profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/PHPGangsta/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

PHPGangsta/GoogleAuthenticator 1955

PHP class to generate and verify Google Authenticator 2-factor authentication

PHPGangsta/FileWatcher 40

This PHP class detects file changes and sends alarms. Useful for detecting hackers changing website files.

PHPGangsta/AnimatedCaptcha 25

This PHP class makes it easy to create animated GIFs, especially CAPTCHAs

PHPGangsta/PHP-NCurses-Example 14

A simple php ncurses admin tool example

PHPGangsta/PayPal-IPN 11

PHP class to process PayPal Instant Payment Notifications (IPN)

PHPGangsta/ID3Reader 5

http://www.phpgangsta.de/moglichkeiten-id3-informationen-aus-mp3s-auszulesen

PHPGangsta/Array-conversion-script 2

Shorten the integer values of an array

PHPGangsta/HstsCheck 2

PHP crawler to check Alexa Top 1M for HSTS header http://www.phpgangsta.de/hsts-http-strict-transport-security-hasts-schon

PHPGangsta/ImageLabeler 2

This PHP class adds text to an image, for example copyright information.

PHPGangsta/MailNotifierWebfrontend 2

Small web interface for the mail notifier usb gadget

issue commentfastmail/authentication_milter

Lots of DNS errors if no "dns_resolvers" specified

The hold should be set such that related lookups are grouped together, avoiding many lookups to servers that are failing. Given this is a PTR lookup I suspect the PSL lookup is returning 99 incorrectly. I'll open a bug about that.

Thanks!

What version of Net::DNS::Resolver are you running?

Let me see.

For debugging I installed authentication_milter on a second machine 2 days ago. On that second machine DNS seems to work fine (only these strange "ERROR: DNS Lookup PTR 211.91.58.92 error, hold set on 92 : SERVFAIL" messages sometimes).

On the machine with the DNS problems I get this:

cpan -D Net::DNS::Resolver
....
Net::DNS::Resolver
-------------------------------------------------------------------------
        (no description)
        N/NL/NLNETLABS/Net-DNS-1.32.tar.gz
        /usr/share/perl5/Net/DNS/Resolver.pm
        Installed: 1564
        CPAN:      1818  Not up to date
        NLnet Labs (NLNETLABS)
        cpan@nlnetlabs.nl

On the machine where I don't have problems I get this:

cpan -D Net::DNS::Resolver
....
Net::DNS::Resolver
-------------------------------------------------------------------------
        (no description)
        N/NL/NLNETLABS/Net-DNS-1.32.tar.gz
        /usr/local/share/perl/5.30.0/Net/DNS/Resolver.pm
        Installed: 1818
        CPAN:      1818  up to date
        NLnet Labs (NLNETLABS)
        cpan@nlnetlabs.nl

Maybe it can be fixed by upgrading Net::DNS::Resolver from 1564 to 1818 on the problematic machine.... I just tried cpan-outdated -p | cpanm but it did not update Net::DNS::Resolver 😠

I then tried cpan> upgrade Net::DNS::Resolver and now it's updated to 1818... I restarted authentication_milter, let's see if the DNS errors are gone now.

PHPGangsta

comment created time in a day

issue openedmarcbradshaw/mail-bimi

Ability to disable DMARC-enforcement on org-domain

Hi Marc,

I'm currently testing your authentication_milter which is using Mail::BIMI. But I see many BIMI implementations of newsletters which don't enforce DMARC on the org-domain. For example they have DMARC with p!=none on newsletter.domain.com, but they do have DMARC p=none on domain.com.

I talked to two guys from big newsletter sender companies (ESPs), and both told me that a lot of brands don't enforce DMARC on the brands org-domain because it is a lot of work to do that, and those brands are not able to do it. That's why lots of newsletters with BIMI only have DMARC on the subdomain (which was delegated to the ESP), but not the org-domain. Both told me that most of their customers (more than half, maybe 70%-90%) don't have DMARC enforced on their org-domain. They are asking them to do it, but there are plenty of reasons why they don't do it.

Both told me that Yahoo/AOL does not care about the org-domain, they only check DMARC on the subdomain. That's why Yahoo shows so many BIMI logos which fail the "DMARC enforcement on the org-domain" check.

I would also like to disable the DMARC enforcement check on the org-domain. As far as I can see this is not possible yet with Mail::BIMI, right? It would be nice to have an option for it.

There are many examples, here is one: service.rossmann.de

    bimi=skipped (DMARC Policy is not at enforcement);
    dkim=pass (2048-bit rsa key sha256) header.d=inxserver.com
      header.i=@inxserver.com header.b=o4W6L9zD header.a=rsa-sha256
      header.s=202007;
    dkim=pass (2048-bit rsa key sha256) header.d=service.rossmann.de
      header.i=@service.rossmann.de header.b=cfEIV2FY header.a=rsa-sha256
      header.s=inx20493434;
    dmarc=pass policy.published-domain-policy=reject
      policy.applied-disposition=none policy.evaluated-disposition=none
      (p=reject,has-list-id=yes,d=none,d.eval=none) policy.policy-from=p
      header.from=service.rossmann.de;

There is dmarc=pass, but bimi=skipped. And as far as I can see it's because of the p=none on the org-domain. https://bimigroup.org/bimi-generator/ shows this:

rossmann_screenshot

There are many more like this, for example:

urlaub.fti.de
mail.lidl.de
news.congstar.de
news.intersport.de
news.fc-koeln.de
news.gravis.de
news.mammut.com
newsletter.robinson.com
email.babymarkt.de
news.trigema.de
...

All of them have a missing DMARC record on the org-domain, or p=none on the org-domain. DMARC on the subdomains is enforced.

Thanks Michael

created time in 4 days

issue commentrspamd/rspamd

[Feature] Add BIMI support

Hi,

you are right, it's not an easy task. You definitely have to cache the results, logos and certificates to reduce the HTTP requests to a minimum. You have to do those HTTP requests asynchronously.

With checking the VMC (currently only Digicert and Entrust offer them) you don't need a whitelist. But getting a VMC is expensive and much work (only the very big companies have a trademark on their logo), so I guess it will be a mix of VMC and a whitelist. If that whitelist is hosted at rspamd or if everyone maintains his own whitelist, I don't know. Of cause a centralized whitelist of a "trusted organisation" would be best.

PHPGangsta

comment created time in 5 days

issue commentfastmail/authentication_milter

Lots of DNS errors if no "dns_resolvers" specified

OK, I still have problems if I define specific dns_resolvers:

"dns_timeout"           : 10,
"dns_retry"             : 3,
"dns_servfail_timeout"  : 2000000,
"dns_resolvers"         : [
   "9.9.9.9",
   "8.8.8.8"
],

In the logfiles (see attached) I see that I get "timed out" errors in less than 1 second. How is that possible, the timeout is defined as 10 seconds?

At "12:09:34" the connection is coming in, and at "12:09:34" I also get "query timed out" errors:

Oct 17 12:09:34 testmaschine01 authentication_milter[18624]: 081846C14AD: ERROR: DNS Lookup TXT urlaub.fti.de error, hold set on fti.de : query timed out
Oct 17 12:09:34 testmaschine01 authentication_milter[18624]: 081846C14AD: Metrics: Counting senderid_total:1:ident=authentication_milter,result=temperror
Oct 17 12:09:34 testmaschine01 authentication_milter[18624]: 081846C14AD: SenderIdCode: temperror

See attached logfile. I guess something is wrong there? How is it possible that it timed out in less than a second?

If I try to resolve the query manually with dig it works fine. rspamd is also running on that maschine and has no DNS issues...

Another question: ERROR: DNS Lookup PTR 93.191.164.99 error, hold set on 99 : query timed out What does it mean "hold set on 99"? Should there be the full IP address instead of just "99"?

auth_milter_log.txt

PHPGangsta

comment created time in 6 days

issue openedfastmail/authentication_milter

Lots of DNS errors if no "dns_resolvers" specified

Hello,

if I don't specify any dns_resolvers I get lots of DNS errors:

Oct 16 00:35:22 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: DNS Lookup MX domain.de error, hold set on domain.de : query timed out
Oct 16 00:35:22 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: DNS Lookup MX domain.de error, hold set on domain.de : query timed out
Oct 16 00:35:22 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup A domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:22 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup AAAA domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup TXT domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: SPFHeader: Received-SPF: temperror (domain.de: Time-out on DNS 'TXT' lookup of 'domain.de') receiver=michael01.XXXXX.de; identity=pra; pra="mk@domain.de"; helo=out.domain.de; client-ip=11.22.33.44
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup TXT dkim._domainkey.domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: DKIMResult: invalid (public key: DNS error: query timed out)
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: DKIMSignatureResult: invalid (public key: DNS error: query timed out)
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup TXT _domainkey.domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup TXT _policy._domainkey.domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup TXT _adsp._domainkey.domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup MX domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: DKIM EOM Error DNS error: query timed out<LF>
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Temp DKIM Error - DNS error: query timed out<LF>
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup MX domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup NS domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup A domain.de aborted due to previous DNS Lookup timeout on domain.de
Oct 16 00:35:23 testmaschine01 authentication_milter[26552]: 3371A6C150D: ERROR: Lookup AAAA domain.de aborted due to previous DNS Lookup timeout on domain.de

If I configure them, everything is fine:

"dns_resolvers"         : [
   "127.0.0.1",
   "8.8.8.8"
],

Which resolvers are being used if I don't specify dns_resolvers, I would have expected that the "operating system default resolvers" are being used...

created time in 8 days

issue openedfastmail/authentication_milter

Warning: Use of uninitialized value in concatenation...

Hello Marc,

I installed your milter via sudo cpanm Mail::Milter::Authentication Because a test failed in "Net-DNS-Paranoid-0.08" ( https://github.com/tokuhirom/Net-DNS-Paranoid/issues/4 ) I had to use "--force" to install it, then it worked fine.

But when running it with "debug:1" I get lots of these Warnings:

==> authentication_milter.err <==
Sat Oct 16 00:09:43 2021 authentication_milter[26219] Warning: Use of uninitialized value in concatenation (.) or string at /usr/local/share/perl/5.26.1/Mail/Milter/Authentication/Handler.pm line 930.
Sat Oct 16 00:09:46 2021 authentication_milter[26219] Warning: Use of uninitialized value in concatenation (.) or string at /usr/local/share/perl/5.26.1/Mail/Milter/Authentication/Handler.pm line 722.
Sat Oct 16 00:09:47 2021 authentication_milter[26219] Warning: Use of uninitialized value in concatenation (.) or string at /usr/local/share/perl/5.26.1/Mail/Milter/Authentication/Handler.pm line 722.
Sat Oct 16 00:09:49 2021 authentication_milter[26219] Warning: Use of uninitialized value in concatenation (.) or string at /usr/local/share/perl/5.26.1/Mail/Milter/Authentication/Handler.pm line 722.

authentication_milter -h shows that I'm using version 3.20210914

created time in 8 days

issue openedrspamd/rspamd

[Feature] Add BIMI support

Hello,

it would be awesome if rspamd could check for BIMI and add headers BIMI-Location and BIMI-Indicator.

BIMI RFC:

  • https://www.ietf.org/archive/id/draft-blank-ietf-bimi-02.txt
  • https://bimigroup.org/
    • Especially interesting: The Receivers Guidance for Implementing: https://bimigroup.org/supporting-documents/

Some other milters/MTAs already support this:

  • https://github.com/fastmail/authentication_milter/blob/master/lib/Mail/Milter/Authentication/Handler/BIMI.pm
  • https://halon.io/blog/adding-bimi-to-your-mailbox-service-to-improve-security-and-user-experience/
    • https://github.com/halon-extras/bimi

Emails having a valid BIMI and a validated VMC (which costs around 1000$) might indicate a serious sender who paid for it, and has a logo which is trademarked. Not many spammers will pay for it and get a certificate assigned.

created time in 10 days

issue openedrspamd/rspamd

[BUG] rspamd sometimes sends multiple DMARC reports for 1 domain

Hi,

I'm using rspamd 3.0-2~bionic amd64 on Ubuntu 18.04.

For some domains, rspamd sends multiple reports in one day, with the exact same Subject and E-Mail body. The report_id and date_range are the same values. The content of the .xml file is different, one file contains less entries than the other.

I'm sending 10-20 reports per day. Today there were 2 domains where 2 reports have been sent.

See files attached. xxx.de!yahoo.com!1633332962!1633419362.xml.zip

created time in 19 days

issue commentrspamd/rspamd

[BUG] dmarc reports sent in version 3.0 doesn't include dkim on auth results

Just a quick question: When will there be a new version with this fix in it? My systems are sending DMARC reports without the DKIM auth result. I currently run: rspamd 3.0-2~bionic amd64

aalmenar

comment created time in 20 days

issue commentrspamd/rspamd

[Feature] mta-sts support

MTA-STS is used on outbound MTAs. It doesn't make sense in rspamd as a spam-filter, that's correct.

erialor

comment created time in a month

issue commenttmrowco/electricitymap-contrib

Time delay

I also have this problem. Since 2 weeks or so the time in the graphs is 2-3 hours in the past.

I'm living in Germany with a German browser. Maybe a problem with the current timezone of the browser which is currently GMT+2 here?

Bohne13

comment created time in a month

issue openedrspamd/rspamd

[BUG] "localhost" is on rspamd URIBL

I'm seeing this in my scan results:

RSPAMD_URIBL (4.5) [localhost:url]

If I go to https://bl.rspamd.com/ and try to remove "localhost" from the URIBL, it says:

Please match the requested format: Domain name

created time in a month

issue commentphpseclib/phpseclib

bug: SFTP session stays open in V3

Hi. I also experienced this issue with SSH2 a few days ago in a long-running script... The problem is that I didn't call disconnect() manually, I relied on the __destruct() call to disconnect and destroy the object (after leaving the scope or overwriting the variable).

With the new version of SSH2 (and SFTP) the object itself is put into self::$connections for some reason (I don't understand why that's needed inside the library, if users want to hold/cache multiple connections, they can do it themselves).

So now you have to call disconnect() to close the connection and remove the object from the static property self::$connections, the destructor is called then after leaving the scope or overwriting the variable.

So either use WeakReference in PHP >=7.4, or call disconnect() inside your loop or scope.

DRoet

comment created time in 2 months

issue openedWebTigers/Tiger

No contact method

Hello,

I wanted to contact you, but neither on your website nor on the Amazon Marketplace page nor on Github I can find an email address or contact form. That's why I'm writing here.

Some hints regarding your website/project:

  1. https://webtigers.com/de Notice: The language 'de' has to be added before it can be used. in /var/www/tiger-vendor/vendor/shardj/zf1-future/library/Zend/Translate/Adapter.php on line 445 Notice: No translation for the language 'de' available. in /var/www/tiger-vendor/vendor/shardj/zf1-future/library/Zend/Translate/Adapter.php on line 458 -> display_errors is On.. A bad idea on production systems. There are internal paths visible, and maybe also parameters, mysql-username and password, and so on. You should disable display_errors on production systems.

  2. http://webtigers.com/ unencrypted website without HTTPS redirect.

  3. No chance to contact you anywhere. Please put contact information somewhere, a contact form, an imprint or similar.

  4. Typos on your Amazon marketplace page:

  • "Apache 2.4 and PFM": Maybe you mean "PHP-FPM"?
  • "FZ1-Future" should be "ZF1-Future" I guess?

Thanks!

created time in 2 months

pull request commentrspamd/rspamd

[Fix] ezmlm mailing list software triggering MULTIPLE_UNIQUE_HEADERS by duplicate "Reply-To" header

I have one side-question: Is the problem already fixed in ezmlm? Because from an RFC point of view, having 2 "Reply-To" header is invalid. It might break existing DKIM-Signatures (if Reply-To is oversigned), and email clients might behave differently: They should show the lower one, but maybe some show the upper one.

If the problem is already fixed since a few years in ezmlm, then I would not create an exception in rspamd, but encourage the admins of old versions of ezmlm to update, to fix the problem at the source...

uschindler

comment created time in 3 months