DKIM+disclaimer problems after upgrade to mail2 module

I just understand the fact that for a company IF you want to control what is appended to each email, whatever the need, with all possibilities to send an email, even your watch now and tomorrow my glasses, you have to get this feature.

After that you can spend hours to explain how to not use a disclaimer, I prefer to spend it to code the feature.

don’t shoot I’m kidding

2 Likes

You may think disclaimers are not mandatory, some companies think it IS mandatory. In such a case, you, as a sysadmin, are bound to implement such a disclaimer, wheter you agree with it or not.

Disclaimers have very different values over the world. I can only speak for the Netherlands and over here the value of a disclaimer is very limited, if not useless. The main problem in case law, is that there is no mutual agreement on the disclaimer: a disclaimer is always 1 sided. (only from the sender point of view, the receiver never had an option for concent)

1 Like

If your advise for the consulting company is to offer this for the client that way then I wish you good luck in the business. Have a look for the modern business model in this subject and if you find a big company who is not using that future then please let me know.
Like said in the threat all commercial products have this future.
In small companies up to few employees that is not an issue but in large scale environment if you like to go with an idea to persuade your client “your company IT dep can do it for your employees, ah oh ok how many employees do you have?, mmm more then 100, ee not a problem they will achieve that then in just three months, let’s book tickets for your overseas employees to bring their machines to the headquarter”.
Even if the law is not forcing in the country this doesn’t mean that this future can be internal company policy which they are using already.

me too, one day I should drop an email to the postfix mailling list to understand this fact.

Telling customers/users what they should want is rarely a winning strategy. Yes, 99% of the time, the disclaimers are stupid and pointless. They make demands with no authority to support them. They claim protection that simply doesn’t exist. They make demands that simply make no sense (“if you have received this in error, return it to the sender”–why? So you’ll have another copy of the thing you aren’t supposed to have in your sent messages?). But lots of institutional users, especially corporate and government, are convinced they have to have them (and in a few cases, they’re even right), and “every user must add this text to his/her signature manually” really isn’t the same thing. Having something an admin can configure client-side is a little better, but still only works if users are locked into a single client.

Of course not. And when you call the guy who fixes your dishwasher, does he try to tell you the outcome you should want? No, that’s what you tell him. Making it happen is his problem.

I have always said this for a long time

I remain of my idea that the management of the signatures must be done from the mail server.

In this way the signatures follow all the same template with whichever client is used (from the software on the pc to the mobile to the automated documents system sending to the webmail).

Moreover it does not have to go crazy in order to configure to every user the signature on whichever client it is using.

The corporate image is better, signatures more controlled, and less blasphemy for us to pass all the jobs to do changes on the various devices.

It does not seem to me something so peregrine…

There’s my script somewhere in this forum (For me it is under WTFPL v2 license)

Everyone encouraged me to write it down but no one, apart from a person who tried it, took it into consideration or put it on his own.

Can we just done it finish? Ok you have been aware about the issue but in the same time against idea. I indicate this thread incommbality and what is all about? Davide resolve it from coder point of view. It’s done.
give me another project from your list
promise to include you in credentials.
What is going on with you…

What is amazing in this threat that we resolve some incommbality issues for NS against commercial soft.
I will not point it how many of you now change idea in soft development. Davide done work for us. If he pick up some ideas from us he will share.
saitobenkei
I have done this with him.
I put pressure and he put his excellent coding ideas.
DONE
Now we need think if this is solution without alterMIME or we can back to this conversation very soon.

I believe this is we can do it like community. We are doing this for US/ No sale policies, etc.
You have impact in almost every threat hare and all participant appreciate it. If this is really Open Source than no one claim this. This is for community. We have a lot of them around. Major distro Debian ( have a lot of questions about development because distro is so stable that you can fight agains it). I know that we share this project against few time zones. In my opinion is not the way to challenge debian when in the same times use all his libraries

My personal tip.
Hide Debian
How it is even compare to fedor/centos/rhl???

Maybe I will start kind of war for all off us. My First thinking why develop this in to streams? Open source ?fedora/ we can heave a lot of implications who start it.
IN NS project I ask you believe me I know what I’m talking about.
OK NS CentosOS distro no tuning … all you can get is web-adim when you basically can setup all your box. Who is responsible for installation here? You? admin of the new server? “Good way man in the same time, let’s get them admin -> more perversions?”.
Hove you like to explain this scenario?
Don’t beleve that here we have people who is doing dirty work. But in the same time if this is not open gate? “I already get some comment in this community -> educate user” guys relay, how we can make then to not be dick in NET any more…

Sorry for make it confusion but I believe working in the same time

I have a templaete for you interseted?

I have template but of course we can be issolaited

so you lieke my template

Ok,

I don’t have a DKIM domain enabled server but I’ve tested my script with rspamd and it seems to work with a little modification to the template that enable disclaimers on /etc/postfix/master.cf.

More to come…

2 Likes

Ok, I’ve tested my script with a DKIM-enabled domain.

To work correctly (DKIM Pass), it seems that the file that contains the signature in text mode, must be in Windows format: with CR+LF at the end of every line or paragraph.

Edit:

I made some tests with roundcube:
Same mail
If I use my script or the standard disclaimer script and I send a html mail to Gmail, DKIM verification on Google fails.
If I disabled the disclaimer attachment, DKIM is Pass

So it seems the DKIM verification is highly influenced by the client that generates the mail and the altermime manipulation.

1 Like

Ehm…

My understanding of English is far from decent but, frankly, I have not understood anything… :slight_smile:

well I tested by thunderbird and the smtp…need to check it with roundcubemail or sogo

Sorry but I cannot reproduce, both dkim pass with roundcubemail and sogo when sent to gmail

# rpm -qa | grep nethserver-mail
nethserver-mail2-disclaimer-2.2.2-1.ns7.noarch
nethserver-mail2-common-2.2.2-1.ns7.noarch
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail2-server-2.2.2-1.ns7.noarch
nethserver-mail2-filter-2.2.2-1.ns7.noarch

nethserver-mail2-filter-2.2.2-1.1.g803ba19.ns7.noarch
nethserver-mail-smarthost-1.0.1-1.ns7.noarch
nethserver-mail2-disclaimer-2.2.2-1.1.g803ba19.ns7.noarch
nethserver-mail2-server-2.2.2-1.1.g803ba19.ns7.noarch
nethserver-mail2-common-2.2.2-1.1.g803ba19.ns7.noarch

please upgrade

I’ve installed a new machine yesterday, made all updates, then

  yum --enablerepo=nethserver-testing update nethserver-mail2-\*

As Davidep post

Surely I missed something…

Ok, removed nethserver-mail2 packages then reinstalled form software center

nethserver-mail2-filter-2.2.2-1.ns7.noarch
nethserver-mail2-common-2.2.2-1.ns7.noarch
nethserver-mail2-server-2.2.2-1.ns7.noarch
nethserver-mail2-disclaimer-2.2.2-1.ns7.noarch

(but now I don’t have the mail domain panel in the dashboard anymore… mamma mia che scatole…)

all is in the updates repo IIRC no more in testing

check error in the httpd-admin log

I waste less time reinstalling, it’s a test machine :slight_smile:

1 Like

I use one vm per topic…never more. sometime it could bring some problems

1 Like

Clean machine, installed from 7.5 iso, Local LDAP provider, only mail, disclaimer, webtop and roundcube modules installed, updates done.

Only modification I’ve made is the length of DKIM key (because mi DNS provider doesn’t support full length key at the moment)

I made new tests with standard disclaimer module:

There’s my results sending mail to gmail:

Roundcube -> plain text -> pass
Roundcube -> html -> fail

Webtop -> plain text -> pass
Webtop -> html -> fail

Thunderbird (465) -> plain text -> pass
Thunderbird (465) -> html -> pass

Thunderbird (587) -> plain text -> pass
Thunderbird (587) -> html -> pass

I found this very old discussion:
http://postfix.1071664.n5.nabble.com/Re-dkim-altermime-disclaimer-td16573.html

1 Like

Maybe I found a workaround… :wink: