I have found mine does whatever it wants. Does not always update, i cant always mark all as read... Mind of its own.
Sat Jan 16 2021 11:53:50 EST from sethmhuris there anyway to tell thunderbird how many messages to download
instead of downloading all of them?
Hi everyone.
I have this error on port 25, on my RaspberryPi.
Unable to connect to the remote host:connection refused.
And the netstat -ntlp | grep 25 shows me this:
tcp 0 127.0.0.1:25 0.0.0.0:* LISTEN 369/msmtpd
Any chance of making it listen on all interfaces? how exacty should I do that? Thanks in advance....
Subject: Spamhaus and domain registrars molest you right from the start ..
A real annoyance and "crime against decent puter users" is when a domain is blacklisted, and then you buy it, not knowing this. But it's YOUR goddam problem now. YOU did all those nasty things you spamming bastard. And applying to get your name "cleared" is a government-like process similar to medieval torture. It's not gonna happen, and is it even worth it?
I learned a lot about these shoddy "systems" while setting up Citadel. Some domains were clean, others so dirty google wouldn't even put them in YOUR spam folder. Like they never existed. [Censorship? Don't get me started.] But I could see them on Thunderbird with my other mail server. Naturally, I despise spam and mailing lists of any kind and wish them the worst. But pointing the finger at someone "new" for someone else's bs is such shite.
That's all, I hope I posted in the right forum :)
Subject: Re: Spamhaus and domain registrars molest you right from the start ..
Here recently my domain got spoofed for a bit. ( long story. My hosting provider didnt lock things down by default, and i didnt know i had to look into all that stuff myself until it was too late. Why it took them decades to find me, i donno ) I'm not 100% blacklisted but there are places i can no longer send mail to.
I have had the domain since you could first register non-governmental names and *had* to deal with 'netsol' to do it. ( and back in the early 90s, god help you if you lost access to email due to being a dumbass and wanted to transfer the domain away to a provider instead of self-host.. another long story. about lost the name )
Entire thing pisses me off
Subject: Re: Spamhaus and domain registrars molest you right from the start ..
Subject: Re: Spamhaus and domain registrars molest you right from the start ..
I took me several attempts to get stuff working right ( with my hosting people i dont know the buttons they pushed )
Fri Dec 10 2021 04:21:04 PM EST from IGnatius T Foobar Subject: Re: Spamhaus and domain registrars molest you right from the start ..After setting up a DMARC record I am beginning to receive reports, but I'm not 100% sure how to read them. If I am reading them correctly, there may actually be spammer scum out in the wild spoofing my domain.
Subject: Re: Spamhaus and domain registrars molest you right from the start ..
It's probably going to be a long effort to get that fixed. In the mean time I had a really important email to send out last week to about a dozen people and, predictably, the half or so who use gmail didn't read it in time because it was in their spam folder.
I miss the good old days when non-savvy people used AOL or Hotmail. Gmail is evil.
Subject: Re: Spamhaus and domain registrars molest you right from the start ..
At least its a step in the right direction.
So i know its basic, but never did understand why it worked.
I have hosted mail. I no longer self host, so its on a remote server, not even on my network. it has all the normal protections : Not a relay SPF, bla bla bla. Run an online test and other than some initial connect speed it passes all checks.
So at home i have several devices. One of them is a PVE server. It will send email notices. It has no local SMTP server. It has no login credentials to my mail server. Yet it can send mail to it..
I understand its spoofing an account on my domain to send to an account on my domain ( its self. ) but why does that still work, with all the protections from above active? Sure, it does not 'hurt' but it is an open door, of sorts, that could be used to spam the hell out of me..
Are you sure you didn't perhaps give your username and password to PVE while configuring the mail server? Then it would log in.
Nope its not even a true login. its just a valid email. i have it setup to forward several email addresses to my real one. But they dont have actual logins. ( common ones like sales, admin, etc ). PVE also does not ask for email login info, or even server, just asks for the admin email to send notices to.
I guess i can call the hosting service later this week as its not an 'emergency'. it passed all the 'checks' i ran. so i would have assumed this wasn't possible either.
Mon Oct 02 2023 13:07:03 EDT from IGnatius T FoobarIf it accepts that, your email server is not configured properly. Otherwise some spammer can come along and just send zillions of messages pretending to be you.
Are you sure you didn't perhaps give your username and password to PVE while configuring the mail server? Then it would log in.
for what its worth this is what i was using to test. That its not a 'true' open proxy again, i wont panic but ill will get a hold of them later.
https://mxtoolbox.com/diagnostic.aspx
So at home i have several devices. One of them is a PVE server. It
will send email notices. It has no local SMTP server. It has no
login credentials to my mail server. Yet it can send mail to it..
That is pretty standard.
Lots of email service appliances don't get pesky about the origin of emails and just process anything they get sent to port 25.
If you are concerned about spoofing you set some DMARC policy. THat is what it is for.
Your PVE is not loging to your mail server or anything. It is just sending a regular email with the integrated postfix if ships with. What your remote email service sees is an email comming from another server addressed to an account the remote server controls.
Right, but i thought with all the stuff they had in place, that would have stopped this too. Its not a HUGE risk since they cant use me as a relay, but i will take some time to close that hole too. Of course if one day i get flooded, that goes on the top of my to-do list..
Wed Oct 18 2023 16:46:39 EDT from darknetuserThat is pretty standard.
Lots of email service appliances don't get pesky about the origin of emails and just process anything they get sent to port 25.
If you are concerned about spoofing you set some DMARC policy. THat is what it is for.
Your PVE is not loging to your mail server or anything. It is just sending a regular email with the integrated postfix if ships with. What your remote email service sees is an email comming from another server addressed to an account the remote server controls.
Right, but i thought with all the stuff they had in place, that would
have stopped this too. Its not a HUGE risk since they cant use me as
a relay, but i will take some time to close that hole too. Of course
Maybe send an email from your hosted email to a main tester and check the headers to learn which stack they are running.
Most modern stacks will respect DMARC, so if you don't want to be flooded by email falselly sent from your domain, just add SPF and DMARC entries to your DNS and you will slash most spoofing down.
If you fear being flooded by random flooders, then I hope your mail host has the usual countermeasures (blacklists, greylisting and the like)
SPF is supposedly setup. Cant say about DMARC, not a mail expert, but i had the hosting people do stuff for me. Hey, i pay my bill, they can help :)
not naming names, but they are a large provider, been around 20 years. I moved to them around 15 years ago, if i remember right.
Wed Oct 18 2023 19:23:51 EDT from darknetuserMaybe send an email from your hosted email to a main tester and check the headers to learn which stack they are running.
Most modern stacks will respect DMARC, so if you don't want to be flooded by email falselly sent from your domain, just add SPF and DMARC entries to your DNS and you will slash most spoofing down.
If you fear being flooded by random flooders, then I hope your mail host has the usual countermeasures (blacklists, greylisting and the like)
Heard on a conference call today:
"VMware employees have to use gmail now!!!1"
No, you silly goose. Now that they're owned by Broadcom they're using Broadcom's email system, which is G-Suite.
That's like saying everyone who uses Microsoft 365 has to use Hotmail now.
Most modern stacks will respect DMARC, so if you don't want to be
flooded by email falselly sent from your domain, just add SPF and DMARC
entries to your DNS and you will slash most spoofing down.
The nice thing about SPF and DMARC is that they can both be implemented without modifying your email server at all. It's purely a DNS play, and that ought to be enough.
Unfortunately it may not be enough. I've spent the last few weeks learning the details of how DKIM works, and writing a DKIM signature engine for Citadel.
It hasn't been easy. I intend to complete this before I do battle with the gmail gestapo again.
So related to all of this stuff...
Seems Bluehost has raised their hosting rates again. Im now paying almost 250 a year for hosting.. wtf.. While i could bring it back home again and seff-host, that is a lot of hassle ( part of why i quit doing it a couple of decades ago ), and these days id also have to go buy an incoming VPN too, or upgrade my fiber to business class ( i may be static, but its still a residential IP subnet ) and will end up close to the same amount i'm sure, so hassle + similar cost = not bother.
Not that 250 a year is going to break the bank or something but just for mail, its silly to pay that much.
Soooo seems im in the market for new mail hosting service that isn't stupid priced. Any suggestions? And im willing to move my domain to them too, as i bet that price got jacked up too. I do NOT need web hosting or any other fun-features beyond being able to edit DNS A records if i move the domain.. its just mail.
Not a real rush, i just renewed for the year as it was going to die Monday, but its on my agenda this summer/fall to decide on an alternative plan.