@sheogorath ah, you’re right. I’m a postmaster myself and try to stick to standards as much as I can, and I cringe when other postmasters decide to violate standards openly. Yeah, the localhost mailer daemon can present the user with an error message from the server, right? This error message can contain such link.
I’m just looking for an effective solution because SpamAssassin doesn’t cut it anymore and some of my users are drowning in very obvious Nigerian prince spam...
Exactly.
Spamd seems to be quite efficent and you should try to make gmail addresses more likely spam.
https://microblog.shivering-isles.com/@sheogorath/101929271510129821
Finally I want to mention, that it's not the first time that @Tutanota is breaking mail standards. The refusal to use IMAP and SMTP for their users is also (from my perspective) a no-go and causes a very bad vendor-lock in, which is my main reason to not recommend them :/
@sheogorath well, I think the same about IMAP and SMTP for Tutanota. But I believe I know their motivation for removing such access, as IMAP is very outdated and honestly doesn’t work well in modern devices (lacks push among other things, ever heard of JMAP?), and there is also no simple way to enforce mailbox encryption and 2FA for IMAP users (Gmail has a shitty solution for 2FA which are app-specific passwords but that’s just a very bad temporary patch).
@L1Cafe Those app passwords are simply long term access tokens. That's what we use everywhere these days with oAuth2.
Don't see a big problem with that, but if you want to get rid of them, we have awesome TLS-auth with in IMAP, too ^^ For business environments that's great, for private environments overkill.
A great general purpose app that allows GPG and TLS auth developed by them would have been great.
@sheogorath yeah maybe I should tune my SpamAssassin scores to place more negative bias onto gmail addresses... I wanted to migrate to rspamd this summer though, but I’m not looking forward to it 😩 migrations are painful especially with downtime involved... maybe I could spin it up on a fresh server and just switch ports on the VLAN when everything is ready 🤔
@sheogorath @L1Cafe
We use this for our own mailbox only (tutao.de). It's the default for all unknown sending domains, reason is this: https://tutanota.com/blog/posts/newsletter-email-bomb/ It works pretty well against such a newsletter attack. :)
@L1Cafe
This might looks great until you realize that it breaks mail standards. We have status codes for mails, which include rejected (and this causes an mail to the original recipient with a message containing the reason).
Accepting the mail but not delivering it into a user accessible mailbox is a bad idea and breaks how email works, please don't do that :/
Use proper rejected status instead and provide a useful error message (which could also contain such a link).
@Tutanota