[Cake] cake for net-next 4.8
Neil Shepperd
nshepperd at gmail.com
Thu Oct 20 01:56:47 EDT 2016
Grr, looks like things are still getting spam-marked for me. I'll have to
reopen the report with gmail... In the mean time, I suppose we'll have to
keep fiddling with DKIM or turn off ipv6 again.
Damnit, so close.
On 4 October 2016 at 12:09, Dave Täht <dave at taht.net> wrote:
>
>
> On 10/3/16 2:17 PM, Neil Shepperd wrote:
> > Gmail spam team got back to me; they have apparently "fixed the
> > problem", which I guess means messages here should stop being marked as
> > spam soon. Because gmail's spam filters are top secret business, I
> > couldn't tell you anything else :)
>
> It is great to have friends (in places high and low). Thank you!
>
> That said, I almost, but not quite, got the dkim stuff working the other
> day - not that I can intuit that was the source of the problem!
>
> >
> > On Fri, 30 Sep 2016 at 17:10 Dave Täht <dave at taht.net
> > <mailto:dave at taht.net>> wrote:
> >
> >
> >
> > On 9/30/16 1:37 PM, Neil Shepperd wrote:
> > > Disabling ipv6 (at least in the mail server, in outgoing
> direction) is
> > > probably the easiest option...
> >
> > It looks like the simplest thing I could do to allow inbound while
> > stopping outbound ipv6 would be to:
> >
> > /etc/postfix/main.cf <http://main.cf>:
> > smtp_bind_address6 = ::1
> >
> >
> > > I see on most messages here DKIM-Signature headers apparently from
> > > gmail: "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com
> > <http://gmail.com>
> > > <http://gmail.com>; s=20120113;". These signatures are failing
> because
> > > of the added message footer. No sign of a DKIM-Signature
> > > for lists.bufferbloat.net <http://lists.bufferbloat.net>
> > <http://lists.bufferbloat.net>. You'd need to
> > > set that up in the list MTA.
> >
> > Honestly my "email-fu" has declined considerably in recent years.
> > Despite the apparent simplicity of this idea, my brain just crashed
> > multiple times on setting it up with postfix + mailman 2.
> >
> > And thank you for poking so deeply into this, I was A) really
> annoyed by
> > the bloat-list-as-spam thing and B) clueless.
> >
> > > On Fri, 30 Sep 2016 at 15:42 Dave Täht <dave at taht.net
> > <mailto:dave at taht.net>
> > > <mailto:dave at taht.net <mailto:dave at taht.net>>> wrote:
> > >
> > >
> > >
> > > On 9/30/16 1:02 AM, Toke Høiland-Jørgensen wrote:
> > > > Neil Shepperd <nshepperd at gmail.com
> > <mailto:nshepperd at gmail.com> <mailto:nshepperd at gmail.com
> > <mailto:nshepperd at gmail.com>>>
> > > writes:
> > > >
> > > >> I think I have now accumulated enough spam/nonspam
> > classified emails
> > > >> to make a statistically signification observation: it seems
> > like all
> > > >> emails classified as spam from these lists were send from
> ipv6:
> > > >>
> > > >> SPF: PASS with IP 2600:3c03:0:0:f03c:91ff:fe61:86ce
> > > >>
> > > >> All emails from bufferbloat.net <http://bufferbloat.net>
> > <http://bufferbloat.net> lists
> > > are failing DKIM (because of the
> > > >> mailing list footer breaking the DKIM signature) which
> > might be worth
> > > >> fixing, and failing DMARC because all mailing lists fails
> DMARC
> > > >> (however google does not have a strict DMARC policy so that
> > shouldn't
> > > >> matter, I hope).
> > > >>
> > > >> By the way, it's not just you, either. I have emails from
> > others on
> > > >> these lists in my spam folder.
> > > >>
> > > >> The distinguishing factor seems to be whether the email was
> > sent from
> > > >> the lists.bufferbloat.net <http://lists.bufferbloat.net>
> > <http://lists.bufferbloat.net> ipv6
> > > address. Unless this address
> > > >> corresponds to some kind of tunnel broker possibly also
> used by
> > > >> spammers, I can only assume this is some kind of bug (after
> > all, it
> > > >> was spf validated so the address shouldn't matter at that
> > point?).
> > > >
> > > > Indeed, gmail requires extra measures for IPv6:
> > > > https://support.google.com/mail/answer/81126 (scroll down to
> > > "Additional
> > > > guidelines for IPv6").
> > > >
> > > > Fixing DKIM might be worthwhile :)
> > >
> > > But it passes the spf check?? And the reverse lookup is
> correct.
> > >
> > > How about I just disable ipv6?
> > >
> > > Have no idea why dkim doesn't work.
> > >
> > > >
> > > > -Toke
> > > > _______________________________________________
> > > > Cake mailing list
> > > > Cake at lists.bufferbloat.net
> > <mailto:Cake at lists.bufferbloat.net>
> > <mailto:Cake at lists.bufferbloat.net <mailto:Cake at lists.
> bufferbloat.net>>
> > > > https://lists.bufferbloat.net/listinfo/cake
> > > >
> > > _______________________________________________
> > > Cake mailing list
> > > Cake at lists.bufferbloat.net <mailto:Cake at lists.bufferbloat.net>
> > <mailto:Cake at lists.bufferbloat.net <mailto:Cake at lists.
> bufferbloat.net>>
> > > https://lists.bufferbloat.net/listinfo/cake
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cake/attachments/20161020/1e4507e2/attachment.html>
More information about the Cake
mailing list