Mailu - Public Room Timeline

	Mailu	1087 Members
	Discussion about the Mailu mail server distribution https://mailu.io - feel free to ask for user support in this room -- See #mailu-dev:tedomum.net for dev discussions on the main project -- See #mailu-helm-chart:make-it.fr for dev discussions on the mailu kubernetes project -- Project-Meeting-Notes: https://github.com/Mailu/Mailu/issues/1582	162 Servers

Load older messages

Sender	Message	Time
29 Sep 2023
nextgens	We should really make configuring mailman easier. Maybe even offer the option to add what's required in setup	14:31:53
3wc ~ they/them	that'd be super. seems like an increasingly common request, maybe related to google's ongoing project to drive google groups into the ground...	14:32:59
nextgens	I am not convinced of the practicality of it though... nowadays with DMARC everywhere... I doubt that ARC signatures of small players are trusted by the big boys	14:34:26
Haley	They are not. Microsoft usually pits me into spam folders. When I talk to the techs, they say it is a personal somain so cannot be trusted	15:00:01
superfly	In reply to @neo:shdw.fr They are not. Microsoft usually pits me into spam folders. When I talk to the techs, they say it is a personal somain so cannot be trusted Same here	15:05:55
3wc ~ they/them	In reply to @nextgens:matrix.org Then you can try to set sign_networks with an override... Mailu will use the first domains' keys for both DKIM and ARC IIRC i have this (trying to set `use_vault = false` because mailu admin won't return a reply for a domain that's not added). `/dkim/...` exists, and the mail is coming from a network listed in `/overrides/dkim_ip.map`. any ideas why it still might not be signing, anything else that needs to be done? `2341edaa290e:/app# cat /overrides/dkim_signing.conf sign_networks = "/overrides/dkim_ip.map"; path = "/dkim/$domain.$selector.key"; use_vault = false;`	15:07:45
3wc ~ they/them	In reply to @nextgens:matrix.org Then you can try to set sign_networks with an override... Mailu will use the first domains' keys for both DKIM and ARC IIRC * i have this (trying to set `use_vault = false` because mailu admin won't return a reply for a domain that's not in "Domains"). `/dkim/...` exists, and the mail is coming from a network listed in `/overrides/dkim_ip.map`. any ideas why it still might not be signing, anything else that needs to be done? `2341edaa290e:/app# cat /overrides/dkim_signing.conf sign_networks = "/overrides/dkim_ip.map"; path = "/dkim/$domain.$selector.key"; use_vault = false;`	15:09:13
nextgens	No, sorry	15:12:43
reforo	Hello good afternoon, I have the installation in a qnap x64, and when I install I get this warning, what do I do?	18:35:04
reforo	Download Screenshot 2023-09-29 at 20-30-07 TS-253A-Qnap.png	18:35:06
reforo	root:disabling hardened-malloc on this cpu	18:35:40
nextgens	nothing, it's just incompatible with that CPU	19:19:14
30 Sep 2023
qg	3wc ~ they/them superfly I think I've found a solution to make mailman DKIM signing work with mailu (make sure to set DMARC mitigation to replace from or envelop and do that conditionless, not sure how the default for new lists can be changed so it doesn't need to be set everytime). Based on the great blog post you mentioned (which seems to be the single complete resource regarding mailu+mailman), the documentation from docker mailman and looking at the mailu source I've used the following for `/container-data/mailu/overrides/postfix/postfix.cf`: # Support the default VERP delimiter. recipient_delimiter = + unknown_local_recipient_reject_code = 550 owner_request_special = no virtual_mailbox_maps = regexp:/opt/mailman-core-data/postfix_lmtp, \${podop}mailbox virtual_mailbox_domains = \${podop}domain transport_maps = regexp:/opt/mailman-core-data/postfix_lmtp, lmdb:/etc/postfix/transport.map, \${podop}transport local_recipient_maps = regexp:/opt/mailman-core-data/postfix_lmtp #relay_domains = regexp:/opt/mailman-core-data/postfix_domains, \${podop}transport Then add domains in mailman as usual and also add it to the mailu mail domains (not the relay domains). Then generate dkim stuff in mailu and add it to the DNS like usual. Also make sure the domain has no wildcard receive (e.g. `%@example.org`) set, but apart from that, mailing lists and "normal" inboxes or aliases can even be intermingled for the same domain (but I prefer to have an extra lists.example.org so it's clearly separated).	09:36:48
qg	Also note that I added the mailman containers to the same docker network that mailu uses and that `relay_domains` in the master.cf mentioned above is commented out.	09:39:47
qg	* Also note that I added the mailman containers to the same docker network that mailu uses and that relay_domains in the postfix.cf mentioned above is commented out.	11:10:40
3wc ~ they/them	In reply to @qg:supercable.onl 3wc ~ they/them superfly I think I've found a solution to make mailman DKIM signing work with mailu (make sure to set DMARC mitigation to replace from or envelop and do that conditionless, not sure how the default for new lists can be changed so it doesn't need to be set everytime). Based on the great blog post you mentioned (which seems to be the single complete resource regarding mailu+mailman), the documentation from docker mailman and looking at the mailu source I've used the following for `/container-data/mailu/overrides/postfix/postfix.cf`: # Support the default VERP delimiter. recipient_delimiter = + unknown_local_recipient_reject_code = 550 owner_request_special = no virtual_mailbox_maps = regexp:/opt/mailman-core-data/postfix_lmtp, \${podop}mailbox virtual_mailbox_domains = \${podop}domain transport_maps = regexp:/opt/mailman-core-data/postfix_lmtp, lmdb:/etc/postfix/transport.map, \${podop}transport local_recipient_maps = regexp:/opt/mailman-core-data/postfix_lmtp #relay_domains = regexp:/opt/mailman-core-data/postfix_domains, \${podop}transport Then add domains in mailman as usual and also add it to the mailu mail domains (not the relay domains). Then generate dkim stuff in mailu and add it to the DNS like usual. Also make sure the domain has no wildcard receive (e.g. `%@example.org`) set, but apart from that, mailing lists and "normal" inboxes or aliases can even be intermingled for the same domain (but I prefer to have an extra lists.example.org so it's clearly separated). that's incredible qg, bless you for posting 🙏 I'm going to excitedly try this out today! ❤️	13:34:48
3wc ~ they/them	meanwhile, following nextgens' hint, i found out how mailman itself can do ARC signing - it seems to be working OK, although struggling to test - and will post what i found today also	13:35:35
3wc ~ they/them	related: anyone know a good tool for testing ARC? i usually use mail-tester.com or mxtoolbox.com to check mail stuff, neither seems to support it	13:36:02
3wc ~ they/them	* related ❓️ anyone know a good tool for testing ARC? i usually use mail-tester.com or mxtoolbox.com to check mail stuff, neither seems to support it	13:36:11
3wc ~ they/them	* related ❓️ anyone know a good tool for testing ARC? i usually use mail-tester.com or mxtoolbox.com to check mail stuff, neither seems to support ARC	13:36:19
nextgens	Just try it out. email one of the lists you host from a domain that has a strict DMARC/reject policy, see what happens	13:44:12
nextgens	* Just try it out. email one of the lists you host from a domain that has a strict DMARC/reject policy, see what happens and whether gmail recipients see the message	13:44:32
nextgens	I'm not 100% sure of how Mailu/rspamd would handle it either	13:45:14
qg	What would be the advantage of ARC as a non big player? I've not read into it in detail, but it doesn't really seem beneficial for our small setups.	14:08:06
nextgens	You need it to operate a mailing list; without you can't "impersonate" another domain if it is DMARC protected	16:11:28
nextgens	It's also useful when you forward emails and why Mailu signs everything with it	16:12:04
qg	In reply to @nextgens:matrix.org You need it to operate a mailing list; without you can't "impersonate" another domain if it is DMARC protected But the recipient would need to trust the mailing list operator? I've given up on impersonating as this is almost certain a guarantee for being classified as spam or being plain rejected. Changing from is not ideal, but it just works™.	16:36:39
qg	In reply to @nextgens:matrix.org It's also useful when you forward emails and why Mailu signs everything with it So this is not something that needs to be set up and works out of the box with mailu?	16:37:07
nextgens	well that's the whole idea: you build trust as a mailing list operator with your ARC key	16:37:23
qg	Somehow I doubt that works with only around 25 people on 16 different domains and only a very low mail volume.	17:01:36

There are no newer messages yet.

Back to Room ListRoom Version: