I just finally refreshed this for my server. These instructions and test reflector were extremely helpful. https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-... sdw On 8/29/16 9:11 PM, Bardi Harborow wrote:

The mail server doesn't appear to use TLS when forwarding mail to subscribers. Additionally you may wish to look at configuring SPF, DKIM and DMARC records.

On Tue, Aug 30, 2016 at 2:36 AM, Greg Newby wrote:

...

As I just wrote, this message should be going out via the *new* server and settings. It's addressed to cypherpunks@lists.cpunks.org, as opposed to the regular address, cypherpunks@cpunks.org

Viva la Resistance! - Greg

On Mon, Aug 29, 2016 at 09:35:04AM -0700, Greg Newby wrote:

...

Dear cpunks subscribers,

As discussed on the list last week, Riad S. Wahby is exiting gracefully from hosting the Cypherpunks list at https://cpunks.org

We have coordinated a transfer of the list to a server I manage, and the configuration appears to be fairly functional. We have put this at cpunks@lists.cpunks.org (versus cpunks@cpunks.org).

I will send a test message to the NEW list momentarily, so subscribers will knoow they are getting both.

Please write back to this list, or directly to me, if you notice any problems or anomalies. The mailman list settings, subscribership, etc. should be the same, except that subscribers since around August 25 are not yet on the new list.

You can check your list settings and view the archives at the new location: https://lists.cpunks.org/

Once everything is confirmed to be functional, we will change from the old list to the new list, and update DNS and server records so the old email address and list URL work on the new location. We've set DNS TTL to expire quickly, once the changeover happens.

Best, Greg

On 8/30/16, Bardi Harborow wrote:

The mail server doesn't appear to use TLS when forwarding mail to subscribers. Additionally you may wish to look at configuring SPF, DKIM and DMARC records.

And it's running a 3yr quite buggy version, including those areas, instead of 2.1.23. http://ftp.gnu.org/gnu/mailman/ http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS

On 09/04/2016 08:28 PM, Bardi Harborow wrote:

The lack of SPF, DKIM and DMARC records, as well as TLS, on the new list is still wreaking havoc with my spam filter. Any chance of a fix? I'd be happy to provide assistance. Yours sincerely,

Bardi Harborow Software Engineer Mobile: +61481816153 Web: bardiharborow.com

I was having some problem with occasional listmail passed thru riseup.net marked as spam on the first day. It appears to have subsided now Rr

I acknowledge the Wurundjeri people, who are the custodians of the land upon which I live and work. I pay respect to their elders past and present.

On Tue, Aug 30, 2016 at 2:11 PM, Bardi Harborow wrote:

...

The mail server doesn't appear to use TLS when forwarding mail to subscribers. Additionally you may wish to look at configuring SPF, DKIM and DMARC records.

On Tue, Aug 30, 2016 at 2:36 AM, Greg Newby wrote:

...

As I just wrote, this message should be going out via the *new* server and settings. It's addressed to cypherpunks@lists.cpunks.org, as opposed to the regular address, cypherpunks@cpunks.org

Viva la Resistance! - Greg

On Mon, Aug 29, 2016 at 09:35:04AM -0700, Greg Newby wrote:

...

Dear cpunks subscribers,

As discussed on the list last week, Riad S. Wahby is exiting gracefully from hosting the Cypherpunks list at https://cpunks.org

We have coordinated a transfer of the list to a server I manage, and the configuration appears to be fairly functional. We have put this at cpunks@lists.cpunks.org (versus cpunks@cpunks.org).

I will send a test message to the NEW list momentarily, so subscribers will knoow they are getting both.

Please write back to this list, or directly to me, if you notice any problems or anomalies. The mailman list settings, subscribership, etc. should be the same, except that subscribers since around August 25 are not yet on the new list.

You can check your list settings and view the archives at the new location: https://lists.cpunks.org/

Once everything is confirmed to be functional, we will change from the old list to the new list, and update DNS and server records so the old email address and list URL work on the new location. We've set DNS TTL to expire quickly, once the changeover happens.

Best, Greg

On Sun, Sep 04, 2016 at 09:10:58PM -0700, Riad S. Wahby wrote:

Bardi Harborow wrote:

...

The lack of SPF, DKIM and DMARC records, as well as TLS, on the new list is still wreaking havoc with my spam filter. Any chance of a fix? I'd be happy to provide assistance.

I'm guessing the big change since we moved the list is TLS.

SPF is already in place.

There's a DKIM pubkey with the selector "email" to which Greg's server (presumably) has the secret. But it is somewhat unusual, as far as I know, for listservs to add their own DKIM signatures when passing mail through; certainly mine never did. Usually the idea is that you check the sender's DKIM, and the listserv should just avoid munging headers so that the signatures can still be checked by the recipient.

Bardi, others: Yes: As mentioned, SPF and DKIM and TLS were confirmed by me to be working. But if they are not, please provide some details on what you are seeing... including, if possible, some way I can demonstrate when it's *not* working.

I'd be surprised if DMARC changes much since I never had it set up either, but of course I could be wrong.

DMARC is not yet configured on the new server, either. The server URL is https://lists.cpunks.org Messages should go to & come from cypherpunks@lists.cpunks.org MX server is mail.pglaf.org (the same server/system, just another hostname). There are a lot of headers for these things in the message envelopes of the messages going out from the liset. - Greg

On 16-08-30 10:26:15, Georgi Guninski wrote:

I would recommend mirroring on mail-archive.com and gmane.org -- they are indexed by google significantly faster than the old list.

AFAIK, gmane is offline [1]. All the best, Georg [1] https://lars.ingebrigtsen.no/2016/07/28/the-end-of-gmane/

"Riad S. Wahby" wrote:

Also, as I promised grarpamp, I will soon publish and sign a copy of my local cypherpunks mbox going back to mid-2013. The previous archive, which contains every message to cypherpunks I've received since sometime in 1999, is now available from: https://web.jfet.org/cpunk/cypherpunks.tar.bz2 https://web.jfet.org/cpunk/cypherpunks.tar.bz2.asc You can find the corresponding PGP key at https://keybase.io/kwantam (or on most public keyservers).

You can find the final archive of all messages since the changeover to mailman in mid-2013 at: https://web.jfet.org/cpunk/cypherpunks_mailman.mbox.gz https://web.jfet.org/cpunk/cypherpunks_mailman.mbox.gz.asc Signed with the same key as above. -=rsw

On Thu, Sep 01, 2016 at 08:36:43PM -0400, grarpamp wrote:

...

will work to sync up the archives so that the split brain we've been

Don't taint the provenance... just as your archive contains only yours, this file should only contain messages from newby's server: https://lists.cpunks.org/pipermail/cypherpunks.mbox/cypherpunks.mbox.gz

You can host your own archives wherever, and people will pick them up and re-host them wherever.

You can blend the html index if you want, because it's just a human interface, not a critical source archive.

People... Don't use procmail, it sucks. Maildrop is better. Don't use mbox, it sucks. Maildir is better.

It's all good. Thanks for the maildrop hint. I'll use Maildir when I'm up to speed with notmuch, but not before - Maildirs are too slow otherwise for me. Finally - can the new cpunks admin please add a standard subscribe/unsubscribe footer? I referred a friend and they got a rejection on subscription request, so I'm thinking they might have tried using the old domain. Sent them the new mailman url.

On Fri, Sep 02, 2016 at 04:10:44AM -0400, grarpamp wrote:

On Fri, Sep 2, 2016 at 3:02 AM, Zenaan Harkness wrote:

...

Finally - can the new cpunks admin please add a standard subscribe/unsubscribe footer?

No. Same goes for list tagging subject. They're apologist crap excuse for crap users that bloats out everyone else. Bad enough correcting their crappy mailiquette, don't make it worse by shoveling more crap on top.

Ack. +1

On 09/02/2016 04:41 AM, Greg Newby wrote:

On Fri, Sep 02, 2016 at 05:02:52PM +1000, Zenaan Harkness wrote:

...

... Finally - can the new cpunks admin please add a standard subscribe/unsubscribe footer? I referred a friend and they got a rejection on subscription request, so I'm thinking they might have tried using the old domain. Sent them the new mailman url.

Mailman inserts all of these nice headers in the message envelope:

List-Id: The Cypherpunks Mailing List List-Unsubscribe: https://lists.cpunks.org/mailman/options/cypherpunks, mailto:cypherpunks-request@lists.cpunks.org?subject=unsubscribe List-Archive: http://lists.cpunks.org/pipermail/cypherpunks/ List-Post: mailto:cypherpunks@lists.cpunks.org List-Help: mailto:cypherpunks-request@lists.cpunks.org?subject=help List-Subscribe: https://lists.cpunks.org/mailman/listinfo/cypherpunks, mailto:cypherpunks-request@lists.cpunks.org?subject=subscribe

So, I don't think a separate footer is needed.

If your friend still has trouble subscribing, they can email me, or owner-cypherpunks@lists.cpunks.org which goes to me.

Also, the old domain redirects (email & Web) to the new domain. So, it should not be possible any more to submit stuff to the old location.

Mailman is set to require a confirmation email, before subscribing. Perhaps that confirmation message wasn't received? If you want, I can grep the mail logs in for the friend's address, if troubles persist.

One difference from the old domain is that greylisting is turned on. I haven't heard of that creating problems, but it is a difference. - Greg

I just took a look at the Wikipedia entry for 'greylisting'. It sounds awful if you're victimized by it. My personal mail from openmailbox to a friend was rejected by yahoo b/c of shit like that and I didn't get a notifcation for three fucking days. Have you ever noted how many good domains are black-holed b/c some asshole fascist relay operator in the midwest says so. How you never get a response to a request to remove you from thise lists., How a 'spammer' could intentionally create a situation that blackholes or graylists a domain? Just sayin'. If it wasn't broke don't 'fix' it.. Rr

On 09/02/2016 08:33 AM, Tom wrote:

Obviously you've never operated an email server.

HEY YOU WIN THE FUCKING PRIZE! I've been victimized by an op though. LOTS of people have. Email relay operators are right in there with the "Official Observers" on amateur radio when it comes to CENSORSHIP. Ofc THEY don't see it that way. Anything else bright you might care to say? Rr

On Fri, Sep 02, 2016 at 08:08:39AM -0700, Razer wrote:

...

I just took a look at the Wikipedia entry for 'greylisting'. It sounds awful if you're victimized by it. My personal mail from openmailbox to a friend was rejected by yahoo b/c of shit like that and I didn't get a notifcation for three fucking days.

Obviously you've never operated an email server. 99% of all emails arriving on any bigger public mail server is spam. Of course you do everything to minimize spam.

Since most spam comes from bot nets which do not implement queueing as required by the RFCs, they are successfully blocked from delivering their spam with greylisting.

Of course this method blocks mails coming from mailservers whose operators are stupid morons and do not properly configure queueing.

So, if you're blocked because someone uses greylisting, don't blame them, but your mail server admin. Or stop using it and look for some service which respects the standards. Or do it yourself.

However - a cypherpunks member whining about email problems? Really?

- Tom

On Fri, Sep 02, 2016 at 05:33:33PM +0200, Tom wrote:

On Fri, Sep 02, 2016 at 08:08:39AM -0700, Razer wrote:

...

I just took a look at the Wikipedia entry for 'greylisting'. It sounds awful if you're victimized by it. My personal mail from openmailbox to a friend was rejected by yahoo b/c of shit like that and I didn't get a notifcation for three fucking days.

Obviously you've never operated an email server. 99% of all emails arriving on any bigger public mail server is spam. Of course you do everything to minimize spam.

Since most spam comes from bot nets which do not implement queueing as required by the RFCs, they are successfully blocked from delivering their spam with greylisting.

Of course this method blocks mails coming from mailservers whose operators are stupid morons and do not properly configure queueing.

I don't remember operating public SMTPD. The issue with spam is just temporary kludge. Queue support via "try again later" is very easy to implement in a bot -- just precompiled qmail or some lightweight SMTPD would do AFAICT. It is just a matter of time till spammers do it. Also, nearly all ISPs have non-negligible amount of users with malware and some of it may send spam via the ISP's SMTPD. It is mystery to me why aren't all ISPs blacklisted. Heard that some Spam Black List operators are fucked up morons, don't know how true is this. As an aside, I know admin who blocked access of all Chinese IPs to SMTP to fight spam (maybe he blocked them totally, not sure).

On 9/2/16 12:02 AM, Zenaan Harkness wrote:

On Thu, Sep 01, 2016 at 08:36:43PM -0400, grarpamp wrote:

...

...

will work to sync up the archives so that the split brain we've been Don't taint the provenance... just as your archive contains only yours, this file should only contain messages from newby's server: https://lists.cpunks.org/pipermail/cypherpunks.mbox/cypherpunks.mbox.gz

You can host your own archives wherever, and people will pick them up and re-host them wherever.

You can blend the html index if you want, because it's just a human interface, not a critical source archive.

People... Don't use procmail, it sucks. Maildrop is better. Don't use mbox, it sucks. Maildir is better.

I still use procmail, a bit, but I don't have a strong opinion there. I always use mbox format. I find it very scalable, although I do roll over to new files every 200MB. Dovecot indexes so well that I'm pretty sure it is faster. Plus, it is likely much faster for backups etc.

It's all good. Thanks for the maildrop hint. I'll use Maildir when I'm up to speed with notmuch, but not before - Maildirs are too slow otherwise for me.

Finally - can the new cpunks admin please add a standard subscribe/unsubscribe footer? I referred a friend and they got a rejection on subscription request, so I'm thinking they might have tried using the old domain. Sent them the new mailman url.

sdw

On 9/9/16 4:11 AM, John Newman wrote:

On Sep 9, 2016, at 3:50 AM, Stephen D. Williams mailto:sdw@lig.net> wrote:

...

On 9/2/16 12:02 AM, Zenaan Harkness wrote:

...

On Thu, Sep 01, 2016 at 08:36:43PM -0400, grarpamp wrote:

...

...

will work to sync up the archives so that the split brain we've been Don't taint the provenance... just as your archive contains only yours, this file should only contain messages from newby's server: https://lists.cpunks.org/pipermail/cypherpunks.mbox/cypherpunks.mbox.gz

You can host your own archives wherever, and people will pick them up and re-host them wherever.

You can blend the html index if you want, because it's just a human interface, not a critical source archive.

People... Don't use procmail, it sucks. Maildrop is better. Don't use mbox, it sucks. Maildir is better.

I still use procmail, a bit, but I don't have a strong opinion there.

I always use mbox format. I find it very scalable, although I do roll over to new files every 200MB. Dovecot indexes so well that I'm pretty sure it is faster. Plus, it is likely much faster for backups etc.

Depends on how fast your filesystem is. I've definitely seen some sloooow load times in mutt with either format (header cache in mutt helps immensely). I'm using maildir at the moment and about a half dozen different mail clients depending on which device is at hand, and performance is acceptable on directories with 3-4K messages.

In a quick check, I have email folders with up to 28,000 messages; up to 15,000 is more typical. In my online email archive altogether, I have just shy of 1 million messages in 713 'folders'. Via: grep '^From:' `find * -type f|egrep -v '[.]cache|[.]log|[.]index'`|wc Thunderbird + Dovecot provides nearly instant access to any email in any folder. Even Squirrelmail works fine.

I stopped using procmail a while back - I like imapfilter. The config file is just lua code. It does require an active connection to your imap server of course....

Sounds interesting. Instead of new automatic filters, I use a Thunderbird plugin that allows me to file messages in 20 folders with just a keystroke. I can process messages as fast as 3 per second. Will eventually add machine learning to that.

The real hassle for me these days is my spamassassin + amavis + clamd has stopped working nearly as well as it used too. But I've been feeding the fuck out of the Bayesian dbs, and tuning a few rules, and it's getting back under control...

Yes, need periodic maintenance and spamassassin --spam updates to make it work reasonably.

John

...

...

It's all good. Thanks for the maildrop hint. I'll use Maildir when I'm up to speed with notmuch, but not before - Maildirs are too slow otherwise for me.

Finally - can the new cpunks admin please add a standard subscribe/unsubscribe footer? I referred a friend and they got a rejection on subscription request, so I'm thinking they might have tried using the old domain. Sent them the new mailman url.

sdw

sdw