DKIM+disclaimer problems after upgrade to mail2 module


(Pasha) #41

I perfectly agree with this.

I have spent some days to figure out what was wrong with my DKIM failing checks and now the answer has finally come.

The vast majority of users couldn’t care less of adding disclaimers at server level (which can be always added at client level) and DKIM not validated is a serious show-stopper for most big companies like microsoft and apple (try mailing and with a rotten DKIM).

Also, putting “MaximumSignedBytes 1” looks like a good receipt for catastrophic results, as antispam contraints are being made stricter and stricter every day. Imagine a flood of such mails being received, and clearly see the provider mass blacklisting domains in zero time.

So now the question is: waiting for an official correction in 7.5, how can one deactivate the “add disclaimer” feature, considering that, in my case, it was never activated?

Second question: are you sure that is it only that feature that fiddles with DKIM validation?


(Saito Benkei) #42


"Auto Disclaimer is Open Source/Free Software. Customers get the source code. "

So it’s a Open Source/Free Software but, to have the source, you have to pay for it…

(Stefano Zamboni) #43

this is not against GPL, assuming that the code is released with GPL license.

BTW, if I where Nethesis, I’d drop a mail to have some clarifications about license, meaning that if buying the code permits the redistribution (it’s OOSS, they say), we’re done

(Stéphane de Labrusse) #44

I emailed myself, no answer so far, project seems dead.

(Stefano Zamboni) #45

well… for incoming mails the milter filters must be executed since the beginning… for outgoing emails, they should not.
I’m not saying that outgoing mail should not checked against virus, but that the filter to add the disclaimer must be executed before the virus checking.

with something like qpsmtpd in front of postfix it can be made quite easily (SME server, even if using qmail, does so)

(Zimny) #46

Latest update to email2 module did not fix the issue

(Zimny) #47

Home users you mean or in company with several number of users and without strict policy?
In large environment with lot of users is not possible to keep you domain disclaimer under control of employees/end users.
Some companies or government agencies are very strict with their policies.
Users are allowed editing their signatures but newer domain disclaimer.

In this threat that was never considered like a solution.

You can uninstall disclaimer module from your server.

(Giacomo Sanchietti) #48

The released fix just prevent the user to enable DKIM and disclaimer feature at the same time.
It’s not a real fix, just a way to prevent bad configuration.

Sorry, but for now no further development on this part will be done.
But we will gladly review (and eventually merge) any code contribution.

Thank you for reporting the issue!

(Zimny) #49

Very upset to hear that statement from NS developers.
I have already introduce and implemented your soft for several customers. One of them is contractor in software development for UK government and have very strict policies to follow.
You need take more responsibility when implementing some futures and then simply not provide support for it.
If you like to be comparable with other SMB distributions or you need think abut your project like for home users I believe.
Unfortunately I’m not a coder and can’t contribute to this project with my own code.
But I was always much appreciate to this community for knowledge, responsiveness and excellent ideas.
Hope someone will like to be a second alterMIME like open source coder.

(Giacomo Sanchietti) #50

You can still have the disclaimer using a pre-configured web client like WebTop (and probably SOGo and Roundcube can have the same feature).
As an alternative, you can disable the DKIM option (but I’d rather disable the disclaimer).

We will help anyone who want to join the effort!
And who knows, maybe some of our customers will be interested in this feature and we will have a sponsor for it! :smiley:

(Zimny) #51

This is what I’m pointing here.
Looks like people enjoy the project for personal domains and in home labs.
You already provide much more functionality beyond this segment.
My question is the same :sunglasses: where are the ambitious coders when this project looks like the best support community and an example for the others?

(Stéphane de Labrusse) #52

Probably help is not on this side of internet. I would probably go to the postfix mailling list and search/ask why this feature has been stopped.

At the end, miracle is not for today, maybe if you raise money for some months of work for a developer you could have your dream…

(Zimny) #53

I was always amaze with this community. Most responsive, great ideas.
Can’t believe that NS will end up in some job search board.

(Zimny) #54

Ok looks like we need project manager to encourage lazy coders to do something in open source.
If you agree I can be project manager and I will push, and rush all of contributors.

Finally to the community -> who is challenge this (you will provide help in NS, you will have own project and you became famous without any money from it) for me looks great unless you are not linux user.
-> Tracking, checking (coder if you are there and so lazy to do nothing about our project then I will DDoS against you right now :smile:)
Guys lets worm up this community and I believe in you!

(Dan) #55

Personally, I’d be happy to see disclaimers go away entirely. They waste bandwidth, they waste storage space (frequently more in the disclaimer than in the text of the message), and they provide little-to-no actual value. Here’s another lawyer’s take on them:

(Zimny) #56

Thanks for nice thread. Also we have diffrent regulations between USA and the others.

The most common reasons companies include email disclaimers at the bottom of their emails are:

To communicate and protect the confidential nature of the email
In the case of law firms, to communicate that the email may be privileged (subject to attorney-client privilege)
To disclaim the formation of a contract
To assert a copyright in the email contents
To disclaim liability for viruses transmitted by the email
To disclaim a negligent misstatement
To disclaim employer liability for the views of the employee-sender

This is why this future is never missing from commercial distros

But anyway enjoy pretending you provide solutions for business and in the same tame when something is difficult just remove it from distro

Can’t even believe the way your thinking
Looks like all this effort is really about home labs

(Zimny) #57

Waste bandwidth or storage is amazing comment this days. Unless you append full hd 1080p file there
But even then you will save storage when don’t need to copy your movie to every client machine.
Please I’m just the only one who use this soft in larg scale environment?
All the others are enthusiast?

(Dan) #58

I guess you told us.

(Rob Bosch) #59

@zimny, I think you have to consider the fact that we are talking integration of opensource soultions into CentOS. I did do a search but have to conclude there just are no alternatives to alterMIME. We, as a community can do a lot, but not break iron with our hands. It is absolutely no refusal to have the disclaimer implemented. It is currently not possible to do so. Not with DKIM available at the same time.
I think it is a right decision to give DKIM priority over automated disclaimers. The risk of getting on email blacklists because of DKIM lacking, is a bigger annoyance than missing a automated disclaimer.
For now, the quick and dirty solution is going the ‘client’ route: use an automatically added signature with the contents of your proposed disclaimer. I can imagine this can be done through a policy or added through the log-in script when a user logs in.
For NethServer the option of using Webtop or SOGo is another alternative. I understood, there you can add such a disclaimer.

(Stéphane de Labrusse) #60
  • go back to amavisd/spamassassin and add manually dkim
  • Use rspamd/disclaimer and use a smarthost to send the emails
  • Use a commercial product with the disclaimer feature

Several ways, yours is there