Mailing List Archive

On 9/23/2020 12:46 PM, John Hardin wrote:
> On Wed, 23 Sep 2020, Jerry Malcolm wrote:
>
>> I am sending test emails from one of my hosting environments to
>> another of my hosting environments.  I get this line in the SA report:
>>
>> 1.6 FORGED_MUA_MOZILLA     Forged mail pretending to be from Mozilla
>>
>> I am sending from Thunderbird.  So it's coming from Mozilla. But it
>> is not forged mail pretending to be from Mozilla.
>> What is triggering this?
>
>   meta FORGED_MUA_MOZILLA    (__MOZILLA_MUA && !__UNUSABLE_MSGID &&
> !__MOZILLA_MSGID)
>
> It doesn't believe the Message-ID was generated by Thunderbird. What's
> the message ID?
>
Thanks.  That makes sense.  But it just adds to my problems.   I am
pulling my hair out on trying to get a clean send that gmail, outlook,
and others will accept.  I have an Apache JAMES server. When I send to
mail-tester.com I get a 10 out of 10 clean bill of heath.  But gmail,
outlook, and a bunch of other MTAs won't accept it and bounce it back
(with no reason attached).  I'm hosting on AWS.  So the recommendation
was to proxy my outbound mail through AWS's SES server so it appeared
that the mail came from 'trusted' Amazon.  Now I realize that Amazon
changes the message id, and I get this 'forged' flag.  I'd love to
completely get away from having to launder my mail through SES.  But I'm
at a loss for what else I can do to make MTAs accept mail when
mail-tester says nothing is wrong.  I'm delivering mail for a very large
company where unsuccessful mail delivery to the recipients can be
catastrophic.  Any suggestions to improve my delivery success rate will
be appreciated.

Would it be better if I went through the headers on outbound and removed
headers that referenced Mozilla (or Outlook, or iPhone, or ???) in order
to make the SES message id change not trigger the rule?

Thx

Jerry

>?I'm hosting on AWS.? So the recommendation was to proxy my outbound
mail through AWS's SES server so it :?
> appeared that the mail came from 'trusted' Amazon.?

Ehhh, amazon cloud messages are flagged by us as spam, and some ranges
are even blocked. I would try get a dedicated ip address if you value
your mail.

On 9/23/20 11:46 AM, John Hardin wrote:
> It doesn't believe the Message-ID was generated by Thunderbird. What's
> the message ID?

This piques my interest because I tell Thunderbird to use a custom
Message-ID domain.

Where can I read more about what SpamAssassin thinks is and is not a
Message-ID generated by Thunderbird? (Other than the source code.)



--
Grant. . . .
unix || die

On Wed, 23 Sep 2020, Grant Taylor wrote:

> On 9/23/20 11:46 AM, John Hardin wrote:
>> It doesn't believe the Message-ID was generated by Thunderbird. What's the
>> message ID?
>
> This piques my interest because I tell Thunderbird to use a custom Message-ID
> domain.
>
> Where can I read more about what SpamAssassin thinks is and is not a
> Message-ID generated by Thunderbird? (Other than the source code.)

The rules are available in your local spamassasssin install, or in the
public SVN under two places:

https://svn.apache.org/viewvc/spamassassin/trunk/rules/
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/

The Message-ID rule itself is this:

header __MOZILLA_MSGID MESSAGEID =~ /^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7})\@\S+>$/m

You'll need to be able to understand regular expressions to understand
what it's looking for.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
41 days until the Presidential Election

On Wed, 23 Sep 2020, Jerry Malcolm wrote:

> On 9/23/2020 12:46 PM, John Hardin wrote:
>> On Wed, 23 Sep 2020, Jerry Malcolm wrote:
>>
>>> I am sending test emails from one of my hosting environments to another of
>>> my hosting environments.? I get this line in the SA report:
>>>
>>> 1.6 FORGED_MUA_MOZILLA???? Forged mail pretending to be from Mozilla
>>>
>>> I am sending from Thunderbird.? So it's coming from Mozilla. But it is not
>>> forged mail pretending to be from Mozilla.
>>> What is triggering this?
>>
>> ? meta FORGED_MUA_MOZILLA??? (__MOZILLA_MUA && !__UNUSABLE_MSGID &&
>> !__MOZILLA_MSGID)
>>
>> It doesn't believe the Message-ID was generated by Thunderbird. What's the
>> message ID?
>>
> Thanks.? That makes sense.? But it just adds to my problems.?? I am pulling
> my hair out on trying to get a clean send that gmail, outlook, and others
> will accept.? I have an Apache JAMES server. When I send to mail-tester.com I
> get a 10 out of 10 clean bill of heath.? But gmail, outlook, and a bunch of
> other MTAs won't accept it and bounce it back (with no reason attached).? I'm
> hosting on AWS.? So the recommendation was to proxy my outbound mail through
> AWS's SES server so it appeared that the mail came from 'trusted' Amazon.?

> Now I realize that Amazon changes the message id, and I get this 'forged'
> flag.

It's possible that the rule needs an exception for that case. Would you
zip up a sample for me in private mail, with all headers intact?

> I'm delivering mail for a very large company where unsuccessful mail
> delivery to the recipients can be catastrophic.

So, gmail etc. are rejecting the messages from your James server? Or is
this a broader issue with general email? If you like, you can send some
test messages to me directly and we'll see what happens.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
the Internal Revenue Service has an "impressive history ... of
storing [data] carelessly, leaking data through every possible
conduit, and hiring employees who appear to only marginally prefer
a career in tax collection over knocking over liquor stores."
-- Reason's J.D. Tuccille
-----------------------------------------------------------------------
41 days until the Presidential Election

On 9/23/2020 1:51 PM, Marc Roos wrote:
>>  I'm hosting on AWS.  So the recommendation was to proxy my outbound
> mail through AWS's SES server so it :?
>> appeared that the mail came from 'trusted' Amazon.
> Ehhh, amazon cloud messages are flagged by us as spam, and some ranges
> are even blocked. I would try get a dedicated ip address if you value
> your mail.

Thanks for the info Marc.  But I feel like when I push in one place it
pops out somewhere else.  I do have a fixed IP.  When I was using it
directly (not going through SES), the MTAs that had the courtesy of
bouncing with a reason said the IP address was blacklisted but didn't
say where, even though SpamAssassin and mail-tester.com found no
blacklisting.  I changed to several other fixed IP addresses and got the
same thing.  SA and mail-tester continued to say it's totally clean....
but MTAs kept bouncing the messages, some with the blacklist message and
some with no explanation.  So I went to SES out of desperation.  I'm
getting fewer bounces going through SES than not using it.  But your
comment worries me a lot.  With all of the gyrations I had to go through
to be able to use SES along the monitoring Amazon does with SES, I'm
kinda surprised that it would be flagged as a spam source.

Is there some trick I'm missing?  What do others do when mail keeps
bouncing with no explanation and SA says everything's clean?  There's
got to be a way to make my mail more acceptable. Just give me a fighting
chance to fix whatever is wrong.  But I have to know what is wrong
before I can address it.

Is there a 'right' solution?

Thx

>

On 9/23/20 1:06 PM, John Hardin wrote:
> The rules are available in your local spamassasssin install, or in the
> public SVN under two places:

Thank you for the links.

> The Message-ID rule itself is this:
>
>  header __MOZILLA_MSGID    MESSAGEID =~
> /^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-F\d]{8}\.[A-F1-9][A-F\d]{0,7})\@\S+>$/m

Okay. The regex is really only applying to the left hand side (the
"local part" if you will) of the message id. The right hand side
("domain part") is just looking for more than one not-space character.

> You'll need to be able to understand regular expressions to understand
> what it's looking for.

I'm not great it it, especially PCRE. (I'm more vim & sed.)

But the first part looks like the same format that I see from uuidgen.

8 hexadecimal digits
hyphen
4 hexadecimal digits
hyphen
4 hexadecimal digits
hyphen
4 hexadecimal digits
hyphen
12 hexadecimal digits

I don't recognize the other format:

8 hexadecimal digits
period
0 to 7 not quite hexadecimal digits, missing the zero.

I can tell from that, that the setting in about:config that I'm using
isn't going to be a problem as it is only the right hand ("domain") part
of the Message-ID.



--
Grant. . . .
unix || die

Hi all,

You can check here if you IP is RBL listed: http://multirbl.valli.org
For google is a little bit more complex:
https://www.gmail.com/postmaster/

Most of the time the IPs from AWS are already blacklisted and you cannot
do anything. If you care about your email find another provider with
good IP reputation.

And most important: please set(if not already): SPF,DKIM,DMARC. It might
help your score/trust issues.

---
Best regards,
Iulian Stan


On 2020-09-23 22:22, Jerry Malcolm wrote:
> On 9/23/2020 1:51 PM, Marc Roos wrote:
>>>  I'm hosting on AWS.  So the recommendation was to proxy my outbound
>> mail through AWS's SES server so it :?
>>> appeared that the mail came from 'trusted' Amazon.
>> Ehhh, amazon cloud messages are flagged by us as spam, and some ranges
>> are even blocked. I would try get a dedicated ip address if you value
>> your mail.
>
> Thanks for the info Marc.  But I feel like when I push in one place it
> pops out somewhere else.  I do have a fixed IP.  When I was using it
> directly (not going through SES), the MTAs that had the courtesy of
> bouncing with a reason said the IP address was blacklisted but didn't
> say where, even though SpamAssassin and mail-tester.com found no
> blacklisting.  I changed to several other fixed IP addresses and got
> the same thing.  SA and mail-tester continued to say it's totally
> clean.... but MTAs kept bouncing the messages, some with the blacklist
> message and some with no explanation.  So I went to SES out of
> desperation.  I'm getting fewer bounces going through SES than not
> using it.  But your comment worries me a lot.  With all of the
> gyrations I had to go through to be able to use SES along the
> monitoring Amazon does with SES, I'm kinda surprised that it would be
> flagged as a spam source.
>
> Is there some trick I'm missing?  What do others do when mail keeps
> bouncing with no explanation and SA says everything's clean?  There's
> got to be a way to make my mail more acceptable. Just give me a
> fighting chance to fix whatever is wrong.  But I have to know what is
> wrong before I can address it.
>
> Is there a 'right' solution?
>
> Thx
>
>>

On 9/23/2020 2:11 PM, John Hardin wrote:
> On Wed, 23 Sep 2020, Jerry Malcolm wrote:
>
>> On 9/23/2020 12:46 PM, John Hardin wrote:
>>> On Wed, 23 Sep 2020, Jerry Malcolm wrote:
>>>
>>>> I am sending test emails from one of my hosting environments to
>>>> another of my hosting environments.? I get this line in the SA report:
>>>>
>>>> 1.6 FORGED_MUA_MOZILLA???? Forged mail pretending to be from Mozilla
>>>>
>>>> I am sending from Thunderbird.? So it's coming from Mozilla. But it
>>>> is not forged mail pretending to be from Mozilla.
>>>> What is triggering this?
>>>
>>> ? meta FORGED_MUA_MOZILLA??? (__MOZILLA_MUA && !__UNUSABLE_MSGID &&
>>> !__MOZILLA_MSGID)
>>>
>>> It doesn't believe the Message-ID was generated by Thunderbird.
>>> What's the message ID?
>>>
>> Thanks.? That makes sense.? But it just adds to my problems.?? I am
>> pulling my hair out on trying to get a clean send that gmail,
>> outlook, and others will accept.? I have an Apache JAMES server. When
>> I send to mail-tester.com I get a 10 out of 10 clean bill of heath.?
>> But gmail, outlook, and a bunch of other MTAs won't accept it and
>> bounce it back (with no reason attached).? I'm hosting on AWS.? So
>> the recommendation was to proxy my outbound mail through AWS's SES
>> server so it appeared that the mail came from 'trusted' Amazon.
>
>> Now I realize that Amazon changes the message id, and I get this
>> 'forged' flag.
>
> It's possible that the rule needs an exception for that case. Would
> you zip up a sample for me in private mail, with all headers intact?
>
>> I'm delivering mail for a very large company where unsuccessful mail
>> delivery to the recipients can be catastrophic.
>
> So, gmail etc. are rejecting the messages from your James server? Or
> is this a broader issue with general email? If you like, you can send
> some test messages to me directly and we'll see what happens.
>
I just posted a response to Marc with more details.? But in summary,
before I used SES, I simply had a fixed IP with James' SMTP server.? I
would get bounces about blacklisted IPs (I changed IPs several times
with no change).? I would get bounces from gmail, outlook, ymail, and
various corporate servers, most with no explanation.? Just 'rejected'.?
It wasn't 100%.? But it was bad enough my client was missing business
opportunities.? So I waved the white flag and started to proxy through
SES.? During all of the time of the bounces, both SA and mail-tester
said my mail was clean.

I will send you an email that bypasses SES and a zip of the mail item
that received the Mozilla forged hit.

On 9/23/20 1:22 PM, Jerry Malcolm wrote:
> With all of the gyrations I had to go through to be able to use SES
> along the monitoring Amazon does with SES, I'm kinda surprised that
> it would be flagged as a spam source.

I don't know about SES specific, but I know that a LOT of spam comes out
of the big cloud providers. Both their crap and the crap that some ...
questionable clients send therefrom.

> Is there some trick I'm missing? What do others do when mail
> keeps bouncing with no explanation and SA says everything's clean?
> There's got to be a way to make my mail more acceptable. Just give
> me a fighting chance to fix whatever is wrong. But I have to know
> what is wrong before I can address it.

I'll bet you a drink at your local watering hole that the problem is the
Amazon IP. Likewise with SES.

> Is there a 'right' solution?

If you're very serious about this and willing to spend some money on
this, look into a Co-Lo or circuit provider that will provide a /24 to,
get your own ASN, with WhoIs / SWIP that you can control. Start warming
it up. You'll have a lot of work ahead of you.



--
Grant. . . .
unix || die

On 9/23/2020 2:33 PM, iulian stan wrote:
> Most of the time the IPs from AWS are already blacklisted and you
> cannot do anything.

I'm curious why such a blanket statement.  Why does AWS have such a bad
reputation?  With companies like Netflix and Dropbox using AWS, why are
they considered across-the-board spammers?  I'm also curious why
SpamAssassin and mail-tester doesn't report that my AWS IP is blacklisted.

My client is massively invested in AWS with many servers, databases, and
services unrelated to mail.  Moving to another platform is not an
option.  What is a good 'reputable' 3rd party service that I can use as
a proxy to make sure I have 'clean' mail?

On 9/23/2020 2:38 PM, Grant Taylor wrote:
> On 9/23/20 1:22 PM, Jerry Malcolm wrote:
>> With all of the gyrations I had to go through to be able to use SES
>> along the monitoring Amazon does with SES, I'm kinda surprised that
>> it would be flagged as a spam source.
>
> I don't know about SES specific, but I know that a LOT of spam comes
> out of the big cloud providers.  Both their crap and the crap that
> some ... questionable clients send therefrom.
>
>> Is there some trick I'm missing?  What do others do when mail keeps
>> bouncing with no explanation and SA says everything's clean? There's
>> got to be a way to make my mail more acceptable. Just give me a
>> fighting chance to fix whatever is wrong.  But I have to know what is
>> wrong before I can address it.
>
> I'll bet you a drink at your local watering hole that the problem is
> the Amazon IP.  Likewise with SES.
>
>> Is there a 'right' solution?
>
> If you're very serious about this and willing to spend some money on
> this, look into a Co-Lo or circuit provider that will provide a /24
> to, get your own ASN, with WhoIs / SWIP that you can control. Start
> warming it up.  You'll have a lot of work ahead of you.
>
Grant,

I don't doubt what you are saying.  But if AWS is so horrible and across
the board everyone thinks anything coming from it is spam, SA isn't
flagging it, and mail-tester.com isn't flagging it, and both have pretty
extensive blacklist references (??).  I'm still confused.

>
>

On 9/23/20 1:52 PM, Jerry Malcolm wrote:
> I don't doubt what you are saying.  But if AWS is so horrible and across
> the board everyone thinks anything coming from it is spam, SA isn't
> flagging it, and mail-tester.com isn't flagging it, and both have pretty
> extensive blacklist references (??).  I'm still confused.

I think that Amazon (rightfully) buckets various customers. Bigger
customers tend to get their own buckets. Smaller customers, individuals
like me, end up in a bucket with a bunch of other individuals. I think
it's these latter buckets that have the bad reputation. The other fewer
/ single customer buckets are probably much better.



--
Grant. . . .
unix || die

> On Sep 23, 2020, at 2:52 PM, Jerry Malcolm <techstuff@malcolms.com> wrote:
>
>
> On 9/23/2020 2:38 PM, Grant Taylor wrote:
>> On 9/23/20 1:22 PM, Jerry Malcolm wrote:
>>> With all of the gyrations I had to go through to be able to use SES along the monitoring Amazon does with SES, I'm kinda surprised that it would be flagged as a spam source.
>>
>> I don't know about SES specific, but I know that a LOT of spam comes out of the big cloud providers. Both their crap and the crap that some ... questionable clients send therefrom.
>>
>>> Is there some trick I'm missing? What do others do when mail keeps bouncing with no explanation and SA says everything's clean? There's got to be a way to make my mail more acceptable. Just give me a fighting chance to fix whatever is wrong. But I have to know what is wrong before I can address it.
>>
>> I'll bet you a drink at your local watering hole that the problem is the Amazon IP. Likewise with SES.
>>
>>> Is there a 'right' solution?
>>
>> If you're very serious about this and willing to spend some money on this, look into a Co-Lo or circuit provider that will provide a /24 to, get your own ASN, with WhoIs / SWIP that you can control. Start warming it up. You'll have a lot of work ahead of you.
>>
> Grant,
>
> I don't doubt what you are saying. But if AWS is so horrible and across the board everyone thinks anything coming from it is spam, SA isn't flagging it, and mail-tester.com isn't flagging it, and both have pretty extensive blacklist references (??). I'm still confused.

Jerry,

You’re asking about this in the wrong place, spamassassin is for stopping spam, not helping mail delivery. Hunt up the mailop mailing list and spend some time reading the archives. The problem isn’t that your mail is not clean, it’s that new sending sources often have a hard time getting though to gmail and outlook address. Various discussions on the mailop list may help you understand and work on the issue, but there’s no magic bullet for email delivery to those (or any, really) providers.

-Darrell

ps> unfortunately, their site seems down right now, but you can find some links with a google that should get you started.

On 23 Sep 2020, at 13:22, Jerry Malcolm <techstuff@malcolms.com> wrote:
> the MTAs that had the courtesy of bouncing with a reason said the IP address was blacklisted but didn't say where

This may indicate that the IP address was added to permanently block lists before you got it, or based on your provider, or your country. For example, there are IPs that I finally manually added to my block list years ago and I have never checked if it might be safe to remove them. Also, if your IP is in China or Russia, my mail server will reject your connection as I get no legitimate mail from these countries and much spam.

There are tools to see what the state of you IP address is, but the bounces that you get that say your IP is blacklisted should show the IP that is being checked. I suspect that Ip is not your Malcolms.com IP address, as that one is quite clean. I think you will find the issue is elsewhere.




--
I WILL NOT ENCOURAGE OTHERS TO FLY Bart chalkboard Ep. 7F03

Hi all,

You can check here if you IP is RBL listed: http://multirbl.valli.org
For google is a little bit more complex:
https://www.gmail.com/postmaster/

Most of the time the IPs from AWS are already blacklisted and you cannot
do anything. If you care about your email find another provider with
good IP reputation.

And most important: please set(if not already): SPF,DKIM,DMARC. It might
help your score/trust issues.

---
Best regards,
Iulian Stan


On 2020-09-23 23:22, @lbutlr wrote:
> On 23 Sep 2020, at 13:22, Jerry Malcolm <techstuff@malcolms.com> wrote:
>> the MTAs that had the courtesy of bouncing with a reason said the IP
>> address was blacklisted but didn't say where
>
> This may indicate that the IP address was added to permanently block
> lists before you got it, or based on your provider, or your country.
> For example, there are IPs that I finally manually added to my block
> list years ago and I have never checked if it might be safe to remove
> them. Also, if your IP is in China or Russia, my mail server will
> reject your connection as I get no legitimate mail from these
> countries and much spam.
>
> There are tools to see what the state of you IP address is, but the
> bounces that you get that say your IP is blacklisted should show the
> IP that is being checked. I suspect that Ip is not your Malcolms.com
> IP address, as that one is quite clean. I think you will find the
> issue is elsewhere.

On Wed, 2020-09-23 at 14:46 -0500, Jerry Malcolm wrote:
> On 9/23/2020 2:33 PM, iulian stan wrote:
> > Most of the time the IPs from AWS are already blacklisted and you
> > cannot do anything.
>
> I'm curious why such a blanket statement. Why does AWS have such a bad
> reputation? With companies like Netflix and Dropbox using AWS, why are
> they considered across-the-board spammers? I'm also curious why
> SpamAssassin and mail-tester doesn't report that my AWS IP is blacklisted.
>
> My client is massively invested in AWS with many servers, databases, and
> services unrelated to mail. Moving to another platform is not an
> option. What is a good 'reputable' 3rd party service that I can use as
> a proxy to make sure I have 'clean' mail?

If it's normal transactional mail to people who have agreed to receive it,
just send it through a reputable ESP like Postmark. If your sending domain
itself hasn't been spamming that should be enough to get your mail delivered
fine.

Make sure your DKIM and SPF are setup right before sending.

On 2020-09-23 at 14:46 -0500, Jerry Malcolm wrote:
> My client is massively invested in AWS with many servers, databases,
> and services unrelated to mail. Moving to another platform is not
> an option. What is a good 'reputable' 3rd party service that I can
> use as a proxy to make sure I have 'clean' mail?

How is your client handling their 'normal' mails? An on-premises
server? Microsoft 365 ? G Suite?

Just send these communications through their normal email sending
platform (get a user account and use those credentials to send through
them), benefiting from the reputation their sending IPs already have
for this company mails.

They are totally an online company.? All mail is handled through my server.

On 9/23/2020 5:54 PM, ?ngel wrote:
> On 2020-09-23 at 14:46 -0500, Jerry Malcolm wrote:
>> My client is massively invested in AWS with many servers, databases,
>> and services unrelated to mail. Moving to another platform is not
>> an option. What is a good 'reputable' 3rd party service that I can
>> use as a proxy to make sure I have 'clean' mail?
> How is your client handling their 'normal' mails? An on-premises
> server? Microsoft 365 ? G Suite?
>
> Just send these communications through their normal email sending
> platform (get a user account and use those credentials to send through
> them), benefiting from the reputation their sending IPs already have
> for this company mails.
>
>

> I don't doubt what you are saying.? But if AWS is so horrible and
across the board everyone thinks
> anything coming from it is spam, SA isn't flagging it, and
mail-tester.com isn't flagging it,
> and both have pretty extensive blacklist references (??).? I'm still
confused.

Because they are paying to be whitelisted. Amazon used to be in the top
10 of abuse networks[1]. The only way to get of such a list fast, is
either blocking all outgoing traffic on ports 25,465,587 or pay someone.

I have had to reconfigure spamassassin not to use the whitelists. Sooner
or later more will do this, because what use is a whitelist, if it holds
ip addresses that send out spam?

Furthermore tools can't be trusted that much. I am blocking dns request
from some of those tools. I am even blocking amazon cloud on the web
servers, saves lots of cpu power! This year I am going to advise all
clients (not so many any more, grrrr ;) that if they do not have
robots.txt on their website we are going to put a default one. That one
allows the most common search engines (I certainly do not want to give
google an advantage here).
From a security perspective this is also advisable because hackers are
scanning for old versions, and without such a robot text, I really do
not have good reason to report abuse.

[1]
https://www.spamhaus.org/statistics/networks/

> My client is massively invested in AWS with many servers, databases,
and services unrelated to mail.?
> Moving to another platform is not an option.?

Ever heard of a smart host? (Or at least that is what it is called with
sendmail). First think and then do, you do not have to move anything.

On Wed, 23 Sep 2020 13:47:23 -0500
Jerry Malcolm wrote:


> But gmail, outlook, and a bunch of other MTAs won't accept it and
> bounce it back (with no reason attached).  I'm hosting on AWS.  So
> the recommendation was to proxy my outbound mail through AWS's SES
> server so it appeared that the mail came from 'trusted' Amazon.  Now
> I realize that Amazon changes the message id, and I get this 'forged'
> flag. 

Are you sure about that? It would break threading on most traditional
mail clients.

In your list emails you are DKIM signing Message-Id and sending
directly from AWS. If you are doing the same thing with SES, then
obviously that would break DKIM.

OTOH if you aren't signing Message-Id on the other mail perhaps doing so
would discourage Amazon from overwriting the header.


> Would it be better if I went through the headers on outbound and
> removed headers that referenced Mozilla (or Outlook, or iPhone, or
> ???) in order to make the SES message id change not trigger the rule?

I doubt it would make much difference. Most spam filtering wont have
that rule. And even in SA it was only 1.6.points.

On 9/24/2020 8:17 AM, RW wrote:
> On Wed, 23 Sep 2020 13:47:23 -0500
> Jerry Malcolm wrote:
>
>
>> But gmail, outlook, and a bunch of other MTAs won't accept it and
>> bounce it back (with no reason attached).  I'm hosting on AWS.  So
>> the recommendation was to proxy my outbound mail through AWS's SES
>> server so it appeared that the mail came from 'trusted' Amazon.  Now
>> I realize that Amazon changes the message id, and I get this 'forged'
>> flag.
> Are you sure about that? It would break threading on most traditional
> mail clients.
>
> In your list emails you are DKIM signing Message-Id and sending
> directly from AWS. If you are doing the same thing with SES, then
> obviously that would break DKIM.
>
> OTOH if you aren't signing Message-Id on the other mail perhaps doing so
> would discourage Amazon from overwriting the header.
>
>
>> Would it be better if I went through the headers on outbound and
>> removed headers that referenced Mozilla (or Outlook, or iPhone, or
>> ???) in order to make the SES message id change not trigger the rule?
> I doubt it would make much difference. Most spam filtering wont have
> that rule. And even in SA it was only 1.6.points.
SES adds it's own DKIM signing.  But I did find a horrible problem
directly related to Apache forums when proxying through SES.  I can't
remember the details, but SES changes up something that makes all apache
forums not recognize me.  I ended up having to write a special rule my
outbound JAMES server that "if going to apache.org" don't use SES proxy
gateway.  So these posts to this forum are actually bypassing SES.

I want to thank everyone for the information.  I realize that this
thread has veered way off the topic of SpamAssassin.  I'm getting lots
of useful information from here and other sources. But I'm beginning to
feel like the ball in a pinball machine bouncing around with every new
piece of info.  Can someone recommend a good forum where the topic of
"the best way to send email" is discussed/argued where we can banter
back and forth on the pros and cons of AWS, SES, 3rd party, proxy vs. no
proxy, etc etc etc?  I'm learning a lot. But it's not my desire to make
successfully getting mail to its recipient my new career.  I represent a
totally legitimate business whose success depends on getting account
authorization emails and payment receipts to the intended recipients.
It's a problem I need to solve... but after that, then move on to other
problems.   Is there a good place to hang out and discuss this topic?

Thanks again.

Jerry

On Fri, 25 Sep 2020 17:31:14 -0500
Jerry Malcolm wrote:

> On 9/24/2020 8:17 AM, RW wrote:

> > In your list emails you are DKIM signing Message-Id and sending
> > directly from AWS. If you are doing the same thing with SES, then
> > obviously that would break DKIM.
> >
> > OTOH if you aren't signing Message-Id on the other mail perhaps
> > doing so would discourage Amazon from overwriting the header.
> >
...
> SES adds it's own DKIM signing.


They would still be invalidating the author signature, which isn't good.

If SES is modifying Message-Id, even when it's signed, you should stop
signing that header.


>  But I did find a horrible problem
> directly related to Apache forums when proxying through SES. I can't
> remember the details, but SES changes up something that makes all
> apache forums not recognize me. 

This may be related given that the SPF for malcolms.com doesn't appear
to contain the SES server.