[Cake] cake for net-next 4.8
dave at taht.net
Fri Sep 30 17:10:20 EDT 2016
On 9/30/16 1:37 PM, Neil Shepperd wrote:
> Disabling ipv6 (at least in the mail server, in outgoing direction) is
> probably the easiest option...
It looks like the simplest thing I could do to allow inbound while
stopping outbound ipv6 would be to:
smtp_bind_address6 = ::1
> I see on most messages here DKIM-Signature headers apparently from
> gmail: "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com
> <http://gmail.com>; s=20120113;". These signatures are failing because
> of the added message footer. No sign of a DKIM-Signature
> for lists.bufferbloat.net <http://lists.bufferbloat.net>. You'd need to
> set that up in the list MTA.
Honestly my "email-fu" has declined considerably in recent years.
Despite the apparent simplicity of this idea, my brain just crashed
multiple times on setting it up with postfix + mailman 2.
And thank you for poking so deeply into this, I was A) really annoyed by
the bloat-list-as-spam thing and B) clueless.
> On Fri, 30 Sep 2016 at 15:42 Dave Täht <dave at taht.net
> <mailto:dave at taht.net>> wrote:
> On 9/30/16 1:02 AM, Toke Høiland-Jørgensen wrote:
> > Neil Shepperd <nshepperd at gmail.com <mailto:nshepperd at gmail.com>>
> >> I think I have now accumulated enough spam/nonspam classified emails
> >> to make a statistically signification observation: it seems like all
> >> emails classified as spam from these lists were send from ipv6:
> >> SPF: PASS with IP 2600:3c03:0:0:f03c:91ff:fe61:86ce
> >> All emails from bufferbloat.net <http://bufferbloat.net> lists
> are failing DKIM (because of the
> >> mailing list footer breaking the DKIM signature) which might be worth
> >> fixing, and failing DMARC because all mailing lists fails DMARC
> >> (however google does not have a strict DMARC policy so that shouldn't
> >> matter, I hope).
> >> By the way, it's not just you, either. I have emails from others on
> >> these lists in my spam folder.
> >> The distinguishing factor seems to be whether the email was sent from
> >> the lists.bufferbloat.net <http://lists.bufferbloat.net> ipv6
> address. Unless this address
> >> corresponds to some kind of tunnel broker possibly also used by
> >> spammers, I can only assume this is some kind of bug (after all, it
> >> was spf validated so the address shouldn't matter at that point?).
> > Indeed, gmail requires extra measures for IPv6:
> > https://support.google.com/mail/answer/81126 (scroll down to
> > guidelines for IPv6").
> > Fixing DKIM might be worthwhile :)
> But it passes the spf check?? And the reverse lookup is correct.
> How about I just disable ipv6?
> Have no idea why dkim doesn't work.
> > -Toke
> > _______________________________________________
> > Cake mailing list
> > Cake at lists.bufferbloat.net <mailto:Cake at lists.bufferbloat.net>
> > https://lists.bufferbloat.net/listinfo/cake
> Cake mailing list
> Cake at lists.bufferbloat.net <mailto:Cake at lists.bufferbloat.net>
More information about the Cake