Re: Passwords in plain text

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, June 18, 2018 7:10 am, Johnny Hughes wrote:
> On 06/17/2018 11:13 AM, Alice Wonder via CentOS wrote:
>> On 06/17/2018 09:11 AM, Alice Wonder via CentOS wrote:
>>> On 06/17/2018 08:52 AM, Michael Hennebry via CentOS wrote:
>>>> I'm petty sure I messed up attributions, so am deleting them.
>>>>
>>>>>> I believe this is a DMARC issue. Yahoo, among other places, has set
>>>>>> their dmarc records to p=reject:
>>>>
>>>>>> So, if your mail hosting provider enforces dmarc,(gmail does) and
>>>>>> you
>>>>>> get mail from a list that doesn't rewrite the headers, and people
>>>>>> from places like yahoo post to the list, you'll likely get some form
>>>>>> of warning about being being kicked off the mailing list every now
>>>>>> and then. The frequency depends on how often people from p=reject
>>>>>> places post, and what the settings are for bounce handling of the
>>>>>> mailing list in question.
>>>>
>>>>> This is indeed what happened.  An email from yahoo.com.uk caused
>>>>> gmail
>>>>> to reject all the mails sent by that user because of the yahoo DMARC
>>>>> settings.
>>>>
>>>> Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk
>>>> caused every gmail user to have his account disabled.
>>>>
>>>> I'd heard of the DMARC thing with mailing lists before,
>>>> but had not known it enabled single e-mails of mass destruction.
>>>
>>> I run dmarc on my mail server but only in report mode, it doesn't
>>> reject.
>>>
>>> I did it as a test (for years) and am fully convinced that dmarc is
>>> worthless for real world protection.
>>>
>>> Numerous mail lists out there are configured in such a way that dmarc
>>> gets triggered and that just isn't going to change.
>>>
>>> It's a neat idea but it's not backwards compatible with the way SMTP
>>> already works.
>>>
>>> I can not recommend its use. I do recommend mail server software update
>>> if possible to be compatible but I just can not recommend mail servers
>>> enforce dmarc.
>>>
>>> DKIM is a good thing, but dmarc breaks things too badly.
>>>
>>> Even DKIM though is of limited usefulness - it seems the spammer
>>> blacklists don't really care. Even with proper DKIM signature on a
>>> domain with correct reverse DNS set up for years, they will still add
>>> you to the spam blacklist if any other host on your subnet is
>>> identified
>>> as a spammer.
>>>
>>> So even the blacklists don't really utilize this anti-spam anti-spoof
>>> technology, which makes it kind of worthless.
>>>
>>> Using DKIM as one of several factors in spamassassin though is possibly
>>> helpful, though most spammers these days have a validating DKIM sig.
>>>
>>> _______________________________________________
>>
>>
>> Let me put it this way - in the several years of running dmarc is report
>> only mode, over 99% of reported violations are false positives from mail
>> lists.
>>
>> That high of a false positive rate tells me it is broken technology.

Fully agree.

>
> I agree with you .. unfortunately, gmail does not.  They have enabled it
> for gmail users .. so if someone from  yahoo xends a mail from a yahoo
> address, it gets rejected by gmail accounts.  The list setting wrt dmarc
> doesn't matter .. it is totally gmail enabling it.
>
> What our settings do is NOT send the From (as the original sender), if
> the sender is on a domain where dmarc is enabled, so that gmail does not
> reject it.
>
> If it is rejected by gmail .. it causes (eventually) .. not he sender's,
> but the recipient's account on gmail to be disabled by the mailing list
> as non-existent.

I'm surprised no one arrived at conclusion: don't use gmail then.

Valeri

>
> What the change that Brian and I tried to make, and Fabian finally fixed
> :D (thanks Fabian), is to fix that only from doamins that enable dmarc
> (ie, yahoo.* ) so that domains who turn on dmarc as enforcing (ie gmail)
> do not cause rejects of those emails.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux