Gmail spam filtering super-aggressive lately
I've had a lot of trouble in the last few months with Gmail's spam filtering having become super-aggressive, but tonight we have a live case worthy of analysis. In the thread "Opinions on Fedora Server" initiated by Alberto Abrao <alberto@abrao.net>, *both* of Alberto's postings went to my Gmail spam, while Trevor Cordes's posting came through fine. A detail on my use of Gmail: I use it as infrastructure for my own e-mail addresses @marityme.net. Incoming e-mails to @marityme.net are forwarded into my Gmail address from somewhere else, and outgoing e-mails from @ marityme.net are sent from Gmail where I set up these addresses as valid "from" addresses. Yeah, I suspect the trouble is somewhere in Gmail's new expectations re TXT SPF, DKIM, DomainKeys, and such. Hartmut W Sager - Tel +1-204-339-8331
On 2020-03-25 Hartmut W Sager wrote:
I've had a lot of trouble in the last few months with Gmail's spam filtering having become super-aggressive, but tonight we have a live case worthy of analysis. In the thread "Opinions on Fedora Server" initiated by Alberto Abrao <alberto@abrao.net>, *both* of Alberto's postings went to my Gmail spam, while Trevor Cordes's posting came through fine.
Gmail is a big pain in the ... from a mail admin's perspective. They do what they want. They're like the borg... trying to complain to them gets you the same result. I know a lot of MUUGers are using gmail for their own domains. They often get muug emails (especially from me) blocked or hidden in spam boxes. Hidden isn't so bad, but outright blocked is darn evil. For the uber-MUUGers, I still maintain that running your own MTA is a better choice. MTS makes it darn hard, but Shaw is doable even on res accounts if you get an outside smarthost for sending on another port (like 26) (or even use Shaw's on p25) -- they only block outgoing port 25, not incoming. Don't feed the borg. They read and datamine all of your emails.
Yeah, I suspect the trouble is somewhere in Gmail's new expectations re TXT SPF, DKIM, DomainKeys, and such.
For Alberto's email, in gmail's web interface (or maybe even just in the textual headers if you use another MUA) you can dig down to the headers and they'll tell you precisely if spf and dk verified or not. Yes, gmail and hotmail and yahoo now make it pretty much required you have at least one of those technologies running (and one is usually good enough). If you check Alberto's, maybe you can let him know which ones he might be missing. Looks like Alberto is using a Shaw business setup and has proper dns and rdns working, and seems to run his own MTA. Looks like a good setup Alberto! Good luck!
My ISP is Shaw res, with 3 IP addresses. I don't like feeding borgs either, but Gmail has two things I would miss: 1. Labels, which are superior to (and a true superset of) folders. I have made extensive use of multi-categorizing many of my e-mails into multiple labels. (No, copies into additional folders don't cut it.) I really wish that a newer IMAP standard would come out to fully accommodate labels, and that labels would get broad adoption in the e-mail world. 2. Easy e-mail sync across my devices - laptop/desktop, Android phone/tablet, etc. As for Gmail's datamining, sure, I know the big boys all do that, but I haven't got much to hide. And I have never knowingly been sold anything due to such datamining either - I'm just not a significant consumer - nor have I been receiving any identifiably targetted ads due to datamining. So, I'm fine with the trade-off for the above Gmail advantages, knowing that if I ever change my mind, I can go elsewhere with the @mydomain addresses without updating anyone in the world. Hartmut W Sager - Tel +1-204-339-8331 On Wed, 25 Mar 2020 at 01:30, Trevor Cordes <trevor@tecnopolis.ca> wrote:
On 2020-03-25 Hartmut W Sager wrote:
I've had a lot of trouble in the last few months with Gmail's spam filtering having become super-aggressive, but tonight we have a live case worthy of analysis. In the thread "Opinions on Fedora Server" initiated by Alberto Abrao <alberto@abrao.net>, *both* of Alberto's postings went to my Gmail spam, while Trevor Cordes's posting came through fine.
Gmail is a big pain in the ... from a mail admin's perspective. They do what they want. They're like the borg... trying to complain to them gets you the same result.
I know a lot of MUUGers are using gmail for their own domains. They often get muug emails (especially from me) blocked or hidden in spam boxes. Hidden isn't so bad, but outright blocked is darn evil.
For the uber-MUUGers, I still maintain that running your own MTA is a better choice. MTS makes it darn hard, but Shaw is doable even on res accounts if you get an outside smarthost for sending on another port (like 26) (or even use Shaw's on p25) -- they only block outgoing port 25, not incoming.
Don't feed the borg. They read and datamine all of your emails.
Yeah, I suspect the trouble is somewhere in Gmail's new expectations re TXT SPF, DKIM, DomainKeys, and such.
For Alberto's email, in gmail's web interface (or maybe even just in the textual headers if you use another MUA) you can dig down to the headers and they'll tell you precisely if spf and dk verified or not. Yes, gmail and hotmail and yahoo now make it pretty much required you have at least one of those technologies running (and one is usually good enough). If you check Alberto's, maybe you can let him know which ones he might be missing. Looks like Alberto is using a Shaw business setup and has proper dns and rdns working, and seems to run his own MTA. Looks like a good setup Alberto!
Good luck!
On 2020-03-25 Hartmut W Sager wrote:
I don't like feeding borgs either, but Gmail has two things I would miss: 1. Labels, which are superior to (and a true superset of) folders. I have made extensive use of multi-categorizing many of my e-mails into multiple labels. (No, copies into additional folders don't cut it.) I really wish that a newer IMAP standard would come out to fully accommodate labels, and that labels would get broad adoption in the e-mail world.
Yes, that would be a useful feature! The IMAP standard is remarkably stagnant. I wonder if it's not on purpose by the "big guys" :-) I would also like to see a way for IMAP to handle a post-processor adding headers to an email already in the local IMAP data store. Heck, I could probably use labels for the same purpose, as it amounts to the same thing: adding data/metadata after the fact. I'll implement it if someone can get the RFC red-tape stuff done! :-)
2. Easy e-mail sync across my devices - laptop/desktop, Android phone/tablet, etc.
IMAP already has that. It just works. Not sure why it wasn't working for you?
Gmail advantages, knowing that if I ever change my mind, I can go elsewhere with the @mydomain addresses without updating anyone in the world.
Yes, that is key... as the want-to-hack-shaw-email plea for help demonstrates. Always have your own domain! My main beef with gmail, besides the privacy issue, is the fact that the bigger these guys get, the more they dictate life for everyone, reducing the entire internet's freedom. There are 2-3 big companies that are basically taking over behind the scenes restricting freedom and completely undoing the spirit the 'net was created on: it used to be much more a peer thing rather and a giant-dominated thing. In my perfect world every endpoint/user would have their own web server and MTA, etc.
2. Easy e-mail sync across my devices - laptop/desktop, Android phone/tablet, etc.
IMAP already has that. It just works. Not sure why it wasn't working for you?
Oh, I never said it wasn't working for me. I never did it because it is folders, not labels, as per the rest of this discussion. I'm really hooked on labels.
I would also like to see a way for IMAP to handle a post-processor adding headers to an email already in the local IMAP data store.
Yes! Something similar and/or related has been in discussions between me and others too.
Heck, I could probably use labels for the same purpose, as it amounts to the same thing: adding data/metadata after the fact.
Yes, there is some mathematical equivalence here. Say, Trevor, one unrelated peculiarity. On this reply to your MUUG RoundTable posting, just like on my initial reply last night, my "to" (and "cc") field only had your personal e-mail address, not the MUUG RoundTable address. This time I caught it before "send" and manually added the MUUG RoundTable address. Are you doing something unusual in your e-mail, like a jinxed "reply-to"? Hartmut W Sager - Tel +1-204-339-8331 On Wed, 25 Mar 2020 at 02:58, Trevor Cordes <trevor@tecnopolis.ca> wrote:
Hi folks, I received a call from one of our fine MUUG friends in regards to my mail server. With the caveat that I am nowhere near an expert, I am happy to share my knowledge. I'll give a brief description of what I have below: Nextcloud 18 integrated with e-mail (Postfix / Dovecot / Rspamd): - File syncing/sharing capabilities of Nextcloud. It works like Dropbox used to back in the early 2010s. It has a lot of functionality, but also no frills and simple. - E-mail functionality is tied to Nextcloud, so users can log in to NC and get their files, e-mails, calendar, tasks and so on. Lots of addons available as well! - E-mail/Calendar/Tasks/Contacts can also be set up on PCs using an e-mail client (I use Thunderbird) and phones (I use Android). Should work on Outlook/Apple as well. - Nextcloud Talk for instant messaging, Notes for... well... notes. - What it requires for hardware depends on the number of users, but as someone who has most of its computing equipment straight out of the recycle pile, I can tell you it does not need anything fancy. The only thing that's out of the ordinary is that you'll need a static IP and a business internet package (because of the whole Port 25 blocking thing we discussed here a while ago). I got a nice deal with Shaw, and I am overall happy with it. I was able to order a business plan as myself without issues. If anyone else here wants to have a chat about that, let me know so we can all talk about it together. Our tentative time would be tomorrow around 7PM. I asked him to call me, but if anyone else wants to participate we can find a way to work it out so we can all talk! Kind regards, -- Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net
And this, too, went to my Gmail spam. Alberto, Gmail reeeaaally really doesn't like you. :) Hartmut W Sager - Tel +1-204-339-8331 On Wed, 25 Mar 2020 at 16:52, Alberto Abrao <alberto@abrao.net> wrote:
Hi folks,
I received a call from one of our fine MUUG friends in regards to my mail server.
With the caveat that I am nowhere near an expert, I am happy to share my knowledge.
I'll give a brief description of what I have below:
[... deleted ...]
I feel... flattered? LOL. I have no issues sending e-mail directly to gmail.com It leads me to believe it's something related to the fact a mailing list is, by definition, relaying messages sent by its members. This link seems relevant: https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html I attached another report as well. Kind regards, Alberto Abrao 204-202-1778 204-558-6886 On 2020-03-25 8:30 p.m., Hartmut W Sager wrote:
And this, too, went to my Gmail spam. Alberto, Gmail reeeaaally really doesn't like you. :)
Hartmut W Sager - Tel +1-204-339-8331
On Wed, 25 Mar 2020 at 16:52, Alberto Abrao <alberto@abrao.net <mailto:alberto@abrao.net>> wrote:
Hi folks,
I received a call from one of our fine MUUG friends in regards to my mail server.
With the caveat that I am nowhere near an expert, I am happy to share my knowledge.
I'll give a brief description of what I have below:
[... deleted ...]
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On 2020-03-25 Hartmut W Sager wrote:
Say, Trevor, one unrelated peculiarity. On this reply to your MUUG RoundTable posting, just like on my initial reply last night, my "to" (and "cc") field only had your personal e-mail address, not the MUUG RoundTable address. This time I caught it before "send" and manually added the MUUG RoundTable address. Are you doing something unusual in your e-mail, like a jinxed "reply-to"?
The MUUG mailing list program, Mailman, is mostly responsible for those headers and whether reply-to goes to sender or list. It's a configurable option for us admins. However, just like you saw, I find that sometimes Mailman does weird things and sometimes just hitting reply will go to list and sometimes just to sender. I haven't seen much rhyme or reason for that yet. Most MUAs (like what I use, clawsmail) has a separate reply-all and reply-sender buttons and I try to use those exclusively for muug list replies so I know precisely who it's going to without having to double-check the headers. Maybe others more familiar with this header/mailman behavior can offer some guesses as to why mailman sometimes gets it right, and sometimes wrong.
Hi Hartmut, When I was admining the Muug mailamn list I had the list set to the way it is now. It is the Mailman default. The goal is to save personnal emails to the sender from flooding the list. We did change it to make the default reply-to-the-list since we had similar complaints as yours. I guess at some point Mailman was changed back to the default. For small lists it does make it more conversational. -- Bill On 2020-03-25 5:47 p.m., Trevor Cordes wrote:
On 2020-03-25 Hartmut W Sager wrote:
Say, Trevor, one unrelated peculiarity. On this reply to your MUUG RoundTable posting, just like on my initial reply last night, my "to" (and "cc") field only had your personal e-mail address, not the MUUG RoundTable address. This time I caught it before "send" and manually added the MUUG RoundTable address. Are you doing something unusual in your e-mail, like a jinxed "reply-to"?
The MUUG mailing list program, Mailman, is mostly responsible for those headers and whether reply-to goes to sender or list. It's a configurable option for us admins. However, just like you saw, I find that sometimes Mailman does weird things and sometimes just hitting reply will go to list and sometimes just to sender. I haven't seen much rhyme or reason for that yet.
Most MUAs (like what I use, clawsmail) has a separate reply-all and reply-sender buttons and I try to use those exclusively for muug list replies so I know precisely who it's going to without having to double-check the headers.
Maybe others more familiar with this header/mailman behavior can offer some guesses as to why mailman sometimes gets it right, and sometimes wrong. _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Oh, I see why the mailing lists sometimes default to replying to the list and sometimes to the sender... if I'm in the To:/Cc: explicitly then when I hit reply it goes just to the sender. If I'm not, it goes to the list. Ah: because the ones explicitly to me are not even going through mailman (even though mailman is on the Cc:). I think there's a setting in each subscriber's mailman to also (or not) send a copy when you're already on the Cc:. A bit frustrating as there's no good solution. If I tell mailman to send me a copy too, then I'll always get 2 copies. And I can't tell the origin mail server not to send me that other copy... Unless someone can think of something I haven't, looks like using reply-to-all or reply-to-sender explicitly each time, and never using just "reply", is the only way to ensure the MUA is doing what I want. Or... I guess if everyone refrains from ever letting any individual person's email address get into the To:'s and Cc:'s that mailman sees... good luck with that!
If I tell mailman to send me a copy too, then I'll always get 2 copies.
Except if you're using Gmail as your infrastructure (like I am). Gmail only posts the message once when it recognizes the unique Message-ID as duplicated, even if the multiple messages come into "To" and/or "cc" via different target e-mail addresses (which is often my case). I hate to make Gmail look good, especially when I started this "bash Gmail" thread, but hey, they do a few things right. (Like labels!) Hartmut W Sager - Tel +1-204-339-8331 On Mon, 30 Mar 2020 at 23:18, Trevor Cordes <trevor@tecnopolis.ca> wrote:
Oh, I see why the mailing lists sometimes default to replying to the list and sometimes to the sender... if I'm in the To:/Cc: explicitly then when I hit reply it goes just to the sender. If I'm not, it goes to the list. Ah: because the ones explicitly to me are not even going through mailman (even though mailman is on the Cc:). I think there's a setting in each subscriber's mailman to also (or not) send a copy when you're already on the Cc:.
A bit frustrating as there's no good solution. If I tell mailman to send me a copy too, then I'll always get 2 copies. And I can't tell the origin mail server not to send me that other copy... Unless someone can think of something I haven't, looks like using reply-to-all or reply-to-sender explicitly each time, and never using just "reply", is the only way to ensure the MUA is doing what I want.
Or... I guess if everyone refrains from ever letting any individual person's email address get into the To:'s and Cc:'s that mailman sees... good luck with that! _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Oh, and all 4 of Alberto's postings of the last 18 hours "reliably" went to my Gmail spam. :( Hartmut W Sager - Tel +1-204-339-8331 On Tue, 31 Mar 2020 at 00:55, Hartmut W Sager <hwsager@marityme.net> wrote:
If I tell mailman to send me a copy too, then I'll always get 2 copies.
Except if you're using Gmail as your infrastructure (like I am). Gmail only posts the message once when it recognizes the unique Message-ID as duplicated, even if the multiple messages come into "To" and/or "cc" via different target e-mail addresses (which is often my case).
I hate to make Gmail look good, especially when I started this "bash Gmail" thread, but hey, they do a few things right. (Like labels!)
Hartmut W Sager - Tel +1-204-339-8331
On Mon, 30 Mar 2020 at 23:18, Trevor Cordes <trevor@tecnopolis.ca> wrote:
Oh, I see why the mailing lists sometimes default to replying to the list and sometimes to the sender... if I'm in the To:/Cc: explicitly then when I hit reply it goes just to the sender. If I'm not, it goes to the list. Ah: because the ones explicitly to me are not even going through mailman (even though mailman is on the Cc:). I think there's a setting in each subscriber's mailman to also (or not) send a copy when you're already on the Cc:.
A bit frustrating as there's no good solution. If I tell mailman to send me a copy too, then I'll always get 2 copies. And I can't tell the origin mail server not to send me that other copy... Unless someone can think of something I haven't, looks like using reply-to-all or reply-to-sender explicitly each time, and never using just "reply", is the only way to ensure the MUA is doing what I want.
Or... I guess if everyone refrains from ever letting any individual person's email address get into the To:'s and Cc:'s that mailman sees... good luck with that! _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
All of my spam-flagged messages from yesterday (by gmail) were from Alberto. Seems like DKIM / DMARC are broken for that abrao.net? It says "body hash did not verify" but the TXT records appear to be valid. I can't check to see if the MTA setting is in sync with the DNS setting though. Delivered-To: scott@100percenthelpdesk.com Received: by 2002:aca:afcd:0:0:0:0:0 with SMTP id y196csp3384571oie; Mon, 30 Mar 2020 22:34:07 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuiyzDwRpJrzhLhiV5URaWa3Oobj0hTvE81swYwSfFbPkrqL9kKUdZnqetPeeY+mHVffE+3 X-Received: by 2002:a02:9a18:: with SMTP id b24mr14693132jal.110.1585632847649; Mon, 30 Mar 2020 22:34:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585632847; cv=none; d=google.com; s=arc-20160816; b=Zado7q0sScF+5IU1dqiC9EFpVoV72uP6cb/IueHD1Fc4xa4cm7s4Bh8pyFHIedm2aX mSMQy2u4baxl0kxYwWpR1am1R73wD+th/aBJpPHbTDNeoBLy9T6qI2VtYSX/q/Ks8idn js8lhiywS08NbQEkEUrmcMMqNnGe8Xt8QLQA9ssgStByut2ry5khajvphjbNaZGyScq0 ijHdvZ0qxbc0lnKirypHSyY/Z48uqUJ2jKPu8pWxvrgNQtI27aQuWPogdHILYygGlU9r CKln0BJ+P1V9KA+gcmzH06ah9I5gVis1LWsMqOgMJwpLGCGwJbzw8BCwfI/mjqA6VXTC SJWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:content-language:in-reply-to:mime-version:date :message-id:references:to:from:dkim-signature; bh=oidrPMRbCLmiRjW63AagbwfVKumSw9oODcPZ+bJRVDY=; b=E4L7LPClJUlZQ5EC9adhbUbRsIwwFBsa2aNxtcXwk6P+KYQvDRNPI1IGNG7lfqEoTg oZITXenF3j2l9EO4bN4GEFTRu6uHHyzYSD3lxj515+N5YdyNYq4uvKFcB32kDoMY8d6t AU+KAqPk/tD9ckdfAzBMBI3bFm0ORxrEWDjfwSdRXzi2/GqtwIjjqWs1uQVn6YUGNWwC y/Poq200sqKioAVBD6CyImVqRlpu0hdawl4ep90hCGXkiUh6Cxn49Kh2RbJPNlbY2AUH +vfwBO2U+ALv3hPsmtlh9RiJrYybuq2/V9v20hPpfXEDBWpsQa3Mv/WOdxlXvxPhVhWv Nw5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@abrao.net header.s=20200203 header.b=eM3lj8iw; spf=pass (google.com: best guess record for domain of roundtable-bounces@muug.ca designates 2605:e200:3:4::244 as permitted sender) smtp.mailfrom=roundtable-bounces@muug.ca; dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=abrao.net Return-Path: <roundtable-bounces@muug.ca> Received: from muug.ca (muug.ca. [2605:e200:3:4::244]) by mx.google.com with ESMTPS id r76si11367775jac.115.2020.03.30.22.34.07 for <scott@100percenthelpdesk.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2020 22:34:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of roundtable-bounces@muug.ca designates 2605:e200:3:4::244 as permitted sender) client-ip=2605:e200:3:4::244; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@abrao.net header.s=20200203 header.b=eM3lj8iw; spf=pass (google.com: best guess record for domain of roundtable-bounces@muug.ca designates 2605:e200:3:4::244 as permitted sender) smtp.mailfrom=roundtable-bounces@muug.ca; dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=abrao.net Received: from muug.ca (localhost [127.0.0.1]) by muug.ca (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id 02V5Y6ed002196; Tue, 31 Mar 2020 00:34:07 -0500 Received: from mail.abrao.net (abiha.abrao.net [184.67.182.250]) by muug.ca (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id 02V5Y1at001968 for <roundtable@muug.ca>; Tue, 31 Mar 2020 00:34:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=abrao.net; s=20200203; t=1585632836; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c4ZdddDvQqm6pzFiBJQ3rqWRVosL/6OdU+FZ5YcYb/Y=; b=eM3lj8iwWHCR5sdGh7QD7i1h5IpxvjkAAwRzwc0HB2RFX88uTurNAH+bLI4CW/l8BK2NMc g+mOYpQtyLc8uQKd/9A9fL88N+Y2wUYVSo4tRG4p0d3DarP9FkepJDusta2M3Ey5oTE5+b BPYM9I+b/6QHGewGc3pp9zmu7IGWnDvvz0c/v81pofHFSnNTNQ54JyLNF3hPelu67ACa/d sFTWwo9qHoimqdXf1po1dUXb3be3wbKncvkG6yIfuSzAxRxl4Eq0B1dMiQFKLq2o1eePhI ScUQMLCJ3Ma05pma71oGl+vRVwMGZsuu0GfgPIUEqaP2VZZ/pRQs79sddza+Wg== From: Alberto Abrao <alberto@abrao.net> To: Continuation of Round Table discussion <roundtable@muug.ca> References: <a0273605-e22a-fd1d-4b40-9fe5717481bd@abrao.net> <20200330170424.04a129a3@pog.tecnopolis.ca> <168980b5-05bf-0d84-9983-64492c989bf9@abrao.net> <20200330230613.51cdb0f3@pog.tecnopolis.ca> <94e07f2f-f906-cf1b-0743-538fe90edcca@abrao.net> Message-ID: <53d665c5-c798-2fe3-e479-3bdef9c8ee5f@abrao.net> Date: Tue, 31 Mar 2020 00:33:55 -0500 MIME-Version: 1.0 In-Reply-To: <94e07f2f-f906-cf1b-0743-538fe90edcca@abrao.net> Content-Language: en-US X-Greylist: inspected by milter-greylist-4.5.11 (muug.ca [127.0.0.1]); Tue, 31 Mar 2020 00:34:07 -0500 (CDT) for IP:'127.0.0.1' DOMAIN:'localhost' HELO:'muug.ca' FROM:'roundtable-bounces@muug.ca' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.11 (muug.ca [127.0.0.1]); Tue, 31 Mar 2020 00:34:07 -0500 (CDT) X-Greylist: inspected by milter-greylist-4.5.11 (muug.ca [208.81.1.244]); Tue, 31 Mar 2020 00:34:04 -0500 (CDT) for IP:'184.67.182.250' DOMAIN:'abiha.abrao.net' HELO:'mail.abrao.net' FROM:'alberto@abrao.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.11 (muug.ca [208.81.1.244]); Tue, 31 Mar 2020 00:34:04 -0500 (CDT) X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on muug.ca X-Virus-Scanned: clamav-milter 0.102.1 at muug X-Virus-Status: Clean Subject: Re: [RndTbl] Main firewall / router for public facing subnet X-BeenThere: roundtable@muug.ca X-Mailman-Version: 2.1.29 Precedence: list List-Id: Continuation of Round Table discussion <roundtable.muug.ca> List-Unsubscribe: <https://muug.ca/mailman/options/roundtable>, <mailto:roundtable-request@muug.ca?subject=unsubscribe> List-Archive: <http://muug.ca/pipermail/roundtable/> List-Post: <mailto:roundtable@muug.ca> List-Help: <mailto:roundtable-request@muug.ca?subject=help> List-Subscribe: <https://muug.ca/mailman/listinfo/roundtable>, <mailto:roundtable-request@muug.ca?subject=subscribe> Reply-To: Continuation of Round Table discussion <roundtable@muug.ca> Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: roundtable-bounces@muug.ca Sender: Roundtable <roundtable-bounces@muug.ca> On 2020-03-31 12:58 a.m., Hartmut W Sager wrote:
Oh, and all 4 of Alberto's postings of the last 18 hours "reliably" went to my Gmail spam. :(
Hartmut W Sager - Tel +1-204-339-8331
On Tue, 31 Mar 2020 at 00:55, Hartmut W Sager <hwsager@marityme.net <mailto:hwsager@marityme.net>> wrote:
> If I tell mailman to send me a copy too, > then I'll always get 2 copies.
Except if you're using Gmail as your infrastructure (like I am). Gmail only posts the message once when it recognizes the unique Message-ID as duplicated, even if the multiple messages come into "To" and/or "cc" via different target e-mail addresses (which is often my case).
I hate to make Gmail look good, especially when I started this "bash Gmail" thread, but hey, they do a few things right. (Like labels!)
Hartmut W Sager - Tel +1-204-339-8331
On Mon, 30 Mar 2020 at 23:18, Trevor Cordes <trevor@tecnopolis.ca <mailto:trevor@tecnopolis.ca>> wrote:
Oh, I see why the mailing lists sometimes default to replying to the list and sometimes to the sender... if I'm in the To:/Cc: explicitly then when I hit reply it goes just to the sender. If I'm not, it goes to the list. Ah: because the ones explicitly to me are not even going through mailman (even though mailman is on the Cc:). I think there's a setting in each subscriber's mailman to also (or not) send a copy when you're already on the Cc:.
A bit frustrating as there's no good solution. If I tell mailman to send me a copy too, then I'll always get 2 copies. And I can't tell the origin mail server not to send me that other copy... Unless someone can think of something I haven't, looks like using reply-to-all or reply-to-sender explicitly each time, and never using just "reply", is the only way to ensure the MUA is doing what I want.
Or... I guess if everyone refrains from ever letting any individual person's email address get into the To:'s and Cc:'s that mailman sees... good luck with that! _______________________________________________ Roundtable mailing list Roundtable@muug.ca <mailto:Roundtable@muug.ca> https://muug.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Does anyone have any idea of what should I change on my end? That's weird. I am not an expert on mail things, but all tests I've ran so far say it's all good on my end. My intent when I set my email server was to get rid of Zoho, so I skimmed through as much as I could get away with. I'll get back to it and dive in as I eventually do, but for now it would be nice to just fix this already! =D Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net On 2020-03-31 8:52 a.m., Scott Toderash wrote:
All of my spam-flagged messages from yesterday (by gmail) were from Alberto.
Seems like DKIM / DMARC are broken for that abrao.net? It says "body hash did not verify" but the TXT records appear to be valid. I can't check to see if the MTA setting is in sync with the DNS setting though.
Delivered-To: scott@100percenthelpdesk.com Received: by 2002:aca:afcd:0:0:0:0:0 with SMTP id y196csp3384571oie; Mon, 30 Mar 2020 22:34:07 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuiyzDwRpJrzhLhiV5URaWa3Oobj0hTvE81swYwSfFbPkrqL9kKUdZnqetPeeY+mHVffE+3 X-Received: by 2002:a02:9a18:: with SMTP id b24mr14693132jal.110.1585632847649; Mon, 30 Mar 2020 22:34:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585632847; cv=none; d=google.com; s=arc-20160816; b=Zado7q0sScF+5IU1dqiC9EFpVoV72uP6cb/IueHD1Fc4xa4cm7s4Bh8pyFHIedm2aX mSMQy2u4baxl0kxYwWpR1am1R73wD+th/aBJpPHbTDNeoBLy9T6qI2VtYSX/q/Ks8idn js8lhiywS08NbQEkEUrmcMMqNnGe8Xt8QLQA9ssgStByut2ry5khajvphjbNaZGyScq0 ijHdvZ0qxbc0lnKirypHSyY/Z48uqUJ2jKPu8pWxvrgNQtI27aQuWPogdHILYygGlU9r CKln0BJ+P1V9KA+gcmzH06ah9I5gVis1LWsMqOgMJwpLGCGwJbzw8BCwfI/mjqA6VXTC SJWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:content-language:in-reply-to:mime-version:date :message-id:references:to:from:dkim-signature; bh=oidrPMRbCLmiRjW63AagbwfVKumSw9oODcPZ+bJRVDY=; b=E4L7LPClJUlZQ5EC9adhbUbRsIwwFBsa2aNxtcXwk6P+KYQvDRNPI1IGNG7lfqEoTg oZITXenF3j2l9EO4bN4GEFTRu6uHHyzYSD3lxj515+N5YdyNYq4uvKFcB32kDoMY8d6t AU+KAqPk/tD9ckdfAzBMBI3bFm0ORxrEWDjfwSdRXzi2/GqtwIjjqWs1uQVn6YUGNWwC y/Poq200sqKioAVBD6CyImVqRlpu0hdawl4ep90hCGXkiUh6Cxn49Kh2RbJPNlbY2AUH +vfwBO2U+ALv3hPsmtlh9RiJrYybuq2/V9v20hPpfXEDBWpsQa3Mv/WOdxlXvxPhVhWv Nw5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@abrao.net header.s=20200203 header.b=eM3lj8iw; spf=pass (google.com: best guess record for domain of roundtable-bounces@muug.ca designates 2605:e200:3:4::244 as permitted sender) smtp.mailfrom=roundtable-bounces@muug.ca; dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=abrao.net Return-Path: <roundtable-bounces@muug.ca> Received: from muug.ca (muug.ca. [2605:e200:3:4::244]) by mx.google.com with ESMTPS id r76si11367775jac.115.2020.03.30.22.34.07 for <scott@100percenthelpdesk.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2020 22:34:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of roundtable-bounces@muug.ca designates 2605:e200:3:4::244 as permitted sender) client-ip=2605:e200:3:4::244; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@abrao.net header.s=20200203 header.b=eM3lj8iw; spf=pass (google.com: best guess record for domain of roundtable-bounces@muug.ca designates 2605:e200:3:4::244 as permitted sender) smtp.mailfrom=roundtable-bounces@muug.ca; dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=abrao.net Received: from muug.ca (localhost [127.0.0.1]) by muug.ca (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id 02V5Y6ed002196; Tue, 31 Mar 2020 00:34:07 -0500 Received: from mail.abrao.net (abiha.abrao.net [184.67.182.250]) by muug.ca (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTP id 02V5Y1at001968 for <roundtable@muug.ca>; Tue, 31 Mar 2020 00:34:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=abrao.net; s=20200203; t=1585632836; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c4ZdddDvQqm6pzFiBJQ3rqWRVosL/6OdU+FZ5YcYb/Y=; b=eM3lj8iwWHCR5sdGh7QD7i1h5IpxvjkAAwRzwc0HB2RFX88uTurNAH+bLI4CW/l8BK2NMc g+mOYpQtyLc8uQKd/9A9fL88N+Y2wUYVSo4tRG4p0d3DarP9FkepJDusta2M3Ey5oTE5+b BPYM9I+b/6QHGewGc3pp9zmu7IGWnDvvz0c/v81pofHFSnNTNQ54JyLNF3hPelu67ACa/d sFTWwo9qHoimqdXf1po1dUXb3be3wbKncvkG6yIfuSzAxRxl4Eq0B1dMiQFKLq2o1eePhI ScUQMLCJ3Ma05pma71oGl+vRVwMGZsuu0GfgPIUEqaP2VZZ/pRQs79sddza+Wg== From: Alberto Abrao <alberto@abrao.net> To: Continuation of Round Table discussion <roundtable@muug.ca> References: <a0273605-e22a-fd1d-4b40-9fe5717481bd@abrao.net> <20200330170424.04a129a3@pog.tecnopolis.ca> <168980b5-05bf-0d84-9983-64492c989bf9@abrao.net> <20200330230613.51cdb0f3@pog.tecnopolis.ca> <94e07f2f-f906-cf1b-0743-538fe90edcca@abrao.net> Message-ID: <53d665c5-c798-2fe3-e479-3bdef9c8ee5f@abrao.net> Date: Tue, 31 Mar 2020 00:33:55 -0500 MIME-Version: 1.0 In-Reply-To: <94e07f2f-f906-cf1b-0743-538fe90edcca@abrao.net> Content-Language: en-US X-Greylist: inspected by milter-greylist-4.5.11 (muug.ca [127.0.0.1]); Tue, 31 Mar 2020 00:34:07 -0500 (CDT) for IP:'127.0.0.1' DOMAIN:'localhost' HELO:'muug.ca' FROM:'roundtable-bounces@muug.ca' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.11 (muug.ca [127.0.0.1]); Tue, 31 Mar 2020 00:34:07 -0500 (CDT) X-Greylist: inspected by milter-greylist-4.5.11 (muug.ca [208.81.1.244]); Tue, 31 Mar 2020 00:34:04 -0500 (CDT) for IP:'184.67.182.250' DOMAIN:'abiha.abrao.net' HELO:'mail.abrao.net' FROM:'alberto@abrao.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.11 (muug.ca [208.81.1.244]); Tue, 31 Mar 2020 00:34:04 -0500 (CDT) X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on muug.ca X-Virus-Scanned: clamav-milter 0.102.1 at muug X-Virus-Status: Clean Subject: Re: [RndTbl] Main firewall / router for public facing subnet X-BeenThere: roundtable@muug.ca X-Mailman-Version: 2.1.29 Precedence: list List-Id: Continuation of Round Table discussion <roundtable.muug.ca> List-Unsubscribe: <https://muug.ca/mailman/options/roundtable>, <mailto:roundtable-request@muug.ca?subject=unsubscribe> List-Archive: <http://muug.ca/pipermail/roundtable/> List-Post: <mailto:roundtable@muug.ca> List-Help: <mailto:roundtable-request@muug.ca?subject=help> List-Subscribe: <https://muug.ca/mailman/listinfo/roundtable>, <mailto:roundtable-request@muug.ca?subject=subscribe> Reply-To: Continuation of Round Table discussion <roundtable@muug.ca> Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: roundtable-bounces@muug.ca Sender: Roundtable <roundtable-bounces@muug.ca>
On 2020-03-31 12:58 a.m., Hartmut W Sager wrote:
Oh, and all 4 of Alberto's postings of the last 18 hours "reliably" went to my Gmail spam. :(
Hartmut W Sager - Tel +1-204-339-8331
On Tue, 31 Mar 2020 at 00:55, Hartmut W Sager <hwsager@marityme.net <mailto:hwsager@marityme.net>> wrote:
> If I tell mailman to send me a copy too, > then I'll always get 2 copies.
Except if you're using Gmail as your infrastructure (like I am). Gmail only posts the message once when it recognizes the unique Message-ID as duplicated, even if the multiple messages come into "To" and/or "cc" via different target e-mail addresses (which is often my case).
I hate to make Gmail look good, especially when I started this "bash Gmail" thread, but hey, they do a few things right. (Like labels!)
Hartmut W Sager - Tel +1-204-339-8331
On Mon, 30 Mar 2020 at 23:18, Trevor Cordes <trevor@tecnopolis.ca <mailto:trevor@tecnopolis.ca>> wrote:
Oh, I see why the mailing lists sometimes default to replying to the list and sometimes to the sender... if I'm in the To:/Cc: explicitly then when I hit reply it goes just to the sender. If I'm not, it goes to the list. Ah: because the ones explicitly to me are not even going through mailman (even though mailman is on the Cc:). I think there's a setting in each subscriber's mailman to also (or not) send a copy when you're already on the Cc:.
A bit frustrating as there's no good solution. If I tell mailman to send me a copy too, then I'll always get 2 copies. And I can't tell the origin mail server not to send me that other copy... Unless someone can think of something I haven't, looks like using reply-to-all or reply-to-sender explicitly each time, and never using just "reply", is the only way to ensure the MUA is doing what I want.
Or... I guess if everyone refrains from ever letting any individual person's email address get into the To:'s and Cc:'s that mailman sees... good luck with that! _______________________________________________ Roundtable mailing list Roundtable@muug.ca <mailto:Roundtable@muug.ca> https://muug.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On 2020-03-31 Alberto Abrao wrote:
Does anyone have any idea of what should I change on my end? That's weird.
Looking at your DKIM settings in your headers, I think I spotted the problem. Alberto's: h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; Mine: h=Date:From:To:Cc:Subject:In-Reply-To:References; You are trying to protect too many headers, *especially* the ones that mailman needs to change. Also, the case on yours is not RFC (though probably doesn't matter) and many headers are duplicated (weird!) indicating a misconfiguration. Find your DKIM settings and try shortening your protected headers to a list like mine (above). And fix the case, and duplication. Any header not listed will not count in DKIM's hash of your email. Critically, I think you need to make sure you do NOT have "sender:" protected, as mailman will always be adding/changing that header, and that will throw off the hash and DKIM verification. MUUG's mailman may also play with the content-*. That's why I'd stick with a very small set of headers. Spammers can't really make use of those extra headers anyhow, so they don't need to be protected.
I wonder what'll happen with this one... Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net On 2020-04-02 3:27 a.m., Trevor Cordes wrote:
On 2020-03-31 Alberto Abrao wrote:
Does anyone have any idea of what should I change on my end? That's weird. Looking at your DKIM settings in your headers, I think I spotted the problem.
Alberto's: h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references;
Mine: h=Date:From:To:Cc:Subject:In-Reply-To:References;
You are trying to protect too many headers, *especially* the ones that mailman needs to change. Also, the case on yours is not RFC (though probably doesn't matter) and many headers are duplicated (weird!) indicating a misconfiguration.
Find your DKIM settings and try shortening your protected headers to a list like mine (above). And fix the case, and duplication. Any header not listed will not count in DKIM's hash of your email.
Critically, I think you need to make sure you do NOT have "sender:" protected, as mailman will always be adding/changing that header, and that will throw off the hash and DKIM verification.
MUUG's mailman may also play with the content-*. That's why I'd stick with a very small set of headers. Spammers can't really make use of those extra headers anyhow, so they don't need to be protected.
Gmail spam, again. They still don't like you. :) Hartmut W Sager - Tel +1-204-339-8331 On Thu, 2 Apr 2020 at 12:46, Alberto Abrao <alberto@abrao.net> wrote:
I wonder what'll happen with this one...
Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net
On 2020-04-02 3:27 a.m., Trevor Cordes wrote:
On 2020-03-31 Alberto Abrao wrote:
Does anyone have any idea of what should I change on my end? That's weird. Looking at your DKIM settings in your headers, I think I spotted the problem.
Alberto's: h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references;
Mine: h=Date:From:To:Cc:Subject:In-Reply-To:References;
You are trying to protect too many headers, *especially* the ones that mailman needs to change. Also, the case on yours is not RFC (though probably doesn't matter) and many headers are duplicated (weird!) indicating a misconfiguration.
Find your DKIM settings and try shortening your protected headers to a list like mine (above). And fix the case, and duplication. Any header not listed will not count in DKIM's hash of your email.
Critically, I think you need to make sure you do NOT have "sender:" protected, as mailman will always be adding/changing that header, and that will throw off the hash and DKIM verification.
MUUG's mailman may also play with the content-*. That's why I'd stick with a very small set of headers. Spammers can't really make use of those extra headers anyhow, so they don't need to be protected.
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Maybe if I try to type some more? The headers now match the ones Trevor use. Funny thing... I sent a brief message to my Gmail account and it went straight to spam. Second one (not a reply, brand new) I decided to type some more, not as brief as the first one. Inbox. So I wonder what will happen with THIS one? Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net On 2020-04-02 4:53 p.m., Hartmut W Sager wrote:
Gmail spam, again. They still don't like you. :)
Hartmut W Sager - Tel +1-204-339-8331
On Thu, 2 Apr 2020 at 12:46, Alberto Abrao <alberto@abrao.net <mailto:alberto@abrao.net>> wrote:
I wonder what'll happen with this one...
Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net <http://www.abrao.net>
On 2020-04-02 3:27 a.m., Trevor Cordes wrote: > On 2020-03-31 Alberto Abrao wrote: >> Does anyone have any idea of what should I change on my end? That's >> weird. > Looking at your DKIM settings in your headers, I think I spotted the > problem. > > Alberto's: > h=from:from:sender:reply-to:subject:subject:date:date: > message-id:message-id:to:to:cc:mime-version:mime-version: > content-type:content-type:content-transfer-encoding: > in-reply-to:in-reply-to:references:references; > > Mine: > h=Date:From:To:Cc:Subject:In-Reply-To:References; > > You are trying to protect too many headers, *especially* the ones that > mailman needs to change. Also, the case on yours is not RFC (though > probably doesn't matter) and many headers are duplicated (weird!) > indicating a misconfiguration. > > Find your DKIM settings and try shortening your protected headers to a > list like mine (above). And fix the case, and duplication. Any header > not listed will not count in DKIM's hash of your email. > > Critically, I think you need to make sure you do NOT have "sender:" > protected, as mailman will always be adding/changing that header, and > that will throw off the hash and DKIM verification. > > MUUG's mailman may also play with the content-*. That's why I'd stick > with a very small set of headers. Spammers can't really make use of > those extra headers anyhow, so they don't need to be protected. _______________________________________________ Roundtable mailing list Roundtable@muug.ca <mailto:Roundtable@muug.ca> https://muug.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Gmail spam again. Besides Trevor's extensive contribution, I have some ideas too, and I'll try to write it up tonight (no promise though). Hartmut W Sager - Tel +1-204-339-8331 On Thu, 2 Apr 2020 at 16:57, Alberto Abrao <alberto@abrao.net> wrote:
Maybe if I try to type some more?
The headers now match the ones Trevor use.
Funny thing... I sent a brief message to my Gmail account and it went straight to spam.
Second one (not a reply, brand new) I decided to type some more, not as brief as the first one. Inbox.
So I wonder what will happen with THIS one?
Alberto Abrao 204-202-1778 204-558-6886www.abrao.net
On 2020-04-02 4:53 p.m., Hartmut W Sager wrote:
Gmail spam, again. They still don't like you. :)
Hartmut W Sager - Tel +1-204-339-8331
On Thu, 2 Apr 2020 at 12:46, Alberto Abrao <alberto@abrao.net> wrote:
I wonder what'll happen with this one...
Alberto Abrao 204-202-1778 204-558-6886 www.abrao.net
On 2020-04-02 3:27 a.m., Trevor Cordes wrote:
On 2020-03-31 Alberto Abrao wrote:
Does anyone have any idea of what should I change on my end? That's weird. Looking at your DKIM settings in your headers, I think I spotted the problem.
Alberto's: h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references;
Mine: h=Date:From:To:Cc:Subject:In-Reply-To:References;
You are trying to protect too many headers, *especially* the ones that mailman needs to change. Also, the case on yours is not RFC (though probably doesn't matter) and many headers are duplicated (weird!) indicating a misconfiguration.
Find your DKIM settings and try shortening your protected headers to a list like mine (above). And fix the case, and duplication. Any header not listed will not count in DKIM's hash of your email.
Critically, I think you need to make sure you do NOT have "sender:" protected, as mailman will always be adding/changing that header, and that will throw off the hash and DKIM verification.
MUUG's mailman may also play with the content-*. That's why I'd stick with a very small set of headers. Spammers can't really make use of those extra headers anyhow, so they don't need to be protected.
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing listRoundtable@muug.cahttps://muug.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On 2020-04-02 Alberto Abrao wrote:
I wonder what'll happen with this one...
Your DKIM now looks more sane. And the MUUG server reports that it's passing with flying colors. So it must just be a gmail thing. When diagnosing these things, I use yahoomail as it lets you drill down and see exactly what checks are failing. gmail might give you a similar way to see what's going on in its web interface. Send your gmail/yahoomail another test email Drill down into the headers and see if all the DKIM / SPF / DMARC / whoknowswhatelse stuff is passing. Oh ya, gmail in their take-over-the-world wisdom have a proprietary anti-spam system in place now that might solve this gmail-spam problem. Search google-site-verification and sign up and put their record in your DNS TXT (in addition to your SPF record... so you'll have 2+ separate records). Weird, the main google-site-verification site doesn't seem to mention the anti-spam usage, but I know for one of my clients (big email sender) we required this verification to stop always going into spam boxes. Needless to say, this unilateral non-RFC garbage from google is further proof they are the devil.
On 2020-03-31 Hartmut W Sager wrote:
If I tell mailman to send me a copy too, then I'll always get 2 copies.
Except if you're using Gmail as your infrastructure (like I am). Gmail only posts the message once when it recognizes the unique Message-ID as duplicated, even if the multiple messages come into "To" and/or "cc" via different target e-mail addresses (which is often my case).
I hate to make Gmail look good, especially when I started this "bash Gmail" thread, but hey, they do a few things right. (Like labels!)
Good one Hartmut! :-) However, the key to the dedupe is your MUA would have to eliminate the one that addresses you personally, and keep the one from the mailing list. I doubt gmail is *that* smart, or configurable (as some people would prefer to get the personal one instead!). I bet what gmail is doing is just throwing away the 2nd one it sees (temporally), which in many cases (like my greylisted system) is going to be random. But... you did give me an idea... I could procmail something up that will look at (hopefully id'able) mailing list emails (whether private or mailman-sent), delay sending the first it sees (will procmail happily let a handler script sleep?), see if there's a second, then pick the one that is mailman-generated over the personal one (and deliver the 1st/only one if a 2nd never comes in a reasonable amount of time). Voila. Try a procmail rule with gmail! ;-)
Replies embedded below. Hartmut W Sager - Tel +1-204-339-8331 On Tue, 31 Mar 2020 at 01:06, Trevor Cordes <trevor@tecnopolis.ca> wrote:
On 2020-03-31 Hartmut W Sager wrote:
If I tell mailman to send me a copy too, then I'll always get 2 copies.
Except if you're using Gmail as your infrastructure (like I am). Gmail only posts the message once when it recognizes the unique Message-ID as duplicated, even if the multiple messages come into "To" and/or "cc" via different target e-mail addresses (which is often my case).
I hate to make Gmail look good, especially when I started this "bash Gmail" thread, but hey, they do a few things right. (Like labels!)
Good one Hartmut! :-) However, the key to the dedupe is your MUA would have to eliminate the one that addresses you personally, and keep the one from the mailing list. I doubt gmail is *that* smart, or configurable (as some people would prefer to get the personal one instead!).
You're right, Gmail is definitely not *that* smart, and is not at all configurable in any way even approaching such a wish.
I bet what gmail is doing is just throwing away the 2nd one it sees (temporally), which in many cases (like my greylisted system) is going to be random.
Probably. And here's worse: Sometimes, when I've posted to our RoundTable, Gmail doesn't even bring anything into my Inbox, because those round-trip items match the sent item in my Sent label. Furthermore, it doesn't replace the sent item with one of the incoming round-trip items either, so I can't see the full header (of at least one round-trip item) to see the routing and the SPF/DKIM/DMARC results (which was highly relevant earlier on in this very thread).
But... you did give me an idea... I could procmail something up that will look at (hopefully id'able) mailing list emails (whether private or mailman-sent), delay sending the first it sees (will procmail happily let a handler script sleep?), see if there's a second, then pick the one that is mailman-generated over the personal one (and deliver the 1st/only one if a 2nd never comes in a reasonable amount of time). Voila.
Great idea! A good exercise for an eager student.
Try a procmail rule with gmail! ;-)
Ha ha!
I have it all set up properly as far as I know. It may be related to the MUUG list sending e-mails on my behalf. From the little I've read about this particular situation, it opens a whole new can of worms. I may have missed something on my end, for sure, as I am totally new to running my own e-mail. But it has been working great so far. The attached report I got from Google may help figure out what's going on. In my humble opinion, Google is going "full retard" and has been for a while. I too don't have anything sensitive going on, and I am a sucker for cheap gear. Even then, they're asking for more, taking more control, while giving less and less of value. Open source offerings have caught up to all of its features that are useful to me, so it made more sense to deploy an open source stack instead. Right now the two issues I have are: 1) replacing Hangouts completely. My wife likes it, and Nextcloud Talk is good for many things, but it's missing a few features. Things like sharing links and pictures don't work, for example. 2) finding a new phone that's reasonably priced and able to run a Custom ROM without Google Play. My current phone is not. I may even restore my old Nexus 4 for that. Kind regards, Alberto Abrao 204-202-1778 204-558-6886 On 2020-03-25 1:10 a.m., Hartmut W Sager wrote:
I've had a lot of trouble in the last few months with Gmail's spam filtering having become super-aggressive, but tonight we have a live case worthy of analysis. In the thread "Opinions on Fedora Server" initiated by Alberto Abrao <alberto@abrao.net <mailto:alberto@abrao.net>>, *both* of Alberto's postings went to my Gmail spam, while Trevor Cordes's posting came through fine.
A detail on my use of Gmail: I use it as infrastructure for my own e-mail addresses @marityme.net <http://marityme.net>. Incoming e-mails to @marityme.net <http://marityme.net> are forwarded into my Gmail address from somewhere else, and outgoing e-mails from @marityme.net <http://marityme.net> are sent from Gmail where I set up these addresses as valid "from" addresses.
Yeah, I suspect the trouble is somewhere in Gmail's new expectations re TXT SPF, DKIM, DomainKeys, and such.
Hartmut W Sager - Tel +1-204-339-8331
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
And, speaking of "the devil", this posting from Alberto *also* went to my Gmail spam, after being forwarded into my Gmail from @marityme.net. (Alberto, I'll take a look at your attached header a little later.) Hartmut W Sager - Tel +1-204-339-8331 On Wed, 25 Mar 2020 at 11:28, Alberto Abrao <alberto@abrao.net> wrote:
I have it all set up properly as far as I know. It may be related to the MUUG list sending e-mails on my behalf. From the little I've read about this particular situation, it opens a whole new can of worms. I may have missed something on my end, for sure, as I am totally new to running my own e-mail. But it has been working great so far.
The attached report I got from Google may help figure out what's going on.
participants (5)
-
Alberto Abrao -
Bill Reid -
Hartmut W Sager -
Scott Toderash -
Trevor Cordes