Dear Lazyweb, any ideas on why TextCat doesn't seem to be firing?

# This is working: message gets "X-Spam-Language: ja.shift-jis" added to it.
add_header all Language _LANGUAGES_

# This is being ignored maybe?
ok_languages en
ok_locale en

# This is supposed to fire but does not:

# This doesn't fire either:
header UNWANTED_LANGUAGE_HEADER X-Spam-Language =~ /\bja\b/

Previously, previously, previously.

Tags: , , , , ,

null Stars Still Burn

Get null Stars for this purchase. Enter your phone number to create a loyalty account. Redeem Stars for free rewards.

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , ,

I agree with this message.

Previously, previously, previously, previously.

Tags: , , , , ,
Current Music: Hælos -- Noctis ♬

Everyone Wants Your Email Address

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

Instagram advertising is going great

All of the attention has been on the Muskovites lately, but let's see how things are going over at the books of Face:

I understand that they use "cookies" to enhance my personalized advertising experience!

Previously, previously, previously, previously, previously.

Tags: , , ,

Email bounce clustering

Our weekly event mailing list auto-unsubscribes people after they have bounced three times, and when skimming the logs I was noticing some weird clustering: it seemed like a lot of people were hitting their third bounce after exactly 125 messages. So I graphed it, and... yup?

At an average of one message a week, most addresses that bounce end up doing so at just about 31 months, or 2.4 years, plus or minus one week.

It's a weird cluster, right? I'd expect it to just be exponential.

This is a graph of how many messages were sent before the address bounced three times. It does not include addresses that have not bounced. Also, the bounce count is reset to 0 if we send a message and it does not bounce, so it's not that old "strikes" never expire. The data goes back about 3 years.

Almost all bounces are "over quota" rather than "not found" or some other error, and 75% of our subscribers are gmail.

Previously, previously, previously, previously, previously.
Tags: , , , , ,
Current Music: Pins -- Ghosting ♬


Dear Lazyweb,

How do I prevent postfix forgeries in "From:" rather than envelope?

Putting " REJECT Forgery" in "sender_access" prevents inbound unauthenticated SMTP connections from forging my domain in the envelope, but doesn't reject messages like:

From: "" <>

Looking for a postfix solution, not a spamassassin solution.

Current settings:

smtpd_helo_restrictions =

smtpd_sender_restrictions =

smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/access,
        check_sender_access hash:/etc/postfix/sender_access,

smtpd_relay_restrictions =

Update: I have still not gotten an answer to this question that I understand or believe. Is the person below who said "you can only solve this by adding even more nonstandard complexity to" correct?


Tags: , , , , ,


Dear Lazyweb,

When Postfix delivers to an unknown user via Dovecot it gets status=deferred but I want a reject in smtpd instead. How fix? mailbox_transport = dovecot:
dovecot unix - n n - - pipe
  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver
  -e -f ${sender} -d ${recipient}

Running deliver by hand shows it exiting with status 75.

Previously, previously, previously.

Tags: , , , , ,

The oligopoly has won.

Carlos Fenollosa flips a table:

Many companies have been trying to disrupt email by making it proprietary. So far, they have failed. Email keeps being an open protocol. Hurray? No hurray. Email is not distributed anymore. You just cannot create another first-class node of this network.

Email is now an oligopoly, a service gatekept by a few big companies which does not follow the principles of net neutrality. [...]

I lost. We lost. One cannot reliably deploy independent email servers. This is unethical, discriminatory and uncompetitive.

*Stares in previously.*

Tags: , , , ,

Today in "Google broke email".

Dear Lazyweb, how do I forward my employees' email to their gmail accounts and have it get there?

To recap, my domain hosts its own SMTP server running Postfix, and /etc/postfix/virtual contains a bunch of entries forwarding "" to whatever their actual email address is, usually gmail.

This has been mostly working fine for a decade or so, but lately there have been more bounces due to "strict SPF". For example,'s SPF record includes "-all" (dash instead of tilde) which means that when tries to mail, we forward that along to, and then Google rejects it with 550 "SPF hard fail".

So, I don't know whether it has recently become more common for people to use dash-all instead of tilde-all, or whether Google recently started actually enforcing dash-all in a way that they didn't before, and while I am curious about that answer, it doesn't really matter.

Another thing that doesn't matter is that SPF is bullshit that solves no problems and should not exist. Let's just take that as a given and move on.

What does matter is, what the fuck do I do about it?

Telling all of these people, "Hey dummy, use tilde-all instead of dash-all" is obviously not practical.

"Provide an IMAP server for all of my employees" is a terrible answer, in terms of both maintenance headache and disk space.

"Turn over your MX record to some third party service" is an even more terrible answer, because so many of our custom internal systems touch email. Order confirmations. Shipment notifications. Calendar mailings. Sales reports. Bounce and unsubscribe handlers. Address verification and password resets.

Is there a third option?

Finally, here's a concrete question: let's say I desired to have a filter plugged into my Postfix that looked at a message, identified it as one that Google is definitely going to reject because of strict SPF and then... did something else with it. Like, say, forward it as an attachment instead. (This would obviously be insane and terrible, and yet still better than bouncing.) Is that a doable thing, or should I just stick forks in my eyes right now?


    My current approach is to provide a POP3 server for all of my employees. It turns out that POP3 is a thing that still exists in the Twenty-First Goddamned Century. Gmail provides an option to download mail from external POP3 servers, if you trust them with your password. As far as I can tell so far, Google doesn't penalize my server for spam that is relayed that way, they just process it normally.

    But, every now and then, instead of downloading a message, they deliver a message to the recipient that says "The message [...] contained a virus or a suspicious attachment. It was therefore not fetched from your account and has been left on the server." And in that case they leave it on my server forever, which is annoying.

Previously, previously, previously.

Tags: , , , , , ,

  • Previously