Mailing List Archive

Hi Thomas,

On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote:
> I built email servers for a non-profit I volunteer for. If email comes into
> the server for president@myassociation.org, I would normally just create an
> alias in /etc/aliases so that emails to president@ get forwarded to the
> president's "real" email address, say presidents_real_email@gmail.com.

This causes your server to pass on email without changing envelope
sender, so your server is purporting to be whoever the email is
originally from. Any email authentication measure working on the
envelope sender, such as SPF, will then fail, as your server is
indistinguishable from a random host forging the original sender's
domain.

> How can I make this work? Is there a good way to use something like
> /etc/aliases to forward emails to the domain I manage to another recipient?
> Or is there something better I can do?

You need to give up on /etc/aliases for external routing of email
unless you control all the original sender domains and can for
example add your server IPs to its authentication mechanisms (e.g.
SPF).

Since you probably can't do that for any recipient domain that
expects to receive Internet email, you need to either:

- Implement Sender Rewriting Scheme (SRS) so that your server takes
responsibility for forwarded emails with its own envelope sender.
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

Or:

- Have your users collect their your-org email by some means other
than SMTP, such as running an IMAP server and having them view
both their gmail mailbox and their your-org inbox in one place (I
have no idea if that is feasible with gmail).

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

"Thomas Cameron via users" <users@spamassassin.apache.org> writes:

> I built email servers for a non-profit I volunteer for. If email comes
> into the server for president@myassociation.org, I would normally just
> create an alias in /etc/aliases so that emails to president@ get
> forwarded to the president's "real" email address, say
> presidents_real_email@gmail.com.
>
> The problem is, when I send email to president@myassociation.org,
> gmail rejects the forwarded email because it appears to come from my
> personal domain, not the mythical myassociation.org domain. DKIM,
> DMARC, and SPF all fail, which I totally understand.

Why does DKIM fail? You said there is an /etc/aliases alias, but you
did not say that you modified the message. Basically you should never
modify messages.

> How can I make this work? Is there a good way to use something like
> /etc/aliases to forward emails to the domain I manage to another
> recipient? Or is there something better I can do?

I think the advice to set up IMAP and submission is wise. I realize
this may be a small non-profit, but company mail belongs on company
servers, and personal mail on personal servers. With IMAP and
submission, your president can have their outgoing email be
president@myassociation.org, DKIM signed, with an SPF record, and even
DMARC. If someone writes and gets a reply from a random gmail account,
that is at best confusing.

On 1/2/2024 5:24 PM, Thomas Cameron via users wrote:
>
> The problem is, when I send email to president@myassociation.org,
> gmail rejects the forwarded email because it appears to come from my
> personal domain, not the mythical myassociation.org domain. DKIM,
> DMARC, and SPF all fail, which I totally understand.
>
> How can I make this work? Is there a good way to use something like
> /etc/aliases to forward emails to the domain I manage to another
> recipient? Or is there something better I can do?
>

You will probably find that forwarding Emails to most systems, including
MSN/Live/Hotmail/Outlook and Yahoo/AOL works OK (for now).  But if you
want Vacation/Out-Of-Office/Autoresponders to work to Gmail addresses,
you MUST run DKIM on your managed domain.  Even valid SPF alone will NOT
do.

Implementing DKIM w/ DMARC is a good, if not the best, practice.
Considering present trends, SPF/DKIM/DMARC Auth-neutral will become the
new "bad".

> I apologize this isn't strictly SA related, I am just hoping someone
> can give me advice or provide I link to follow on how to make this work.

package: opendkim + access to your managed domain's DNS records.


$0.02,

-- Jared Hall

On 1/3/24 01:21, Jared Hall wrote:
> On 1/2/2024 5:24 PM, Thomas Cameron via users wrote:
>>
>> The problem is, when I send email to president@myassociation.org,
>> gmail rejects the forwarded email because it appears to come from my
>> personal domain, not the mythical myassociation.org domain. DKIM,
>> DMARC, and SPF all fail, which I totally understand.
>>
>> How can I make this work? Is there a good way to use something like
>> /etc/aliases to forward emails to the domain I manage to another
>> recipient? Or is there something better I can do?
>>
>
> You will probably find that forwarding Emails to most systems, including
> MSN/Live/Hotmail/Outlook and Yahoo/AOL works OK (for now).  But if you
> want Vacation/Out-Of-Office/Autoresponders to work to Gmail addresses,
> you MUST run DKIM on your managed domain.  Even valid SPF alone will NOT
> do.

I actually set up SPF, DMARC, and DKIM on the non-profit's email server.
It works fine if I send email from the server.

The rub is, I want all emails to president@example.org to be forwarded
to presidents_real_address@gmail.com. Since the forward happens at
mail.example.org, the "from" is from some other domain from example.org,
so it fails all the tests.

> Implementing DKIM w/ DMARC is a good, if not the best, practice.
> Considering present trends, SPF/DKIM/DMARC Auth-neutral will become the
> new "bad".

Oh, I firmly agree with you. I have all three services configured, and I
wouldn't deploy a mail server without them. This is just an odd corner
case where the easiest thing to do is just redirect emails to the
non-profit's president's real email address.

Instead of using /etc/aliases, I'm playing around with a procmail recipe
to munge the "from." We'll see if it works.

>> I apologize this isn't strictly SA related, I am just hoping someone
>> can give me advice or provide I link to follow on how to make this work.
>
> package: opendkim + access to your managed domain's DNS records.

I agree, and that's already done.

Thanks, sir!
Thomas

On 1/2/24 17:51, Andy Smith wrote:
> Hi Thomas,
>
> On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote:
>> I built email servers for a non-profit I volunteer for. If email comes into
>> the server for president@myassociation.org, I would normally just create an
>> alias in /etc/aliases so that emails to president@ get forwarded to the
>> president's "real" email address, say presidents_real_email@gmail.com.
>
> This causes your server to pass on email without changing envelope
> sender, so your server is purporting to be whoever the email is
> originally from. Any email authentication measure working on the
> envelope sender, such as SPF, will then fail, as your server is
> indistinguishable from a random host forging the original sender's
> domain.

Yup, that's exactly what's happening. Email from an association member
may come in from user@otherdomain.com and when it gets forwarded to
GMail, they reject it because the mail server isn't otherdomain.com's
email server. I get *why* it's failing, I was just hoping someone had a
better idea.

>> How can I make this work? Is there a good way to use something like
>> /etc/aliases to forward emails to the domain I manage to another recipient?
>> Or is there something better I can do?
>
> You need to give up on /etc/aliases for external routing of email
> unless you control all the original sender domains and can for
> example add your server IPs to its authentication mechanisms (e.g.
> SPF).
>
> Since you probably can't do that for any recipient domain that
> expects to receive Internet email, you need to either:
>
> - Implement Sender Rewriting Scheme (SRS) so that your server takes
> responsibility for forwarded emails with its own envelope sender.
> https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

This is excellent, I was not aware of it. I'm digging into it now. I was
playing around with using a procmail recipe to munch the "from" address,
but SRS looks like a MUCH better plan. Thank you so much!

> Or:
>
> - Have your users collect their your-org email by some means other
> than SMTP, such as running an IMAP server and having them view
> both their gmail mailbox and their your-org inbox in one place (I
> have no idea if that is feasible with gmail).

This is what *I* would do, for sure. But the members of the association
are incredibly non-technical, and trying to walk them through setting up
an email client like Thunderbird or Outlook is a recipe for disaster. I
really like the SRS idea, I'm digging into that now.

> Thanks,
> Andy
>

Thanks a bunch!
Thomas

On 2024-01-03 at 14:17:11 UTC-0500 (Wed, 3 Jan 2024 13:17:11 -0600)
Thomas Cameron via users <thomas.cameron@camerontech.com>
is rumored to have said:

> The rub is, I want all emails to president@example.org to be forwarded
> to presidents_real_address@gmail.com. Since the forward happens at
> mail.example.org, the "from" is from some other domain from
> example.org, so it fails all the tests.

Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it
has multiple implementations. If you forward mail, you will break SPF
unless you fix the envelope sender so that it uses a domain that
permits the example.org server to send for it.

OR, you could instead deliver to a POP mailbox locally and have users
fetch from there instead of simply forwarding mail to them. This also
avoids a completely distinct problem of places like GMail deciding that
your org's mail server is a spamming service because it is forwarding
spam. If users POP their mail instead of having it forwarded via SMTP,
that does not happen.


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Hello Thomas,

This might help too:
These failures are often due to SPFs that have a hard fail (meaning they end with ‘-all’). When I dealt with this in the past, the original sending domain was one where we could modify the SPF. So we had the email sender change “-all” to “~all” and since that makes it a soft fail, the email forwards started operating again.

And it sounds like you already know this but:

SPFs are basically TXT records attached to a domain’s DNS that specifies which mail server IPs have permission to send that domain’s emails. Hence the issue with email forwarding; Domain A sends to B which sends to C which makes C grumpy since B isn’t on A’s list of approved IPs.

> On Jan 3, 2024, at 1:46?PM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>
> ?On 2024-01-03 at 14:17:11 UTC-0500 (Wed, 3 Jan 2024 13:17:11 -0600)
> Thomas Cameron via users <thomas.cameron@camerontech.com>
> is rumored to have said:
>
>> The rub is, I want all emails to president@example.org to be forwarded to presidents_real_address@gmail.com. Since the forward happens at mail.example.org, the "from" is from some other domain from example.org, so it fails all the tests.
>
> Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it has multiple implementations. If you forward mail, you will break SPF unless you fix the envelope sender so that it uses a domain that permits the example.org server to send for it.
>
> OR, you could instead deliver to a POP mailbox locally and have users fetch from there instead of simply forwarding mail to them. This also avoids a completely distinct problem of places like GMail deciding that your org's mail server is a spamming service because it is forwarding spam. If users POP their mail instead of having it forwarded via SMTP, that does not happen.
>
>
> --
> Bill Cole
> bill@scconsult.com or billcole@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire
>
>

"Thomas Cameron via users" <users@spamassassin.apache.org> writes:

> I actually set up SPF, DMARC, and DKIM on the non-profit's email
> server. It works fine if I send email from the server.
>
> The rub is, I want all emails to president@example.org to be forwarded
> to presidents_real_address@gmail.com. Since the forward happens at
> mail.example.org, the "from" is from some other domain from
> example.org, so it fails all the tests.

You are overlooking that DKIM from the original From: is the
responsibility of that domain and that if you do not modify the message
then it should still pass. Domains sending without DKIM are going to be
a mess.

Here's what I have done in the past from my server to get around this
situation you are having:

1. In my .procmailrc file

:0c:
!example@gmail.com

This sends a copy (the c flag in first line) of the message to the
gmail account and leaves a copy in your inbox.

2. From your example@gmail.com acct, go to Settings -> Accounts and
Import. Under the section 'Check email from other accounts', Add an
email account. Then add your server's account and use POP to suck
over emails as they arrive. Have it delete the emails once they are
sucked over.

What this does is it causes messages to be forwarded to gmail, but
some small number of them bounce because of whatever decision gmail
makes. But those messages are popped in later, so there's no lost
mail. Gmail de-duplicates the messages so you don't get messages
twice, and it never refuses to pop the messages in. Popping in
messages is slow, so when the forward works (which seems to be most of
the time), mail comes in quick, unless it bounces, in which case, it's
popped in a few minutes, sometimes 10s of minutes, later.

If you are concerned about the bounce messages going back into your
mailbox (gmail doesn't loop here fortunately), you can write a
procmail rule to siphon those off into another folder or into
/dev/null. (Left as exercise for the reader...)

3. You *may* need to do one further thing, you may need to go back
into gmail's Account and Import settings and set up 'Send mail as' and
set up to send mail as your email address on your server. I can't
remember if gmail does this automatically for you in step 2 above or
not.

4. You probably want to then click the radio button "Reply from the
same address to which the message was sent". Otherwise, when you
reply, it'll come from your gmail address and not your server's email
address. These radio buttons only appear once you have at least one
Send As address set up.

Michael Grant

On 1/3/24 15:44, Bill Cole wrote:
>
> Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it
> has multiple implementations. If you forward mail, you will break SPF
> unless you fix the envelope sender so that it uses a domain  that
> permits the example.org server to send for it.
>
> OR, you could instead deliver to a POP mailbox locally and have users
> fetch from there instead of simply forwarding mail to them. This also
> avoids a completely distinct problem of places like GMail deciding that
> your org's mail server is a spamming service because it is forwarding
> spam. If users POP their mail instead of having it forwarded via SMTP,
> that does not happen.

Thanks for the advice on SRS - I have set it up and it's mostly working.
At least GMail accepts the emails, although it seems to be failing DKIM
and DMARC tests. I'm digging into what, if anything, can be done to make
PostSRSd fix this issue.

Many thanks for your help, it's genuinely appreciated!

Thomas

On 1/3/24 17:41, Greg Troxel wrote:
> You are overlooking that DKIM from the original From: is the
> responsibility of that domain and that if you do not modify the message
> then it should still pass. Domains sending without DKIM are going to be
> a mess.

Yeah, the weird thing is, when I check the forwarded email on GMail, I
see in the headers that both the original sending email server (call it
mail.somedomain.com) and the relay server (call it
mail.myassociation.org) put DKIM signatures in the message.

GMail doesn't flag it as "passed" for DKIM. I am looking to see if
PostSRSd has any sort configuration option to delete the DKIM of the
original sending server so that it will "pass" DKIM checks.

Thomas

Thomas Cameron <thomas.cameron@camerontech.com> writes:

> Yeah, the weird thing is, when I check the forwarded email on GMail, I
> see in the headers that both the original sending email server (call
> it mail.somedomain.com) and the relay server (call it
> mail.myassociation.org) put DKIM signatures in the message.

That's more or less broken in my opinion. I think an MTA should only
DKIM-sign messages that it is responsible for in the sense of
origination, because it is from an authenticated sender.

> GMail doesn't flag it as "passed" for DKIM. I am looking to see if
> PostSRSd has any sort configuration option to delete the DKIM of the
> original sending server so that it will "pass" DKIM checks.

Not sure why pass is in quotes. But again if you don't change headers
the original signature should be valid.

On 1/3/24 19:45, Greg Troxel wrote:
> Thomas Cameron <thomas.cameron@camerontech.com> writes:
>
>> Yeah, the weird thing is, when I check the forwarded email on GMail, I
>> see in the headers that both the original sending email server (call
>> it mail.somedomain.com) and the relay server (call it
>> mail.myassociation.org) put DKIM signatures in the message.
>
> That's more or less broken in my opinion. I think an MTA should only
> DKIM-sign messages that it is responsible for in the sense of
> origination, because it is from an authenticated sender.

Fair point. But I'm guessing that because it has two DKIM signatures,
it's not passing the DKIM check.

>> GMail doesn't flag it as "passed" for DKIM. I am looking to see if
>> PostSRSd has any sort configuration option to delete the DKIM of the
>> original sending server so that it will "pass" DKIM checks.
>
> Not sure why pass is in quotes. But again if you don't change headers
> the original signature should be valid.

Well, it's not marked as failed, and it's not marked as passed, but I am
looking at the OpenDKIM headers. It's in a weird limbo where I can see
the email got marked but GMail is not marking it either way.

Thomas

>On 1/3/24 15:44, Bill Cole wrote:
>>Indeed: your solution is known as "SRS" (Sender Rewriting Scheme)
>>and it has multiple implementations. If you forward mail, you will
>>break SPF unless you fix the envelope sender so that it uses a
>>domain? that permits the example.org server to send for it.
>>
>>OR, you could instead deliver to a POP mailbox locally and have
>>users fetch from there instead of simply forwarding mail to them.
>>This also avoids a completely distinct problem of places like GMail
>>deciding that your org's mail server is a spamming service because
>>it is forwarding spam. If users POP their mail instead of having it
>>forwarded via SMTP, that does not happen.

On 03.01.24 19:30, Thomas Cameron wrote:
>Thanks for the advice on SRS - I have set it up and it's mostly
>working. At least GMail accepts the emails, although it seems to be
>failing DKIM and DMARC tests. I'm digging into what, if anything, can
>be done to make PostSRSd fix this issue.

DKIM fails if the message is modified in your server (or, if DKIM failed
already when it came to it)

DMARC fails if neither DKIM nor SPF succeed, where DKIM signature or the SPF
record must be from the domain in From:

When you forward e-mail, SRS makes sure SPF record is from your domain, but
the DKIM signature must be made by sending server, so forwarded messages
without valid DKIM signature will not pass.

>Many thanks for your help, it's genuinely appreciated!

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.

>>Thomas Cameron <thomas.cameron@camerontech.com> writes:
>>>Yeah, the weird thing is, when I check the forwarded email on GMail, I
>>>see in the headers that both the original sending email server (call
>>>it mail.somedomain.com) and the relay server (call it
>>>mail.myassociation.org) put DKIM signatures in the message.

>On 1/3/24 19:45, Greg Troxel wrote:
>>That's more or less broken in my opinion. I think an MTA should only
>>DKIM-sign messages that it is responsible for in the sense of
>>origination, because it is from an authenticated sender.

On 03.01.24 20:36, Thomas Cameron wrote:
>Fair point. But I'm guessing that because it has two DKIM signatures,
>it's not passing the DKIM check.

only one of those DKIM dignatures needs to pass, with the domain in From:

>>>GMail doesn't flag it as "passed" for DKIM. I am looking to see if
>>>PostSRSd has any sort configuration option to delete the DKIM of the
>>>original sending server so that it will "pass" DKIM checks.
>>
>>Not sure why pass is in quotes. But again if you don't change headers
>>the original signature should be valid.
>
>Well, it's not marked as failed, and it's not marked as passed, but I
>am looking at the OpenDKIM headers. It's in a weird limbo where I can
>see the email got marked but GMail is not marking it either way.

can we see headers From: and Authentication-Results as they were seen on
your server?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.

On 1/4/24 06:31, Matus UHLAR - fantomas wrote:
> On 03.01.24 19:30, Thomas Cameron wrote:
>> Thanks for the advice on SRS - I have set it up and it's mostly
>> working. At least GMail accepts the emails, although it seems to be
>> failing DKIM and DMARC tests. I'm digging into what, if anything, can
>> be done to make PostSRSd fix this issue.
>
> DKIM fails if the message is modified in your server (or, if DKIM failed
> already when it came to it)
>
> DMARC fails if neither DKIM nor SPF succeed, where DKIM signature or the
> SPF record must be from the domain in From:
>
> When you forward e-mail, SRS makes sure SPF record is from your domain,
> but the DKIM signature must be made by sending server, so forwarded
> messages without valid DKIM signature will not pass.

The weird thing is, after a little while, everything seems to be working
just fine. When I send an email to one of the aliases on the server, it
sends it to the "real" email address at GMail. It now passes SPF, DMARC,
and DKIM tests. Looking in the headers on GMail, I see both DKIM
signatures, from the server which sent the original email, and the one
on our mail server.

I have no idea why GMail was saying it didn't pass checks earlier. I saw
the same DKIM signatures in the headers before.

Anyway, SRS is very cool, and I appreciate all the folks who pointed me
to it.

--
Thanks for the advice, Matus!
Thomas

On 1/4/24 06:35, Matus UHLAR - fantomas wrote:
> On 03.01.24 20:36, Thomas Cameron wrote:
>> Fair point. But I'm guessing that because it has two DKIM signatures,
>> it's not passing the DKIM check.
>
> only one of those DKIM dignatures needs to pass, with the domain in From:

Yup, and it seems to be working now. After about an hour, it suddenly
started working as expected.

>>>> GMail doesn't flag it as "passed" for DKIM. I am looking to see if
>>>> PostSRSd has any sort configuration option to delete the DKIM of the
>>>> original sending server so that it will "pass" DKIM checks.
>>>
>>> Not sure why pass is in quotes.   But again if you don't change headers
>>> the original signature should be valid.
>>
>> Well, it's not marked as failed, and it's not marked as passed, but I
>> am looking at the OpenDKIM headers. It's in a weird limbo where I can
>> see the email got marked but GMail is not marking it either way.
>
> can we see headers From: and Authentication-Results as they were seen on
> your server?

I absolutely can send them, but since it's working now, I'm going to
blame this on Google and run. :-D

--
Thanks!
Thomas

Hello,

On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote:
> On 1/2/24 17:51, Andy Smith wrote:
> > - Have your users collect their your-org email by some means other
> > than SMTP, such as running an IMAP server and having them view
> > both their gmail mailbox and their your-org inbox in one place (I
> > have no idea if that is feasible with gmail).
>
> This is what *I* would do, for sure. But the members of the association are
> incredibly non-technical, and trying to walk them through setting up an
> email client like Thunderbird or Outlook is a recipe for disaster.

I understand their point of view but maybe it needs putting to them
from the angle that the org is like any other workplace. They would
not expect their employer's internal emails to be forwarded to them
at $freemail.

Though then that does invite them to ask if they can have a
dedicated device to manage org email then. ????

(Which in many ways in not unreasonable either…)

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

>
> I built email servers for a non-profit I volunteer for. If email
> comes
> into the server for president@myassociation.org, I would normally
> just
> create an alias in /etc/aliases so that emails to president@ get
> forwarded to the president's "real" email address, say
> presidents_real_email@gmail.com.
>
> The problem is, when I send email to president@myassociation.org,
> gmail
> rejects the forwarded email because it appears to come from my
> personal
> domain, not the mythical myassociation.org domain. DKIM, DMARC, and
> SPF
> all fail, which I totally understand.
>
> How can I make this work?


Hellow Thomas,

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88


Sincerely, Byung-Hee

--
^????? _????_ ?????_^))//

>> I built email servers for a non-profit I volunteer for. If email comes
>> into the server for president@myassociation.org, I would normally just
>> create an alias in /etc/aliases so that emails to president@ get
>> forwarded to the president's "real" email address, say
>> presidents_real_email@gmail.com.

postfix supports expand_owner_alias, which, when you are sending to
alias@example.com, will set sender to owner-alias@example.com.

That way SPF should pass.

>> The problem is, when I send email to president@myassociation.org, gmail
>> rejects the forwarded email because it appears to come from my personal
>> domain, not the mythical myassociation.org domain. DKIM, DMARC, and SPF
>> all fail, which I totally understand.
>>
>> How can I make this work?

DKIM should not fail, unless you modify the message. Do you modify the
message?


On 07.01.24 19:07, Byung-Hee HWANG wrote:
>See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88

Cite:

>If your dkim signature is OK, then Gmail does accept all
>mails. So never use SRS. DKIM is enough.

This is not a good advice. Whoever filters SPF at SMTP time will reject that
message. Gmail is not the only mail service available.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.

>
> This is not a good advice. Whoever filters SPF at SMTP time will
> reject that
> message. Gmail is not the only mail service available.

Hellow Matus,

Gmail is my last INBOX. That's enough for me.


Sincerely, Byung-Hee

--
^????? _????_ ?????_^))//

>> This is not a good advice. Whoever filters SPF at SMTP time will
>> reject that
>> message. Gmail is not the only mail service available.

On 08.01.24 20:27, Byung-Hee HWANG wrote:
>Gmail is my last INBOX. That's enough for me.

that's what I wanted to say - enough for someone, but not generally enough.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Byung-Hee HWANG skrev den 2024-01-08 12:27:

> Gmail is my last INBOX. That's enough for me.

+1, so you are ready to setup google mx ? :)

https://support.google.com/a/answer/140034?hl=en

i don't like it yet, missing dnssec and dane, tlsa, google is not
friendly there

if google wants my money its required payment for me

On Mon, 2024-01-08 at 17:17 +0100, Benny Pedersen wrote:
> Byung-Hee HWANG skrev den 2024-01-08 12:27:
>
> > Gmail is my last INBOX. That's enough for me.
>
> +1, so you are ready to setup google mx ? :)
>

Hellow Benny,

Actually i used Google MX for 10 years. Recently, i created dedicated
MXs and am continuing to operate them. Plus, the dedicated MXs run on
Google Cloud and RimuHosting.

I terminated my Google Workspace commercial account. 2 years ago.


Sincerely, Byung-Hee

--
^????? _????_ ?????_^))//