Re: A mail relay server for Debian Members is live
Bastien Roucariès writes: > Le samedi 16 juillet 2022, 21:49:31 UTC Pierre-Elliott Bécue a écrit : > Thanks for this hard work, however it seems that some mail client consider > these mail as invalid, whereas gmail and other verifier service consider ok... > > Any idea for debugging? > > Bastien Hi Bastien; I'm not involved with the service (even as a user), but I am interested in mail clients. Can you be more specific about what is failing and on what client? A sample message is typically needed to debug these things. I'm not sure there is any sensible way to report issues (RT? BTS?) but if someone knows, that would be useful to mention. d
Re: Bug#1017079: ITP: netbox -- WebUI based tool designed to manage and document computer networks
Carsten, It seems like a good project, Tell me if you need on this. Em 13/08/2022 04:59, Carsten Schoenert escreveu: Package: wnpp Severity: wishlist Owner: Carsten Schoenert X-Debbugs-Cc: debian-devel@lists.debian.org * Package name: netbox Version : 3.2.8 Upstream Author : Jeremy Stretch * URL : https://github.com/netbox-community/netbox * License : Apache-2.0 and MIT/X Programming Lang: Python Description : WebUI based tool designed to manage and document computer networks NetBox is a Django based web application, initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers. It encompasses the following aspects of network management: . * Hierarchical regions, site groups, sites, and locations * Racks, devices, and device components * Cables and wireless connections * Power distribution * Data circuits and providers * Virtual machines and clusters * IP prefixes, ranges, and addresses * VRFs and route targets * FHRP groups (VRRP, HSRP, etc.) * AS numbers * VLANs and scoped VLAN groups * Organizational tenants and contacts . In addition to its extensive built-in models and functionality, NetBox can be customized and extended through the use of: . * Custom fields * Custom links * Configuration contexts * Custom model validation rules * Reports * Custom scripts * Export templates * Conditional webhooks * Plugins * Single sign-on (SSO) authentication * NAPALM integration * Detailed change logging . NetBox also features a complete REST API as well as a GraphQL API for easily integrating with other tools and systems. . While NetBox strives to cover many areas of network management, the scope of its feature set is necessarily limited. This ensures that development focuses on core functionality and that scope creep is reasonably contained. To that end, it might help to provide some examples of functionality that NetBox does not provide: . * Network monitoring * DNS server * RADIUS server * Configuration management * Facilities management I plan to maintain netbox within the Debian Python Team ideally together with some more interested people in managing the maintenance. Right now all needed build and binary package dependencies are fulfilled, as NetBox is getting actively developed it constantly bugfixes and new added features which might need new dependencies in the near future which are not packed yet. I'd like to see (if possible) the netbox package within the bookworm release. The NetBox UI is using some comprehensive JS files which are shipped as minimized files. Currently I'm unable to drop the shipped minimized code and rebuild all the needed files from scratch. If possible I'd like to get some help on this, currently netbox will need to go into non-free due the non rebuild-able minimized files. OTOH netbox can't go into main as it requires at least one package from non-free, it requires drf-yasg-nonfree for some Swagger functionality. Regards Carsten
Re: A mail relay server for Debian Members is live
On 17/07/22 3:19 am, Pierre-Elliott Bécue wrote: Dear developers, In the past months, it's been clear that sending mails from an @debian.org address to some mail providers, including GMail, has become harder and harder. While user DKIM feature (documented on [0]) can help, we thought providing a relay server for our users to send their Debian mail was a more long-term solution. Thanks a lot for doing this. I started sending mails using @debian.org address now. If you have any question or issue, please don't hesitate to reach out. I would like to bring up the issue of providers with strict SPF record, for example disroot.org dig -t TXT disroot.org has the relevant line, disroot.org.3600IN TXT "v=spf1 a mx -all" which means people using disroot.org to receive debian.org forwarded mails cannot receive any mails sent from other disroot.org users. I have also seen rejections with some other mail servers with strict SPF enforced. Can we enable SRS [1] on the forwarding mail server to mitigate this? This would also be relevant for @debconf.org aliases too. [1] https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme Cheers! OpenPGP_0x8F53E0193B294B75.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: A mail relay server for Debian Members is live
On Mon, 2022-08-15 at 23:09 +0530, Praveen Arimbrathodiyil wrote: > I would like to bring up the issue of providers with strict SPF > record, for example disroot.org > > dig -t TXT disroot.org has the relevant line, > disroot.org.3600IN TXT "v=spf1 a mx -all" > > which means people using disroot.org to receive debian.org forwarded > mails cannot receive any mails sent from other disroot.org users. I > have also seen rejections with some other mail servers with strict > SPF enforced. > > Can we enable SRS [1] on the forwarding mail server to mitigate this? > This would also be relevant for @debconf.org aliases too. SRS doesn't help with that as it will still look like forged mail. To not look like forged mail, the "From" header field (not the envelope) has to be validated with either DKIM or SPF. disroot.org says this is supposed to be the case for mail from their domain: _dmarc.disroot.org. [...] TXT "v=DMARC1; p=quarantine; adkim=s; aspf=s; [...]" This requirement is not met by SRS, so SRS isn't really useful. You need to ask disroot.org users to: - make sure all their outgoing mail is DKIM-signed, - not send mail forwarded via the BTS (breaks DKIM signatures), - not send mail to @d.o lists that break DKIM signatures (most are fine, but depends on the DKIM-signature). Ansgar
Re: A mail relay server for Debian Members is live
On Aug 15, Ansgar wrote: > To not look like forged mail, the "From" header field (not the > envelope) has to be validated with either DKIM or SPF. disroot.org > says this is supposed to be the case for mail from their domain: Not exactly. DMARC validation requires that at least one of DKIM or SPF is aligned. DKIM validates the 822.From header, while SPF validates the 821.From envelope sender. Forwarding emails does not break DKIM signatures, as long as the signed headers are not modified (and they are not supposed to be, so usually it is fine). Forwarding emails does break SPF, and this is what SRS fixes (by changing the sender domain, so this does not help with DMARC). Mailing lists always break SPF and they may or may not break DKIM depending if they change e.g. the message body or the Subject header. The BTS does both, so after years it is still incompatible with DMARC validation (OTOH, domains which are not phishing targets should not enable DMARC. But we cannot fix other people's systems...). -- ciao, Marco signature.asc Description: PGP signature
