DKIM+disclaimer problems after upgrade to mail2 module


(Davide Principi) #93

There are some packages in nethserver-testing now!

Please @zimny, you lobbied for this fix: now it’s time to test! Run the following commands

  yum --enablerepo=nethserver-testing update nethserver-mail2-\*

Please @saitobenkei, give it a spin too: if this issue is verified, you can easily expand the solution and create personal signatures from it :wink:

Other people interested? Please step in! /cc @quality_team @danb35 @GG_jr

(Davide Principi) #94

@stephdl found an issue. Patch added, download the new RPMs from nethserver-testing

 yum --enablerepo=nethserver-testing update nethserver-mail2-\*

(Zimny) #95

Hi Davide,

Sorry but not able to do the check earlier.
Can confirm that in all my cases the issue is resolved.
DKIM verified, excellent work!

(Zimny) #96

Davide do you think this is permanent fix or we get in to it again when altermime will gone from repo?

(Davide Principi) #97

As we got multiple confirmations that the problem is solved the fix is going to be released: in this way – yes – the fix is permanent.

The altermime package comes from RHEL/CentOS repositories. As the alterMIME project is dead since years everything depends on RHEL choices. I expect they’ll go on with it at least for the 7 lifecycle.

Altermime sends SIGSEGV sometimes, and is a dead project. The reason to still work on it for mail2 is providing backward compatibility and a smooth upgrade path. As said by the docs, new implementations shouldn’t use it at all. They should go to a client-based solution instead, which one I don’t know (maybe windows users can centralize the setup with GPOs?).

Let’s ask the @webtop_team: any improvement to disclaimer by your side?

(Luca Gasparini) #98

Currently in the WebTop 5 roadmap it is not planned to implement any option that allows to add an automatic client-side disclaimer.

We will evaluate with the other components of the @webtop_team if something can be done in the future :thinking:

(Stefano Zamboni) #99

with sogo it can be fully automated during the user creation/editing event (at neast on SME, dunno here)

(Saito Benkei) #100

If I found the option to add the disclaimer (it is disappeared) I could also try…

(Rob Bosch) #101

If the future is ‘client side disclaimer’ then there is not really a need to do this from NS, is it? Every mail client has the option to add a signature.
But I acknowledge that from an admin’s perspective, clientside disclaimer is a pain in the behind.
Frankly, I am quite surprised there are next to no opensource solutions for such a (common) feature.

(Stefano Zamboni) #102

I’d say that signatures are welcome, disclaimers are useless and a real PITA and, AFAIK, not mandatory

(Stéphane de Labrusse) #103

Yep but present on all major commercial products, after that sure you are free to go to exchange :’(

(Stefano Zamboni) #104

Mate, it’s a matter of marketing, not a technical issue

if disclaimers are not mandatory, don’t use them, full stop.
and, as a consultant, tell your customer that a very long disclaimer attacched to every email is useless…
people (customers in primis) must be educated… following their ideas is totally wrong… or are you saying that when you have at home the guy that fixes your dishwasher you tell him how to do it?

(Stéphane de Labrusse) #105

I just understand the fact that for a company IF you want to control what is appended to each email, whatever the need, with all possibilities to send an email, even your watch now and tomorrow my glasses, you have to get this feature.

After that you can spend hours to explain how to not use a disclaimer, I prefer to spend it to code the feature.

don’t shoot I’m kidding

(Rob Bosch) #106

You may think disclaimers are not mandatory, some companies think it IS mandatory. In such a case, you, as a sysadmin, are bound to implement such a disclaimer, wheter you agree with it or not.

Disclaimers have very different values over the world. I can only speak for the Netherlands and over here the value of a disclaimer is very limited, if not useless. The main problem in case law, is that there is no mutual agreement on the disclaimer: a disclaimer is always 1 sided. (only from the sender point of view, the receiver never had an option for concent)

(Zimny) #107

If your advise for the consulting company is to offer this for the client that way then I wish you good luck in the business. Have a look for the modern business model in this subject and if you find a big company who is not using that future then please let me know.
Like said in the threat all commercial products have this future.
In small companies up to few employees that is not an issue but in large scale environment if you like to go with an idea to persuade your client “your company IT dep can do it for your employees, ah oh ok how many employees do you have?, mmm more then 100, ee not a problem they will achieve that then in just three months, let’s book tickets for your overseas employees to bring their machines to the headquarter”.
Even if the law is not forcing in the country this doesn’t mean that this future can be internal company policy which they are using already.

(Stéphane de Labrusse) #108

me too, one day I should drop an email to the postfix mailling list to understand this fact.

(Dan) #109

Telling customers/users what they should want is rarely a winning strategy. Yes, 99% of the time, the disclaimers are stupid and pointless. They make demands with no authority to support them. They claim protection that simply doesn’t exist. They make demands that simply make no sense (“if you have received this in error, return it to the sender”–why? So you’ll have another copy of the thing you aren’t supposed to have in your sent messages?). But lots of institutional users, especially corporate and government, are convinced they have to have them (and in a few cases, they’re even right), and “every user must add this text to his/her signature manually” really isn’t the same thing. Having something an admin can configure client-side is a little better, but still only works if users are locked into a single client.

Of course not. And when you call the guy who fixes your dishwasher, does he try to tell you the outcome you should want? No, that’s what you tell him. Making it happen is his problem.

(Saito Benkei) #110

I have always said this for a long time

I remain of my idea that the management of the signatures must be done from the mail server.

In this way the signatures follow all the same template with whichever client is used (from the software on the pc to the mobile to the automated documents system sending to the webmail).

Moreover it does not have to go crazy in order to configure to every user the signature on whichever client it is using.

The corporate image is better, signatures more controlled, and less blasphemy for us to pass all the jobs to do changes on the various devices.

It does not seem to me something so peregrine…

There’s my script somewhere in this forum (For me it is under WTFPL v2 license)

Everyone encouraged me to write it down but no one, apart from a person who tried it, took it into consideration or put it on his own.

(Zimny) #119

Can we just done it finish? Ok you have been aware about the issue but in the same time against idea. I indicate this thread incommbality and what is all about? Davide resolve it from coder point of view. It’s done.
give me another project from your list
promise to include you in credentials.
What is going on with you…

What is amazing in this threat that we resolve some incommbality issues for NS against commercial soft.
I will not point it how many of you now change idea in soft development. Davide done work for us. If he pick up some ideas from us he will share.
I have done this with him.
I put pressure and he put his excellent coding ideas.
Now we need think if this is solution without alterMIME or we can back to this conversation very soon.

I believe this is we can do it like community. We are doing this for US/ No sale policies, etc.
You have impact in almost every threat hare and all participant appreciate it. If this is really Open Source than no one claim this. This is for community. We have a lot of them around. Major distro Debian ( have a lot of questions about development because distro is so stable that you can fight agains it). I know that we share this project against few time zones. In my opinion is not the way to challenge debian when in the same times use all his libraries

My personal tip.
Hide Debian
How it is even compare to fedor/centos/rhl???

Maybe I will start kind of war for all off us. My First thinking why develop this in to streams? Open source ?fedora/ we can heave a lot of implications who start it.
IN NS project I ask you believe me I know what I’m talking about.
OK NS CentosOS distro no tuning … all you can get is web-adim when you basically can setup all your box. Who is responsible for installation here? You? admin of the new server? “Good way man in the same time, let’s get them admin -> more perversions?”.
Hove you like to explain this scenario?
Don’t beleve that here we have people who is doing dirty work. But in the same time if this is not open gate? “I already get some comment in this community -> educate user” guys relay, how we can make then to not be dick in NET any more…

Sorry for make it confusion but I believe working in the same time

I have a templaete for you interseted?

I have template but of course we can be issolaited

so you lieke my template

(Saito Benkei) #120


I don’t have a DKIM domain enabled server but I’ve tested my script with rspamd and it seems to work with a little modification to the template that enable disclaimers on /etc/postfix/

More to come…