[Cake] cake for net-next 4.8

Dave Täht dave at taht.net
Fri Sep 30 17:10:20 EDT 2016 


On 9/30/16 1:37 PM, Neil Shepperd wrote:
> Disabling ipv6 (at least in the mail server, in outgoing direction) is
> probably the easiest option...

It looks like the simplest thing I could do to allow inbound while
stopping outbound ipv6 would be to:

/etc/postfix/main.cf:
    smtp_bind_address6 = ::1


> I see on most messages here DKIM-Signature headers apparently from
> gmail: "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com
> <http://gmail.com>; s=20120113;". These signatures are failing because
> of the added message footer. No sign of a DKIM-Signature
> for lists.bufferbloat.net <http://lists.bufferbloat.net>. You'd need to
> set that up in the list MTA.

Honestly my "email-fu" has declined considerably in recent years.
Despite the apparent simplicity of this idea, my brain just crashed
multiple times on setting it up with postfix + mailman 2.

And thank you for poking so deeply into this, I was A) really annoyed by
the bloat-list-as-spam thing and B) clueless.

> On Fri, 30 Sep 2016 at 15:42 Dave Täht <dave at taht.net
> <mailto:dave at taht.net>> wrote:
> 
> 
> 
>     On 9/30/16 1:02 AM, Toke Høiland-Jørgensen wrote:
>     > Neil Shepperd <nshepperd at gmail.com <mailto:nshepperd at gmail.com>>
>     writes:
>     >
>     >> I think I have now accumulated enough spam/nonspam classified emails
>     >> to make a statistically signification observation: it seems like all
>     >> emails classified as spam from these lists were send from ipv6:
>     >>
>     >> SPF: PASS with IP 2600:3c03:0:0:f03c:91ff:fe61:86ce
>     >>
>     >> All emails from bufferbloat.net <http://bufferbloat.net> lists
>     are failing DKIM (because of the
>     >> mailing list footer breaking the DKIM signature) which might be worth
>     >> fixing, and failing DMARC because all mailing lists fails DMARC
>     >> (however google does not have a strict DMARC policy so that shouldn't
>     >> matter, I hope).
>     >>
>     >> By the way, it's not just you, either. I have emails from others on
>     >> these lists in my spam folder.
>     >>
>     >> The distinguishing factor seems to be whether the email was sent from
>     >> the lists.bufferbloat.net <http://lists.bufferbloat.net> ipv6
>     address. Unless this address
>     >> corresponds to some kind of tunnel broker possibly also used by
>     >> spammers, I can only assume this is some kind of bug (after all, it
>     >> was spf validated so the address shouldn't matter at that point?).
>     >
>     > Indeed, gmail requires extra measures for IPv6:
>     > https://support.google.com/mail/answer/81126 (scroll down to
>     "Additional
>     > guidelines for IPv6").
>     >
>     > Fixing DKIM might be worthwhile :)
> 
>     But it passes the spf check?? And the reverse lookup is correct.
> 
>     How about I just disable ipv6?
> 
>     Have no idea why dkim doesn't work.
> 
>     >
>     > -Toke
>     > _______________________________________________
>     > Cake mailing list
>     > Cake at lists.bufferbloat.net <mailto:Cake at lists.bufferbloat.net>
>     > https://lists.bufferbloat.net/listinfo/cake
>     >
>     _______________________________________________
>     Cake mailing list
>     Cake at lists.bufferbloat.net <mailto:Cake at lists.bufferbloat.net>
>     https://lists.bufferbloat.net/listinfo/cake
>

More information about the Cake mailing list