everyday I look into my Gmail SPAM folder and your mails (sent to CentOS list) are there. Noone else is there but you.
Please finally fix your MX records or whatever is needed. No offence
Greetings from Germany Alex
13 thoughts on - To James B. Byrne
Dear James,
I for one would suggest: just ignore what gmail people are saying about your MX records.
No offense intended. Just moral support meant.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
And ignore the Chrome people getting the certificate warning at https://harte-lyne.ca too ;-)
Of couse I could “explain my Gmail mailbox not move messages” by James –
but I assumed the person sending 3-4 messages daily to this mailing list might be asked to consider to fix his own settings (MX and http certificate).
The Chrome warning for harte-lyne.ca looks dreadful by the way.
Regards Alex
Reindl, you should relax a bit.
I didn’t mean exactly “MX”, just meant a “heads up” to take a look at own configs.
I like how you defend using a broken http cert.
Regards Alex
And out of my childishness again (to contradict anything ;-)… I have no bad feelings about domain that decided no to pay CA for signed Certificate. As somebody mentioned, to keep internet in harmony, these should not be in hands of commercial Certification Authorities, but DNS
authorities instead should be involved here in establishing the chain of trust and identity of domain instance.
Just my $0.01 (plus $0.01 borrowed from somebody else ;-)
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
That’s something different – and I think that the emails as originated by James are probably correct. It is just the versions forwarded by the mailing list that fail gmail’s DMARC test. And in any case, only the site admin can fix these things.
I bit a tired of this too.
James, be the Man and fix your mail server. Or what else.
Greetins from Ukraine (Donetsk).
We operate our own CA. If you ‘TRUST’ us then you can add the the root cert for our CA by visiting http://ca.harte-lyne.ca/CA_HLL_ISSUER_01/ca.crt and accepting the cert (presumably after reading the CP and CPS statements). Then the warning will disappear. If not then you can leave or proceed, accepting the exception permanently or not, as your inclination dictates.
That web site is ancient and was designed for straight http access. It is in the process of revision but that is not in my hands and given past events I
have no expectation of anything changing soon. We have since gone to “https everywhere” and thus the certificate is now an issue. Most of our sites are blocked to outside access or require authentication in any case.
That said, the issue of Trusted certificates is problematic. In my opinion, the present state of the PKI CA’s is in such disarray that anyone that is counting on the ‘Trusted’ CA’s that come pre-installed in browser packages is living in blissful ignorance of the underlying risks presented thereby. Users are rarely aware, or realise the implications, of the fact that any ‘Trusted’
CA can issue a valid certificate for ANY domain. Any browser that ‘Trusts’
that CA will accept any site presenting said certificate as legitimate. This is the singular weakness of imposing a hierarchical requirement on top of a distributed solution. DNSSEC is representative of the alternative approach that I believe eventually will be adopted for all forms of network identities, including email.
Our company policy at the moment does not properly address the Trusted CA
issue either; Other than we have set up and exclusively use our own CA for our own use. I am pushing to have all default trusted roots removed from all user’s browsers and only approved roots added back. This is not feasible at the present time because of the lack of any automated tool (of which I am aware and that is FLOSS) to enforce it.
For that matter, we are still waiting for our registrar to support DNSSEC, for which we have been ready since early 2012 and the .ca. registrar since 2013.
But, the mail server is not broken. It is entirely to RFC specifications. Google decides how to treat the resulting confusion respecting mail forwarded by the CentOS list. Yahoo I understand simply drops it into the bit bucket and the recipient never knows.
Your complaint would be better directed at the consortium of Email providers, including Google and Yahoo, who forced DMARC on the IETF; or rather entirely by-passed the IETF and put this Rube Goldberg hack into play regardless. The people who run mailing lists screamed blue murder but it happened nonetheless.
In any case the fix to this for Mailman already exists. It just needs to be accepted by RedHat and rolled out as an update. I tried to build it myself and succeeded in getting a working version on CentOS6. But, the source package layout does not fit the HFS used by RedHat and I could not deploy it for that reason. Nor could I figure out the patches necessary to restructure the project layout into something resembling HFS. Nor could I figure out the interim changes between the current Mailman version and that shipped with CentOS to back-port the fixes in a systematic way.
I apologise for the number of messages presently originating from me. This one included. Once I get past my ignorance with CentOS7 and can manage on my own I will stop annoying the list with questions and replies.
Yes, that is what I was doing for years too (till we got access to Certs paid by central university IT office). Mostly those who are harassing you on this list seem to have much less knowledge on each of the subjects than you do. It is just my observation. Not that I’m saying everybody using gmail, but, of course, knowledgeable ones do not make any noise. It somehow comes to my mind what I’ve heard once (not intended to offend anyone but if you think about it it carries some wisdom, – for me at least): “Never argue with the fool, or others will not notice any difference between you two”.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
As I said, James, don’t argue with the ones who have no idea what they are talking about (sorry for posting above your reply to him). This particular one did set me off, and the only thing that held me from answering him was the “wisdom” I mentioned in another reply.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
If this is something caused by google and not your own server settings that indicate how to treat forwarders, why doesn’t email originating from gmail have the same issue?
I guess the upside to all these …. feedback is I learnt something about standards, and how futile they can be sometimes.
Yeah we’ve followed the RFCs, yes there’s DMARC serving its own purposes, yes there’s some mangling and yes there’s a fix for it, but if the main party (RH in this case) refuses to budge, shit remains broken. I’m not pointing fingers at anyone but I’m not surprised why we haven’t colonised mars yet.
I personally find it annoying that James is getting stuffed into spam box
_all_ the time, but with all these explanations I’ve gotten I think I got the better end of the bargain.
13 thoughts on - To James B. Byrne
Dear James,
I for one would suggest: just ignore what gmail people are saying about your MX records.
No offense intended. Just moral support meant.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
And ignore the Chrome people getting the certificate warning at https://harte-lyne.ca too ;-)
Of couse I could “explain my Gmail mailbox not move messages” by James –
but I assumed the person sending 3-4 messages daily to this mailing list might be asked to consider to fix his own settings (MX and http certificate).
The Chrome warning for harte-lyne.ca looks dreadful by the way.
Regards Alex
Reindl, you should relax a bit.
I didn’t mean exactly “MX”, just meant a “heads up” to take a look at own configs.
I like how you defend using a broken http cert.
Regards Alex
And out of my childishness again (to contradict anything ;-)… I have no bad feelings about domain that decided no to pay CA for signed Certificate. As somebody mentioned, to keep internet in harmony, these should not be in hands of commercial Certification Authorities, but DNS
authorities instead should be involved here in establishing the chain of trust and identity of domain instance.
Just my $0.01 (plus $0.01 borrowed from somebody else ;-)
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
That’s something different – and I think that the emails as originated by James are probably correct. It is just the versions forwarded by the mailing list that fail gmail’s DMARC test. And in any case, only the site admin can fix these things.
I bit a tired of this too.
James, be the Man and fix your mail server. Or what else.
Greetins from Ukraine (Donetsk).
We operate our own CA. If you ‘TRUST’ us then you can add the the root cert for our CA by visiting http://ca.harte-lyne.ca/CA_HLL_ISSUER_01/ca.crt and accepting the cert (presumably after reading the CP and CPS statements). Then the warning will disappear. If not then you can leave or proceed, accepting the exception permanently or not, as your inclination dictates.
That web site is ancient and was designed for straight http access. It is in the process of revision but that is not in my hands and given past events I
have no expectation of anything changing soon. We have since gone to “https everywhere” and thus the certificate is now an issue. Most of our sites are blocked to outside access or require authentication in any case.
That said, the issue of Trusted certificates is problematic. In my opinion, the present state of the PKI CA’s is in such disarray that anyone that is counting on the ‘Trusted’ CA’s that come pre-installed in browser packages is living in blissful ignorance of the underlying risks presented thereby. Users are rarely aware, or realise the implications, of the fact that any ‘Trusted’
CA can issue a valid certificate for ANY domain. Any browser that ‘Trusts’
that CA will accept any site presenting said certificate as legitimate. This is the singular weakness of imposing a hierarchical requirement on top of a distributed solution. DNSSEC is representative of the alternative approach that I believe eventually will be adopted for all forms of network identities, including email.
Our company policy at the moment does not properly address the Trusted CA
issue either; Other than we have set up and exclusively use our own CA for our own use. I am pushing to have all default trusted roots removed from all user’s browsers and only approved roots added back. This is not feasible at the present time because of the lack of any automated tool (of which I am aware and that is FLOSS) to enforce it.
For that matter, we are still waiting for our registrar to support DNSSEC, for which we have been ready since early 2012 and the .ca. registrar since 2013.
But, the mail server is not broken. It is entirely to RFC specifications. Google decides how to treat the resulting confusion respecting mail forwarded by the CentOS list. Yahoo I understand simply drops it into the bit bucket and the recipient never knows.
Your complaint would be better directed at the consortium of Email providers, including Google and Yahoo, who forced DMARC on the IETF; or rather entirely by-passed the IETF and put this Rube Goldberg hack into play regardless. The people who run mailing lists screamed blue murder but it happened nonetheless.
In any case the fix to this for Mailman already exists. It just needs to be accepted by RedHat and rolled out as an update. I tried to build it myself and succeeded in getting a working version on CentOS6. But, the source package layout does not fit the HFS used by RedHat and I could not deploy it for that reason. Nor could I figure out the patches necessary to restructure the project layout into something resembling HFS. Nor could I figure out the interim changes between the current Mailman version and that shipped with CentOS to back-port the fixes in a systematic way.
I apologise for the number of messages presently originating from me. This one included. Once I get past my ignorance with CentOS7 and can manage on my own I will stop annoying the list with questions and replies.
Yes, that is what I was doing for years too (till we got access to Certs paid by central university IT office). Mostly those who are harassing you on this list seem to have much less knowledge on each of the subjects than you do. It is just my observation. Not that I’m saying everybody using gmail, but, of course, knowledgeable ones do not make any noise. It somehow comes to my mind what I’ve heard once (not intended to offend anyone but if you think about it it carries some wisdom, – for me at least): “Never argue with the fool, or others will not notice any difference between you two”.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
As I said, James, don’t argue with the ones who have no idea what they are talking about (sorry for posting above your reply to him). This particular one did set me off, and the only thing that held me from answering him was the “wisdom” I mentioned in another reply.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
If this is something caused by google and not your own server settings that indicate how to treat forwarders, why doesn’t email originating from gmail have the same issue?
I guess the upside to all these …. feedback is I learnt something about standards, and how futile they can be sometimes.
Yeah we’ve followed the RFCs, yes there’s DMARC serving its own purposes, yes there’s some mangling and yes there’s a fix for it, but if the main party (RH in this case) refuses to budge, shit remains broken. I’m not pointing fingers at anyone but I’m not surprised why we haven’t colonised mars yet.
I personally find it annoying that James is getting stuffed into spam box
_all_ the time, but with all these explanations I’ve gotten I think I got the better end of the bargain.
John