[CentOS] To James B. Byrne

classic Classic list List threaded Threaded
66 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

[CentOS] To James B. Byrne

Alexander Farber
Dear James,

everyday I look into my Gmail SPAM folder and your mails (sent to
Centos list) are there. Noone else is there but you.

Please finally fix your MX records or whatever is needed. No offence

Greetings from Germany
Alex
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Valeri Galtsev
Dear James,

I for one would suggest: just ignore what gmail people are saying about
your MX records.

No offense intended. Just moral support meant.

Valeri

On Tue, November 11, 2014 10:16 am, Alexander Farber wrote:

> Dear James,
>
> everyday I look into my Gmail SPAM folder and your mails (sent to
> Centos list) are there. Noone else is there but you.
>
> Please finally fix your MX records or whatever is needed. No offence
>
> Greetings from Germany
> Alex
> _______________________________________________
> CentOS mailing list
> [hidden email]
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Alexander Farber
And ignore the Chrome people getting
the certificate warning at https://harte-lyne.ca too ;-)


On Tue, Nov 11, 2014 at 5:24 PM, Valeri Galtsev
<[hidden email]> wrote:

> Dear James,
>
> I for one would suggest: just ignore what gmail people are saying about
> your MX records.
>
> No offense intended. Just moral support meant.
>
> Valeri
>
> On Tue, November 11, 2014 10:16 am, Alexander Farber wrote:
>> Dear James,
>>
>> everyday I look into my Gmail SPAM folder and your mails (sent to
>> Centos list) are there. Noone else is there but you.
>>
>> Please finally fix your MX records or whatever is needed. No offence
>>
>> Greetings from Germany
>> Alex
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Alexander Farber
Of couse I could "explain my Gmail mailbox not move messages" by James -
but I assumed the person sending 3-4 messages daily to this mailing list
might be asked to consider to fix his own settings (MX and http certificate).

The Chrome warning for harte-lyne.ca looks dreadful by the way.

Regards
Alex
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Alexander Farber
Reindl, you should relax a bit.

I didn't mean exactly "MX", just meant a "heads up" to take a look at
own configs.

I like how you defend using a broken http cert.

Regards
Alex


On Tue, Nov 11, 2014 at 7:42 PM, Reindl Harald <[hidden email]> wrote:

>
> Am 11.11.2014 um 19:34 schrieb Alexander Farber:
>>
>> Of couse I could "explain my Gmail mailbox not move messages" by James -
>> but I assumed the person sending 3-4 messages daily to this mailing list
>> might be asked to consider to fix his own settings (MX and http
>> certificate)
>
>
> you could also stop talking about things you don't have any clue - the MX
> has nothing to do with outgoing mail and SPF is as explained also not the
> reason
>
> it's the *list software* mangle DKIM signed messages
>
>> The Chrome warning for harte-lyne.ca looks dreadful by the way
>
>
> WTF - whatever certificate is used on a website has no business in context
> of mail and any software crying in context of mail because a self signed
> website certificate is broken
>
> complain at Chrome!
>
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Valeri Galtsev
In reply to this post by Alexander Farber

On Tue, November 11, 2014 12:34 pm, Alexander Farber wrote:
> Of couse I could "explain my Gmail mailbox not move messages" by James -
> but I assumed the person sending 3-4 messages daily to this mailing list
> might be asked to consider to fix his own settings (MX and http
> certificate).
>
> The Chrome warning for harte-lyne.ca looks dreadful by the way.

And out of my childishness again (to contradict anything ;-)... I have no
bad feelings about domain that decided no to pay CA for signed
Certificate. As somebody mentioned, to keep internet in harmony, these
should not be in hands of commercial Certification Authorities, but DNS
authorities instead should be involved here in establishing the chain of
trust and identity of domain instance.

Just my $0.01 (plus $0.01 borrowed from somebody else ;-)

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Les Mikesell
In reply to this post by Alexander Farber
On Tue, Nov 11, 2014 at 12:34 PM, Alexander Farber
<[hidden email]> wrote:
> Of couse I could "explain my Gmail mailbox not move messages" by James -
> but I assumed the person sending 3-4 messages daily to this mailing list
> might be asked to consider to fix his own settings (MX and http certificate).
>
> The Chrome warning for harte-lyne.ca looks dreadful by the way.
>

That's something different - and I think that the emails as originated
by James are probably correct.  It is just the versions forwarded by
the mailing list that fail gmail's DMARC test.   And in any case, only
the site admin can fix these things.

--
    Les Mikesell
     [hidden email]
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Igor Zubkov
In reply to this post by Alexander Farber
On Tue, Nov 11, 2014 at 6:16 PM, Alexander Farber wrote:
> Dear James,
>
> everyday I look into my Gmail SPAM folder and your mails (sent to
> Centos list) are there. Noone else is there but you.
>
> Please finally fix your MX records or whatever is needed. No offence

I bit a tired of this too.

James, be the Man and fix your mail server. Or what else.

> Greetings from Germany
> Alex

Greetins from Ukraine (Donetsk).

--
Igor Zubkov
http://hi.im/ice
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

James B. Byrne
In reply to this post by Alexander Farber

On Tue, November 11, 2014 13:05, Alexander Farber wrote:
> And ignore the Chrome people getting
> the certificate warning at https://harte-lyne.ca too ;-)
>

We operate our own CA.  If you 'TRUST' us then you can add the the root cert
for our CA by visiting  http://ca.harte-lyne.ca/CA_HLL_ISSUER_01/ca.crt and
accepting the cert (presumably after reading the CP and CPS statements).  Then
the warning will disappear.  If not then you can leave or proceed, accepting
the exception permanently or not,  as your inclination dictates.

That web site is ancient and was designed for straight http access. It is in
the process of revision but that is not in my hands and given past events I
have no expectation of anything changing soon.  We have since gone to "https
everywhere" and thus the certificate is now an issue.  Most of our sites are
blocked to outside access or require authentication in any case.

That said, the issue of Trusted certificates is problematic. In my opinion,
the present state of the PKI CA's is in such disarray that anyone that is
counting on the 'Trusted' CA's that come pre-installed in browser packages is
living in blissful ignorance of the underlying risks presented thereby. Users
are rarely aware, or realise the implications, of the fact that any 'Trusted'
CA can issue a valid certificate for ANY domain. Any browser that 'Trusts'
that CA will accept any site presenting said certificate as legitimate.  This
is the singular weakness of imposing a hierarchical requirement on top of a
distributed solution.  DNSSEC is representative of the alternative approach
that I believe eventually will be adopted for all forms of network identities,
including email.

Our company policy at the moment does not properly address the Trusted CA
issue either;  Other than we have set up and exclusively use our own CA for
our own use.  I am pushing to have all default trusted roots removed from all
user's browsers and only approved roots added back.  This is not feasible at
the present time because of the lack of any automated tool (of which I am
aware and that is FLOSS) to enforce it.

For that matter, we are still waiting for our registrar to support DNSSEC, for
which we have been ready since early 2012 and the .ca. registrar since 2013.


--
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:[hidden email]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

James B. Byrne
In reply to this post by Alexander Farber

On Tue, November 11, 2014 19:33, Igor Zubkov wrote:

> On Tue, Nov 11, 2014 at 6:16 PM, Alexander Farber wrote:
>> Dear James,
>>
>> everyday I look into my Gmail SPAM folder and your mails (sent to
>> Centos list) are there. Noone else is there but you.
>>
>> Please finally fix your MX records or whatever is needed. No offence
>
> I bit a tired of this too.
>
> James, be the Man and fix your mail server. Or what else.
>
>> Greetings from Germany
>> Alex
>
> Greetins from Ukraine (Donetsk).
>

But, the mail server is not broken.  It is entirely to RFC specifications.
Google decides how to treat the resulting confusion respecting mail forwarded
by the CentOS list. Yahoo I understand simply drops it into the bit bucket and
the recipient never knows.

Your complaint would be better directed at the consortium of Email providers,
including Google and Yahoo, who forced DMARC on the IETF; or rather entirely
by-passed the IETF and put this Rube Goldberg hack into play regardless.  The
people who run mailing lists screamed blue murder but it happened nonetheless.

In any case the fix to this for Mailman already exists.  It just needs to be
accepted by RedHat and rolled out as an update.  I tried to build it myself
and succeeded in getting a working version on CentOS6.  But, the source
package layout does not fit the HFS used by RedHat and I could not deploy it
for that reason.  Nor could I figure out the patches necessary to restructure
the project layout into something resembling HFS.  Nor could I figure out the
interim changes between the current Mailman version and that shipped with
CentOS to back-port the fixes in a systematic way.

I apologise for the number of messages presently originating from me.  This
one included.  Once I get past my ignorance with CentOS7 and can manage on my
own I will stop annoying the list with questions and replies.

--
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:[hidden email]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Valeri Galtsev
In reply to this post by James B. Byrne

On Wed, November 12, 2014 8:26 am, James B. Byrne wrote:
>
> On Tue, November 11, 2014 13:05, Alexander Farber wrote:
>> And ignore the Chrome people getting
>> the certificate warning at https://harte-lyne.ca too ;-)
>>
>
> We operate our own CA.

Yes, that is what I was doing for years too (till we got access to Certs
paid by central university IT office). Mostly those who are harassing you
on this list seem to have much less knowledge on each of the subjects than
you do. It is just my observation. Not that I'm saying everybody using
gmail, but, of course, knowledgeable ones do not make any noise. It
somehow comes to my mind what I've heard once (not intended to offend
anyone but if you think about it it carries some wisdom, - for me at
least): "Never argue with the fool, or others will not notice any
difference between you two".

Valeri

> If you 'TRUST' us then you can add the the root
> cert
> for our CA by visiting  http://ca.harte-lyne.ca/CA_HLL_ISSUER_01/ca.crt
> and
> accepting the cert (presumably after reading the CP and CPS statements).
> Then
> the warning will disappear.  If not then you can leave or proceed,
> accepting
> the exception permanently or not,  as your inclination dictates.
>
> That web site is ancient and was designed for straight http access. It is
> in
> the process of revision but that is not in my hands and given past events
> I
> have no expectation of anything changing soon.  We have since gone to
> "https
> everywhere" and thus the certificate is now an issue.  Most of our sites
> are
> blocked to outside access or require authentication in any case.
>
> That said, the issue of Trusted certificates is problematic. In my
> opinion,
> the present state of the PKI CA's is in such disarray that anyone that is
> counting on the 'Trusted' CA's that come pre-installed in browser packages
> is
> living in blissful ignorance of the underlying risks presented thereby.
> Users
> are rarely aware, or realise the implications, of the fact that any
> 'Trusted'
> CA can issue a valid certificate for ANY domain. Any browser that 'Trusts'
> that CA will accept any site presenting said certificate as legitimate.
> This
> is the singular weakness of imposing a hierarchical requirement on top of
> a
> distributed solution.  DNSSEC is representative of the alternative
> approach
> that I believe eventually will be adopted for all forms of network
> identities,
> including email.
>
> Our company policy at the moment does not properly address the Trusted CA
> issue either;  Other than we have set up and exclusively use our own CA
> for
> our own use.  I am pushing to have all default trusted roots removed from
> all
> user's browsers and only approved roots added back.  This is not feasible
> at
> the present time because of the lack of any automated tool (of which I am
> aware and that is FLOSS) to enforce it.
>
> For that matter, we are still waiting for our registrar to support DNSSEC,
> for
> which we have been ready since early 2012 and the .ca. registrar since
> 2013.
>
>
> --
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:[hidden email]
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
> _______________________________________________
> CentOS mailing list
> [hidden email]
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Valeri Galtsev
In reply to this post by James B. Byrne

On Wed, November 12, 2014 8:50 am, James B. Byrne wrote:

>
> On Tue, November 11, 2014 19:33, Igor Zubkov wrote:
>> On Tue, Nov 11, 2014 at 6:16 PM, Alexander Farber wrote:
>>> Dear James,
>>>
>>> everyday I look into my Gmail SPAM folder and your mails (sent to
>>> Centos list) are there. Noone else is there but you.
>>>
>>> Please finally fix your MX records or whatever is needed. No offence
>>
>> I bit a tired of this too.
>>
>> James, be the Man and fix your mail server. Or what else.
>>
>>> Greetings from Germany
>>> Alex
>>
>> Greetins from Ukraine (Donetsk).
>>

As I said, James, don't argue with the ones who have no idea what they are
talking about (sorry for posting above your reply to him). This particular
one did set me off, and the only thing that held me from answering him was
the "wisdom" I mentioned in another reply.

Valeri

>
> But, the mail server is not broken.  It is entirely to RFC specifications.
> Google decides how to treat the resulting confusion respecting mail
> forwarded
> by the CentOS list. Yahoo I understand simply drops it into the bit bucket
> and
> the recipient never knows.
>
> Your complaint would be better directed at the consortium of Email
> providers,
> including Google and Yahoo, who forced DMARC on the IETF; or rather
> entirely
> by-passed the IETF and put this Rube Goldberg hack into play regardless.
> The
> people who run mailing lists screamed blue murder but it happened
> nonetheless.
>
> In any case the fix to this for Mailman already exists.  It just needs to
> be
> accepted by RedHat and rolled out as an update.  I tried to build it
> myself
> and succeeded in getting a working version on CentOS6.  But, the source
> package layout does not fit the HFS used by RedHat and I could not deploy
> it
> for that reason.  Nor could I figure out the patches necessary to
> restructure
> the project layout into something resembling HFS.  Nor could I figure out
> the
> interim changes between the current Mailman version and that shipped with
> CentOS to back-port the fixes in a systematic way.
>
> I apologise for the number of messages presently originating from me.
> This
> one included.  Once I get past my ignorance with CentOS7 and can manage on
> my
> own I will stop annoying the list with questions and replies.
>
> --
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:[hidden email]
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
> _______________________________________________
> CentOS mailing list
> [hidden email]
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

Les Mikesell
In reply to this post by James B. Byrne
On Wed, Nov 12, 2014 at 8:50 AM, James B. Byrne <[hidden email]> wrote:

>
> But, the mail server is not broken.  It is entirely to RFC specifications.
> Google decides how to treat the resulting confusion respecting mail forwarded
> by the CentOS list. Yahoo I understand simply drops it into the bit bucket and
> the recipient never knows.
>
> Your complaint would be better directed at the consortium of Email providers,
> including Google and Yahoo, who forced DMARC on the IETF; or rather entirely
> by-passed the IETF and put this Rube Goldberg hack into play regardless.  The
> people who run mailing lists screamed blue murder but it happened nonetheless.

If this is something caused by google and not your own server settings
that indicate how to treat forwarders, why doesn't email originating
from gmail have the same issue?

--
   Les Mikesell
     [hidden email]
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Not To James B. Byrne

Kai Schaetzl
In reply to this post by Alexander Farber
That's ridiculous, you don't even know what's wrong or if it's wrong at
all or what you want him to do but you have to cry it out loud to the list
to put social pressure on him. Please move this to private mail and
understand that Gmail is *not* what rules email best practice and also try
to understand what Gmail is telling *you* before you ask others to do
something.


Kai


_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Not To James B. Byrne

Valeri Galtsev

On Wed, November 12, 2014 9:46 am, Kai Schaetzl wrote:
> That's ridiculous, you don't even know what's wrong or if it's wrong at
> all or what you want him to do but you have to cry it out loud to the list
> to put social pressure on him. Please move this to private mail and
> understand that Gmail is *not* what rules email best practice and also try
> to understand what Gmail is telling *you* before you ask others to do
> something.
>
>
> Kai

+1
Bravo.

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Not To James B. Byrne

Les Mikesell
In reply to this post by Kai Schaetzl
On Wed, Nov 12, 2014 at 9:46 AM, Kai Schaetzl <[hidden email]> wrote:
> That's ridiculous, you don't even know what's wrong or if it's wrong at
> all or what you want him to do but you have to cry it out loud to the list
> to put social pressure on him.

Well, no.  Per the headers:

Authentication-Results: mx.google.com;
       spf=neutral (google.com: [hidden email] does not
designate permitted sender hosts) smtp.mail=[hidden email];
       dkim=neutral (body hash did not verify) header.i=@;
       dmarc=fail (p=QUARANTINE dis=NONE) header.from=harte-lyne.ca


The p=quarantine setting from his server explicitly requests that the
message be marked as spam if it s not sent from an authorized server,
which don't include the centos list server. So it is accepted and
dropped in the spam folder as requested.

And at the moment, he is the only list member that posts regularly
from a server with this setting.  (We don't even see ones with
p=reject, they'll bounce and get kicked off the list).

--
   Les Mikesell
     [hidden email]
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] To James B. Byrne

John Hoe
In reply to this post by Les Mikesell
On Wed, Nov 12, 2014 at 11:44 PM, Les Mikesell <[hidden email]>
wrote:

> On Wed, Nov 12, 2014 at 8:50 AM, James B. Byrne <[hidden email]>
> wrote:
> >
> > But, the mail server is not broken.  It is entirely to RFC
> specifications.
> > Google decides how to treat the resulting confusion respecting mail
> forwarded
> > by the CentOS list. Yahoo I understand simply drops it into the bit
> bucket and
> > the recipient never knows.
> >
> > Your complaint would be better directed at the consortium of Email
> providers,
> > including Google and Yahoo, who forced DMARC on the IETF; or rather
> entirely
> > by-passed the IETF and put this Rube Goldberg hack into play
> regardless.  The
> > people who run mailing lists screamed blue murder but it happened
> nonetheless.
>
> If this is something caused by google and not your own server settings
> that indicate how to treat forwarders, why doesn't email originating
> from gmail have the same issue?
>
> --
>    Les Mikesell
>      [hidden email]
> _______________________________________________
> CentOS mailing list
> [hidden email]
> http://lists.centos.org/mailman/listinfo/centos
>

​I guess the upside to all these .... feedback is I learnt something about
standards, and how futile they can be sometimes.

Yeah we've followed the RFCs, yes there's DMARC serving its own purposes,
yes there's some mangling and yes there's a fix for it, but if the main
party (RH in this case) refuses to budge, shit remains broken. I'm not
pointing fingers at anyone but I'm not surprised why we haven't colonised
mars yet.

​I personally find it annoying that James is getting stuffed into spam box
_all_ the time, but with all these explanations I've gotten I think I got
the better end of the bargain.




John​
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Not To James B. Byrne

Les Mikesell
In reply to this post by Les Mikesell
On Wed, Nov 12, 2014 at 10:13 AM, Les Mikesell <[hidden email]> wrote:

> On Wed, Nov 12, 2014 at 9:46 AM, Kai Schaetzl <[hidden email]> wrote:
>> That's ridiculous, you don't even know what's wrong or if it's wrong at
>> all or what you want him to do but you have to cry it out loud to the list
>> to put social pressure on him.
>
> Well, no.  Per the headers:
>
> Authentication-Results: mx.google.com;
>        spf=neutral (google.com: [hidden email] does not
> designate permitted sender hosts) smtp.mail=[hidden email];
>        dkim=neutral (body hash did not verify) header.i=@;
>        dmarc=fail (p=QUARANTINE dis=NONE) header.from=harte-lyne.ca
>
>
> The p=quarantine setting from his server explicitly requests that the
> message be marked as spam if it s not sent from an authorized server,
> which don't include the centos list server. So it is accepted and
> dropped in the spam folder as requested.
>
> And at the moment, he is the only list member that posts regularly
> from a server with this setting.  (We don't even see ones with
> p=reject, they'll bounce and get kicked off the list).
>

I guess that last part isn't true.  Apparently forwarded yahoo senders
also go to spam instead of bouncing:

Authentication-Results: mx.google.com;
       spf=neutral (google.com: [hidden email] does not
designate permitted sender hosts) smtp.mail=[hidden email];
       dkim=neutral (body hash did not verify) header.i=@;
       dmarc=fail (p=REJECT dis=NONE) header.from=yahoo.com

Anyway, you can see a domain's dmarc setting with:
nslookup -type=txt _dmarc.domain.com
and see the p= meanings at http://www.dmarc.org/faq.html
In particular, see http://www.dmarc.org/faq.html#r_2 for the effect on
mail lists.
   "If the domain in the From: header is from an organization that
publishes a DMARC record, the email is likely to not be delivered."

--
   Les Mikesell
      [hidden email]
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Not To James B. Byrne

Kai Schaetzl
In reply to this post by Les Mikesell
Les Mikesell wrote on Wed, 12 Nov 2014 10:13:07 -0600:

> Well, no.

Well, *yes*. It's not business to be carried out on the list nor does the
guy who moans about it seem to know why. And if you are the second from
Gmail then please move it off-list as well. It's really not anyone's
problem on this list what Gmail does.


Kai


_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
Reply | Threaded
Open this post in threaded view
|

Re: [CentOS] Not To James B. Byrne

Les Mikesell
On Wed, Nov 12, 2014 at 11:31 AM, Kai Schaetzl <[hidden email]> wrote:
> Les Mikesell wrote on Wed, 12 Nov 2014 10:13:07 -0600:
>
>> Well, no.
>
> Well, *yes*. It's not business to be carried out on the list nor does the
> guy who moans about it seem to know why. And if you are the second from
> Gmail then please move it off-list as well. It's really not anyone's
> problem on this list what Gmail does.

Gmail isn't making this up, it is doing what the sender's domain
explicitly tells it to do with mail with a From: address in that
domain when it is (re)sent by a non-permitted host.  So yes it is
relevant to the list that if you don't want your mail to end up in
spam folders you shouldn't use a From: address in a domain that sets
p=quarantine or p=reject in its dmarc record, because that is exactly
what those say to do per the faq from www.dmarc.org.

--
   Les Mikesell
     [hidden email]
_______________________________________________
CentOS mailing list
[hidden email]
http://lists.centos.org/mailman/listinfo/centos
1234