#SMTP

New blog post: Why every organization should enable DANE https://davestork.nl/why-every-organization-should-enable-dane/
#security #SMTP #mail #MSExchange #Microsoft365 #DNSSEC #AzureDNS

New blog post: Why every organization should enable DANE https://davestork.nl/why-every-organization-should-enable-dane/
#security #SMTP #mail #MSExchange #Microsoft365 #DNSSEC #AzureDNS

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Introducing #Upyo!

A simple, cross-runtime email library that works seamlessly on #Deno, #Node.js, #Bun, and edge functions. Zero dependencies, unified API, and excellent testability with built-in mock transport.

Switch between #SMTP, #Mailgun, #SendGrid without changing your code. Available on #JSR & #npm!

https://upyo.org/

Remember the threads¹² about #LetsEncrypt removing a crucial key usage from certificates issued by them in predictive obedience to their premium sponsor Google?

We were at first concerned about #SMTP. While I had lived through this problem with #StartSSL by #StartCom back in 2011, I only had a vague recollection of Jabber but recalled in detail that it broke server-to-server SMTP verification (whether the receiving server acted on it or just documented it).

Well, turns out someone now reported that it indeed breaks #XMPP entirely: https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427/66

This means that it will soon no longer be possible at all to operate Jabber (XMPP) servers because the servers use the operating system’s CA certificate bundle for verification, which generally follows the major browsers’ root stores, which has requirements from the CA/Browser forum who apparently don’t care about anything else than the webbrowser, and so no CA whose root certificate is in that store will be allowed to issue certificates suitable for Jabber/XMPP server-to-server communication while these CAs are the only ones trusted by those servers.

So, yes, Google’s requirement change is after all breaking Jabber entirely. Ein Schelm, wer Böses dabei denkt.

While https://nerdcert.eu/ by @jwildeboer would in theory help, it’s not existent yet, and there’s not just the question of when it will be included in operating systems’ root CA stores but whether it will be included in them at all.

Google’s policy has no listed contact point, and the CA/B forum isn’t something mere mortals can complain to, so I’d appreciate if someone who can, and who has significant skills to argument this in English and is willing to, to bring it to them.

① mine: https://toot.mirbsd.org/@mirabilos/statuses/01JV8MDA4P895KK6F91SV7WET8
② jwildeboer’s: https://social.wildeboer.net/@jwildeboer/114516238307785904

Remember the threads¹² about #LetsEncrypt removing a crucial key usage from certificates issued by them in predictive obedience to their premium sponsor Google?

We were at first concerned about #SMTP. While I had lived through this problem with #StartSSL by #StartCom back in 2011, I only had a vague recollection of Jabber but recalled in detail that it broke server-to-server SMTP verification (whether the receiving server acted on it or just documented it).

Well, turns out someone now reported that it indeed breaks #XMPP entirely: https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427/66

This means that it will soon no longer be possible at all to operate Jabber (XMPP) servers because the servers use the operating system’s CA certificate bundle for verification, which generally follows the major browsers’ root stores, which has requirements from the CA/Browser forum who apparently don’t care about anything else than the webbrowser, and so no CA whose root certificate is in that store will be allowed to issue certificates suitable for Jabber/XMPP server-to-server communication while these CAs are the only ones trusted by those servers.

So, yes, Google’s requirement change is after all breaking Jabber entirely. Ein Schelm, wer Böses dabei denkt.

While https://nerdcert.eu/ by @jwildeboer would in theory help, it’s not existent yet, and there’s not just the question of when it will be included in operating systems’ root CA stores but whether it will be included in them at all.

Google’s policy has no listed contact point, and the CA/B forum isn’t something mere mortals can complain to, so I’d appreciate if someone who can, and who has significant skills to argument this in English and is willing to, to bring it to them.

① mine: https://toot.mirbsd.org/@mirabilos/statuses/01JV8MDA4P895KK6F91SV7WET8
② jwildeboer’s: https://social.wildeboer.net/@jwildeboer/114516238307785904

Hi @delta 👋

I am making updates to https://delightful.coding.social/delightful-activitypub-development and bumped into this interesting #SMTP to #ActivityPub proof of concept. Just a heads-up to make you aware, in case it is interesting for #DeltaChat in some way or other.

https://apubtest2.srcbeat.com/apas.html

@rl_dane @ShinjiLE if you or someone else wants to help argue, the thread is at https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427 (Discourse, so JS webbrowser), I’m exhausted.

#LetsEncrypt #SSL #TLS #certificates #X509 #X509v3 #sendmail #SMTP #XMPP #Jabber

System Administration

Week 8, The Simple Mail Transfer Protocol, Part III

In this video, we look at ways to combat Spam. In the process, we learn about email headers, the Sender Policy Framework (#SPF), DomainKeys Identified Mail (#DKIM), and Domain-based Message Authentication, Reporting and Conformance (#DMARC). #SMTP doesn't seem quite so simple any more...

https://youtu.be/KwCmv3GHGfc

#SysAdmin #SRE #DevOps

System Administration

Week 8, The Simple Mail Transfer Protocol, Part II

In this video, we observe the incoming mail on our MTA, look at how STARTTLS can help protect information in transit, how MTA-STS can help defeat a MitM performing a STARTTLS-stripping attack, and how DANE can be used to verify the authenticity of the mail server's certificate.

https://youtu.be/RgEiAOKv640

#SysAdmin #SRE #DevOps #smtp #tls

System Administration

Week 8, The Simple Mail Transfer Protocol

In this video, we begin our discussion of E-Mail by looking at the components of the larger mail system (the Mail User Agent, Mail Transfer Agent, Mail Delivery Agent, Access Agent); we observe the packets involved in a simple #SMTP exchange and track an email from one system to the other, both through the logs and on the wire, before we then learn to speak SMTP via telnet(1).

https://youtu.be/Ai8rjqelwsI

#SysAdmin #DevOps #SRE

I thought I had seen it all when it comes to mail delivery and security issues.

But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.

Yes, that for every single message.

#exchange #smtp #email #security

I thought I had seen it all when it comes to mail delivery and security issues.

But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.

Yes, that for every single message.

#exchange #smtp #email #security

The Problem Isn't Email, It's Microsoft Exchange -- it turns out my 2011-vintage rant still rings true, now also available trackerless: https://nxdomain.no/~peter/the_problem_isnt_email_its_microsoft_exchange.html #inefficiency #timewasted #email #archiving #microsoft #exchange #compliance #deduplication #unsolvedproblems #smtp #mail #annoyances

The Problem Isn't Email, It's Microsoft Exchange -- it turns out my 2011-vintage rant still rings true, now also available trackerless: https://nxdomain.no/~peter/the_problem_isnt_email_its_microsoft_exchange.html #inefficiency #timewasted #email #archiving #microsoft #exchange #compliance #deduplication #unsolvedproblems #smtp #mail #annoyances

Announcing Email-Simplified (and Flask-Email-Simplified), a library for creating and sending email in Python. I blogged about it here: https://davidism.com/email-simplified/

Sets up TLS trust correctly, handles international domains, HTML with inline attachments, converting to/from MIME. Works in plain Python, has an API for integrating with frameworks, and an API for writing new service providers in addition to the built-in SMTP provider. And much more! #python #email #smtp

TIL: JMAP, to replace IMAP

https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol

💬 "The JSON Meta Application Protocol (JMAP) is a set of related open Internet Standard protocols for handling email.

[...] using JSON APIs over HTTP

[...] developed as an alternative to IMAP/SMTP

[...] potential replacements for CardDAV and CalDAV"

#jmap #imap #smtp

Preventing enshittification of platforms rests on credible exit for users and devs. #ActivityPub and #SMTP are not perfect but

a) are implemented und understood by many players,

b) enable freedom of choice of servers and clients,

c) implement #RightToMigrate as well as self/community custody

Many #p2p projects promise to remove servers but often promote and depend on a single implementation stack, have no spec and no interop among #p2p islands, and thus struggle to provide credible exit.

Preventing enshittification of platforms rests on credible exit for users and devs. #ActivityPub and #SMTP are not perfect but

a) are implemented und understood by many players,

b) enable freedom of choice of servers and clients,

c) implement #RightToMigrate as well as self/community custody

Many #p2p projects promise to remove servers but often promote and depend on a single implementation stack, have no spec and no interop among #p2p islands, and thus struggle to provide credible exit.

Preventing enshittification of platforms rests on credible exit for users and devs. #ActivityPub and #SMTP are not perfect but

a) are implemented und understood by many players,

b) enable freedom of choice of servers and clients,

c) implement #RightToMigrate as well as self/community custody

Many #p2p projects promise to remove servers but often promote and depend on a single implementation stack, have no spec and no interop among #p2p islands, and thus struggle to provide credible exit.

Preventing enshittification of platforms rests on credible exit for users and devs. #ActivityPub and #SMTP are not perfect but

a) are implemented und understood by many players,

b) enable freedom of choice of servers and clients,

c) implement #RightToMigrate as well as self/community custody

Many #p2p projects promise to remove servers but often promote and depend on a single implementation stack, have no spec and no interop among #p2p islands, and thus struggle to provide credible exit.

My google foo is failing me. So lets ask here.

Is there a drop-in replacement for the /usr/bin/sendmail binary that:

* accepts the same parameters as the orignal
* can directly deliver mails to the recipient's SMTP server without an intermediary SMTP server
* can optionally be configured via environment variables to send mails via a relay server
* does NOT listen to any ports, interaction via CLI only

I feel like this should be easy to write in Go but I can't find anything suitable.

#askfedi #linux #smtp #golang #boostwelcome

I'm having a weird experience with SMTP.

✅When I'm sending email through thunderbird
✅ When I'm using mullvad with msmtp
❌proxy (v2ray) + msmtp
❌go-graft (v2ray) + msmtp
❌direct + msmtp
❌emacs mu4e SMTP client

They all fail with TLS handshake timeout.
Weird as shit.

#smtp #msmtp #migadu

J'ai pas forcément fait la liste exhaustive de tous les outils, mais si vous en avez que vous appréciez pour ce type de travaux, je suis preneur de vos retours ! Notamment si il y a un endroit où les formulaires de delist sont listés, pour les "gros" acteurs du mail...

Et n'oubliez pas :

> le mail c'est le turfu

#smtp #email #postal #spam #phishing

Tout cela est "gratuit" bien évidemment. Coté trucs payants (je vous laisse nommer ce type de pratique) :

💸

Chez Outlook, pas de "allow list", mais (le gros MAIS), vous pouvez aller payer chez "Return Path Inc." qui s'appelle à présent Validity / Everest : https://www.validity.com/everest/

Chez UCEProtect https://www.uceprotect.net/en/rblcheck.php ils ont 3 niveaux de listes : par IP, par subnet, par AS. Pour retirer un AS c'est payant ... j'imagine que le level3 est peu utilisé.

#email #deliverability #spam #smtp

🟠 Sur Orange en ce moment il semblerait qu'ils utilisent un service qui s'appelle Abusix https://lookup.abusix.com/ permet de vérifier ses IPs et ensuite on peut créer un compte pour les delister.

Chez Microsoft il y a aussi https://sender.office.com/ pour une IP et autre formulaire plus long https://olcsupport.office.com/ pour créer un ticket.

Je crois que https://senderscore.org/ peut être utile aussi.

Coté Yahoo, il y a la possibilité de créer un ticket https://senders.yahooinc.com/contact/

#smtp #email

Si vous voulez plus d'outils pour tester les mails sortants, @bortzmeyer a fait une excellente liste sur son blog :

https://www.mail-tester.com/

là on rajoute plein de tests pour SPF, DKIM, DMARC etc.

Pour se familiariser avec ces concepts je trouve que les articles de CloudFlare sont bien faits https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/

#spf #dkim #dmarc #email #smtp

Coté outils pour s'assurer que les mails sont bien formés et que la configuration DNS est bien, il y a bien évidemment l'incontournable MXToolbox

https://mxtoolbox.com/

Qui fait aussi des vérifications sur les blacklist accessoirement.

#smtp #dns #mx #mxtoolbox

Coté black list monitoring on utilise HetrixTools

https://hetrixtools.com/

Ça permet de faire un check toutes les 24h sur le fait que les IPs sortantes des serveurs SMTP sont pas listées dans des listes de mauvaise réputation.

Par exemple SpamHaus https://check.spamhaus.org/

Et si c'est le cas, t'as un lien vers le formulaire de delisting

#smtp #mail #spam

On utilise Postal pour que les applications envoient leur mail

https://docs.postalserver.io/

C'est du libre, en ruby, le projet est plutôt chouette avec une interface web pour gérer. Ils répondent plutôt bien sur les suggestions et anomalies sur github...

#email #postal #smtp