Robert Millan | 1 Aug 17:08 2006

Re: 551 redirection


Btw, Exim 4.63 just been released with this feature.

On Thu, Jul 20, 2006 at 08:18:18AM +0200, Robert Millan wrote:
> 
> Another approach at solving the forwarding problem is using standard 551 code,
> which eventualy (let's hope) every MTA will be able to interpret and act
> accordingly without generating a bounce:
> 
>   551: User not local; please try <foo <at> bar.org>
> 
> There's a plugin for qpsmtpd (in their wiki) to activate this via ~/.redirect.
> The next version of Exim (4.63) will have support for generating this code by
> prepending the error message with "551 ".
> 
> For example, in /etc/aliases:
> 
>   foo:       :fail: 551 User not local; please try <foo <at> bar.org>
> 
> Or, if you want to enable it via user dotfiles:
> 
>   dot_redirect:
>     driver = redirect
>     check_local_user
>     require_files = $home/.redirect
>     verify_only
>     allow_fail
>     data = :fail: 551 User not local; please try <${readfile{$home/.redirect}{}}>
>     condition = ${if !exists {$home/.forward}}
> 
(Continue reading)

Robert Millan | 1 Aug 17:16 2006

SPF in Debian (Exim)


Hi,

SPF support just got into Debian Exim4 package (exim is debian's default MTA).

There's a template for using external calls to spfquery in the default config,
that may be enabled by setting the CHECK_RCPT_SPF macro.

From: http://lists.debian.org/debian-devel-changes/2006/07/msg02898.html

   * SPF support: (rm) Closes: #290464
     * Add (disabled) template to check SPF in 30_exim4-config_check_rcpt.
     * Add libmail-spf-query-perl (>= 1.999-1) to Suggests.
     * Rewrite Q/A about SPF from README.Debian.
     * Add a small note to exim4-config.NEWS.

I'll be maintaining this template blurb.  Please, let me know if you find bugs
in it.  Also, please check the documented FAQ in README.Debian before asking for
new features (such as builtin libspf support).

--

-- 
Robert Millan

My spam trap is honeypot <at> aybabtu.com.  Note: this address is only intended for
spam harvesters.  Writing to it will get you added to my black list.

spf-discuss | 6 Aug 05:00 2006

SPF Mail Summary Report

                    iMail News Gateway Server v3.1                    
          (c) Copyright 1996-2005 Santronics Software, Inc.           

                        Mail Forum Statistics                         
                Date Range : 29 Jul 2006 - 05 Aug 2006
                Report Date: 05 Aug 2006

----------------------------------------------------------------------
Total Summary:
----------------------------------------------------------------------

Total Forums          : 2
Total Messages        : 59
Total Participants    : 25
Total Vendor Postings : 0
Total Mail/No Replies : 13  (22%)
          6+ Days Old : 2    4+ Days Old: 6
          2+ Days Old : 3    1 Day Old  : 2
Busiest Posting Hour  : 7am  (9 msgs)
Busiest Posting Day   : Monday  (27 msgs)

+-[ Hourly Posting Pattern ]----------------------+
|               *   *                             |
|               *   *                             |
|               *   *                             |
|               *   *                             |
|               * * *                             |
|               * * *           * *               |
|             * * * *           * *               |
|             * * * *           * *           *   |
(Continue reading)

Daquino | 6 Aug 04:58 2006
Picon

Re: SPF Mail Summary Report

Hello. I am away on vacation but your message will be forwarded to others for review. This will be the only
automated message you will receive from me until I return. Thank you.

Derrick Aquino, Systems Administrator
Millennia Internet Corp. (attach.net) - 410-527-3333
Millennia Consulting & Systems, Inc. - 410-527-1115

Robert Millan | 6 Aug 12:02 2006

Re: Rejecting "Best-Guess" failures

On Thu, Jul 20, 2006 at 04:29:01PM -0400, Scott Kitterman wrote:
> 
> If mean that he tests an inbound message for three things:
> 
> 1.  Does the client IP have a reverse DNS PTR record?
> 2.  Does it use a legit (FQDN) HELO name?
> 3.  Does the mail from of the message Pass SPF?
> 
> Any one of those is enough to save the message from outright rejection.  

After having some trouble with my current ruleset (solely based on best-guess
+ RHSBL) and false positives, I decided to switch to this "three strike" rule,
with the following extension:

  - If one of them passes, then it'll have to pass RHSBL with the resulting
    FQDN as well.

  - If none of them passes, then it'll face DNSBL with the IP (including
    blacklists of dynamic IP blocks).  I think at this point it'd fair to use
    such measure.

Does anyone have some advice/conffile to setup this on Exim?

--

-- 
Robert Millan

My spam trap is honeypot <at> aybabtu.com.  Note: this address is only intended for
spam harvesters.  Writing to it will get you added to my black list.

(Continue reading)

Hector Santos | 6 Aug 14:08 2006

Re: spf checks at MTA useless because of neutral records


----- Original Message ----- 
From: "Stuart D. Gathman" <stuart <at> bmsi.com>

> I am experimenting with a new reputation system (gossip) 
> that tracks on domain for SPF pass, but IP otherwise.

Is this your own project? 

I am ready to join and help fund the creation of a new reputation system.

--

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com

Julian Mehnle | 6 Aug 14:16 2006
Picon

Summary of the policy discussion on the ietf-dkim list?


Hi everybody,

I know that some of the spf-discuss regulars have been participating in the 
policy discussion on the ietf-dkim mailing list.  Unfortunately that 
debate has brought up >500 messages in the past 10 days and as a result, I 
(and probably many others) haven't had the time to follow the debate.

Could someone who has been following all or most of it please summarize the 
ietf-dkim policy discussion here?  What are the main points of contention, 
the main points of agreement, and what is the current status and direction 
of the discussion?

I'd be very, very grateful for such a semi-detailed summary!

Julian.

Julian Mehnle | 6 Aug 14:35 2006
Picon

Re: spf checks at MTA useless because of neutral records


Hector Santos wrote:
> Stuart D. Gathman wrote:
> > I am experimenting with a new reputation system (gossip) that tracks on
> > domain for SPF pass, but IP otherwise. 
>
> Is this your own project?

I think he's talking about this:

  http://gossip-project.sourceforge.net

Frank Ellermann | 6 Aug 16:31 2006
Picon
Picon

Re: Summary of the policy discussion on the ietf-dkim list?

Julian Mehnle wrote:

> What are the main points of contention, the main points of
> agreement, and what is the current status and direction
> of the discussion?

Apparently there's consensus that anything that's irrelevant
for receivers is completely irrelevant.

Hector published a draft resulting in about 10 possible signing
policies.  The bulk of it because he gets 3 "I sign" variants
(always/sometimes/never) times 3 "others sign" variants.  

A more (IMO too) minimalistic approach is apparently "I never
sign" and "I always sign".  

Unrelated to these issues Phil is more interested in questions
of _how_ folks sign (which algorithm), and what they can do if
they wish to use a new or exoctic algorithm.  Issues include
downgrade attacks.

The super wildcard stuff is discussed on DNSEXT, where somebody
claimed that he already uses PTR for a different purpose.  That
resulted in some flames and a PPTR and after that it was quiet.

A minority (apparently) thinks that SSP is at best experimental
if it's not completely pointless.  Maybe the WG Chairs picked a
draft editor who isn't very interested in the topic (unclear).

Doug still has it clear that 2822-From is not necessarily the
(Continue reading)

Scott Kitterman | 6 Aug 15:51 2006

Re: Summary of the policy discussion on the ietf-dkim list?

On Sun, 6 Aug 2006 12:16:32 +0000 Julian Mehnle <julian <at> mehnle.net> wrote:

>Hi everybody,
>
>I know that some of the spf-discuss regulars have been participating in 
the 
>policy discussion on the ietf-dkim mailing list.  Unfortunately that 
>debate has brought up >500 messages in the past 10 days and as a result, I 
>(and probably many others) haven't had the time to follow the debate.
>
>Could someone who has been following all or most of it please summarize 
the 
>ietf-dkim policy discussion here?  What are the main points of contention, 
>the main points of agreement, and what is the current status and direction 
>of the discussion?
>
>I'd be very, very grateful for such a semi-detailed summary!
>
From the begining, there has been a segment that was against the very idea 
of any kind of policy protocol.

What's going on now is a debate over policy requirements.  I expect that 
the requirements document that is about to be published is going to have a 
scope similar to the pre-working group SSP draft, but with the likely 
addition of the ability for a domain to publish a list of authorized 
signers.

Until the requirements document is published, it's all just debate.  Anyone 
who wants to join in at this poit should probably wait until the 
requirements draft is published and start from there.  It's expected 
(Continue reading)


Gmane