a recent message from David Jones : DMARC policy for domain ena.com suggests Rejection as DMARC_POLICY_REJECT, but quarantined due to rule settings $ host -t txt _dmarc.

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Dianne Skoll
On Fri, 19 May 2017 12:00:29 -0700 Alan Hodgson wrote: > This is actually one of the few mailing lists that a DMARC p=reject > domain can send anything to. Assuming they DKIM-sign their mail, of > course. Yep. > I would argue that setting a DMARC p=reject policy without working > DKIM is fundam

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Alan Hodgson
On Friday 19 May 2017 14:47:56 Dianne Skoll wrote: > On Fri, 19 May 2017 20:43:39 +0200 > > Benny Pedersen wrote: > > some maillists break DKIM, forkus on that first, not last ! > > Thank you for not adding any value to the conversation. The > domain in question is not using DKIM. > This is a

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Benny Pedersen
Dianne Skoll skrev den 2017-05-19 20:47: Thank you for not adding any value to the conversation. The domain in question is not using DKIM. okay, my fault then, but this is not a error if not using reject, but it is if dmarc policy is reject hope its clear now

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Benny Pedersen
David Jones skrev den 2017-05-19 20:38: so let me open a Jira ticket to see if we need to get that setting enabled. Authentication-Results: linode.junc.eu; dmarc=fail (p=reject dis=none) header.from=ena.com Authentication-Results: linode.junc.eu; dkim=none; dkim-atps=neutral where is the dk

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Dianne Skoll
On Fri, 19 May 2017 20:43:39 +0200 Benny Pedersen wrote: > some maillists break DKIM, forkus on that first, not last ! Thank you for not adding any value to the conversation. The domain in question is not using DKIM. Regards, Dianne.

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread Benny Pedersen
Dianne Skoll skrev den 2017-05-19 20:30: I'm pretty sure Mailman can do DMARC-munging. Can ezmlm do the equivalent of Mailman's "ALLOW_FROM_IS_LIST" feature? some maillists break DKIM, forkus on that first, not last ! if you get this message here with DMARC fail, blame the maillist break D

Re: Somewhat OT: DMARC and this list

2017-05-19 Thread David Jones
>From: Dianne Skoll   >Tons of list traffic keeps getting quarantined because of DMARC.  For >example, a recent message from David Jones : >DMARC policy for domain ena.com suggests Rejection as >DMARC_POLICY_REJECT, but quarantined due to rule settings >$ host -t txt _dmarc.ena.com >_dmarc.en

Somewhat OT: DMARC and this list

2017-05-19 Thread Dianne Skoll
Hi, Tons of list traffic keeps getting quarantined because of DMARC. For example, a recent message from David Jones : DMARC policy for domain ena.com suggests Rejection as DMARC_POLICY_REJECT, but quarantined due to rule settings $ host -t txt _dmarc.ena.com _dmarc.ena.com descriptive text "v=D