8 May
2023
8 May
'23
8:20 a.m.
For many years I've run a poor-man's mailing list through /etc/aliases
on my VPS. Before you start breaking out the flaming torches and
pitchforks, it's very limited in scope; it forwards only within my
immediate household, albeit to mailboxes hosted by gmail and hotmail.
I've just learned that some mails to this alias are being quarantined or
bounced at their ultimate destinations. They're passing SPF (because
envelope-from is postmaster@ my vps) but failing DMARC (the external
From address isn't being rewritten). When the sender has full DMARC
enabled, we lose.
Drat.
My VPS is running Debian with exim4.
I think I might like to rewrite "From: foo(a)bar.baz" to something like
"From: postmaster+foo_bar.baz(a)my.domain" in order to satisfy DMARC, but
only when forwarding via this particular alias. I'm not readily figuring
out how to do this, and am leery to tangle with Exim's rewrite rules anyway.
Would anybody care to venture whether this is possible? a good/bad idea?
alternative solutions? I am looking for a least hassle, least
maintenance answer, ideally at little or no additional cost (hence
/etc/aliases has served well for a long time). On a unicorn, naturally :-)
(No I don't run mailman - I used to but I found it rather tiresome to
set up, feed and water.)
Thanks
Ross
8 May
8 May
8:47 a.m.
I think SRS might be what you want here.
It does the mangling and untangling of addresses so you can dkim sign them with your
domain.
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_srs_a…
John
10:05 a.m.
John said:
I think SRS might be what you want here.
It does the mangling and untangling of addresses so you can dkim sign them
with your domain.
It does, but unless I have been doing it wrong, it's stopped being enough
for certain domains as far as webmail providers like Gmail are concerned.
Using aliases - via Postfix in my case - is how I have done 'send incoming
mail to this address to these addresses' for ages, but when Gmail got
really fussy for domains that specify they really care about their origin,
I have had to switch to the Gmail accounts getting email from the server
via POP3.
Ian
10:43 a.m.
Hi Ross,
On Mon, May 08, 2023 at 08:20:09PM +1200, Ross Younger via BitFolk Users wrote:
I've just learned that some mails to this alias
are being quarantined or
bounced at their ultimate destinations. They're passing SPF (because
envelope-from is postmaster@ my vps) but failing DMARC (the external From
address isn't being rewritten). When the sender has full DMARC enabled, we
lose.
Are you sure they are failing DMARC? DMARC requires *either* SPF
*or* DKIM *or* both. So by having passing SPF your mails should also
pass DMARC.
However, I have seen recipients that reject mails that fail DKIM.
Even though that behaviour is not RFC compliant.
I think I might like to rewrite "From:
foo(a)bar.baz" to something like "From:
postmaster+foo_bar.baz(a)my.domain" in order to satisfy DMARC, but only when
forwarding via this particular alias. I'm not readily figuring out how to do
this, and am leery to tangle with Exim's rewrite rules anyway.
Have you got as far as using SRS? SRS is how you're supposed to do
this sort of thing. I must confess I've never tried. This guide
looks useful:
https://www.kolmann.at/2015/12/add-srs-to-exim-in-debian-without-recompile/
(No I don't run mailman - I used to but I found it
rather tiresome to set
up, feed and water.)
Yeah, mailman 3 is really complex now.
It can actually be easier to run local IMAP mailboxes and have
Hotmail/gmail/etc poll for them.
Which is all very convenient for Hotmail/gmail/etc.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
11:50 a.m.
On Mon, May 08, 2023 at 10:43:20AM +0000, Andy Smith via BitFolk Users wrote:
It can actually be easier to run local IMAP mailboxes
and have
Hotmail/gmail/etc poll for them.
Another reason to not forward email any more is if you receive spam.
Very few people have 100% perfect spam filters. If you receive spam
at you(a)example.com and then forward that to your gmail at
joe.bloggs(a)gmail.com, gmail will consider your forwarding host to be
the source of the spam and negatively affect your reputation for all
other email. Regardless of whether you rewrite the envelope sender
or not.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
12:34 p.m.
On this note, I've been thinking for some time of running a mail server
expressly for catching *(a)subdomain.sprig.gs which can then be handled as a
single IMAP mailbox by GMail (my current mail provider for @sprig.gs)
Does anyone know if there's a simple SMTP and IMAP server that I can use
that won't require an awful lot of upkeep? Ideally something in a docker
container too.
--
Jon "The Nice Guy" Spriggs
@jontheniceguy everywhere...
https://jon.sprig.gs
On Mon, 8 May 2023 at 12:50, Andy Smith via BitFolk Users <
users(a)mailman.bitfolk.com> wrote:
On Mon, May 08, 2023 at 10:43:20AM +0000, Andy Smith
via BitFolk Users
wrote:
or send an email to
<users-leave(a)mailman.bitfolk.com>
It can actually be easier to run local IMAP
mailboxes and have
Hotmail/gmail/etc poll for them.
Another reason to not forward email any more is if you receive spam.
Very few people have 100% perfect spam filters. If you receive spam
at you(a)example.com and then forward that to your gmail at
joe.bloggs(a)gmail.com, gmail will consider your forwarding host to be
the source of the spam and negatively affect your reputation for all
other email. Regardless of whether you rewrite the envelope sender
or not.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
BitFolk Users mailing list <users(a)mailman.bitfolk.com>
You're subscribed as <jon(a)sprig.gs>
Unsubscribe: <
https://mailman.bitfolk.com/mailman/postorius/lists/users.mailman.bitfolk.c…
593
days inactive
593
days old
5 comments
5 participants
participants (5)
-
Andy Smith -
Ian -
John -
Jon Spriggs -
Ross Younger