E-Mail Hässlich, aber es funktioniert @leyrer Email ist immer noch super und unsere letzte, beste Hoffnung auf systemübergreifende Kommunikation.

– @leyrer @MacLemon Email ist irreparabel kaputt.

– @MacLemon Abgrenzung UUCP X.25 X.400 __ / \ /|oo \ (_| /_) _`@/_ \ _ | | \ \\ | (*) | \ )) ______|__U__| / \// / FIDO \ _//|| _\ / (______) (_/(_|(____/ Telefaximile

Internet Email Fragen? Wer verwendet noch Email? 0. Akt Wie funktioniert Email eigentlich?

∞

MTAs

MTA MTA

MSA MDA MTAs

aMTA rMTA

MSA MDA MTAs

aMTA rMTA

MSA MDA MTAs

aMTA rMTA

MSA MDA

Envelope Header

-----BEGIN PGP MESSAGE----- hQEOA3MJaelH4lKFEAQAgbu3aFbD5z5pQEz GxaoobXQNetKarRmFqG1tXLd2qLAs pyTCysWxBfE04pPh9hORyWOBm2QPgA3GATm v6D96VMP8WgdI2q/eeMkIRR10YbaZ 3UomVhcBW6phLSkLsIfnjODxD680ufUH7qB Aw6mVGuKhUTt22erp6RueVo2ikhcE ANVSOgtf+aWD/ n9Vr90lEMnL6YjsvVZQvIppgXNTUT0JCbhI KJ4tAdX9s3HzDiTE 1a5N7aH1FGy/ rHp4YMqy1kJ9F57fj2eJtFylpfA8Z299eNb mFFMBOYe56fjR4iOM PIYO42xJajqrnHWJdhQVAwux7W1Yj19ci1K cO+79SQAv0l4BoXPbIAGsAmaynzNt @leyrer gYoF61YteD3IBCJyWBfHg7s +1QGNsSziB6qjWPSlZCsdQydO3/8K9fGkcR NYKSqQ uUiydE/38oBZwJ8Hktbd/ EQTcvwADbaJVPGjosh5nMdk Metalab =87Ir -----END PGP MESSAGE----- 1010 Wien -----BEGIN PGP MESSAGE----- hQEOA3MJaelH4lKFEAQAgbu3aFbD5z5pQEz GxaoobXQNetKarRmFqG1tXLd2qLAs pyTCysWxBfE04pPh9hORyWOBm2QPgA3GATm v6D96VMP8WgdI2q/eeMkIRR10YbaZ 3UomVhcBW6phLSkLsIfnjODxD680ufUH7qB Aw6mVGuKhUTt22erp6RueVo2ikhcE ANVSOgtf+aWD/ n9Vr90lEMnL6YjsvVZQvIppgXNTUT0JCbhI KJ4tAdX9s3HzDiTE 1a5N7aH1FGy/ rHp4YMqy1kJ9F57fj2eJtFylpfA8Z299eNb mFFMBOYe56fjR4iOM PIYO42xJajqrnHWJdhQVAwux7W1Yj19ci1K cO+79SQAv0l4BoXPbIAGsAmaynzNt @leyrer gYoF61YteD3IBCJyWBfHg7s +1QGNsSziB6qjWPSlZCsdQydO3/8K9fGkcR NYKSqQ uUiydE/38oBZwJ8Hktbd/ EQTcvwADbaJVPGjosh5nMdk Metalab =87Ir -----END PGP MESSAGE----- 1010 Wien MAIL FROM: RCPT TO: / 0. Akt 1. Akt Protokolle 25/TCP SMTP MTA → MTA Open Relay SMTP aMUA → MTA 587/TCP SUBMISSION aMUA → MSA 993/TCP 143/TCP IMAP4 MDA → rMUA 995/TCP 110/TCP POP3 MDA → rMUA Transport Layer Security Transportverschlüsselung

TLS 1.3 TLS 1.2 TLS 1.1 TLS 1.0 SSLv3 SSLv2 Mailbox names for common Services, Roles and Functions Internet Services

Postmaster@ Hostmaster@ Webmaster@ Network Operations

Customer Abuse@ Relations NOC@ Network Operations Security@ Network Security Business Related

Info@ Marketing Marketing@ Marketing Sales@ Sales Support@ Customer Service 53/UDP & TCP MX Record $ host -t MX easterhegg.eu easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. Achievement unlocked BIO SPAM

Du kannst nun Spam und Phishing Emails empfangen! / 1. Akt 2. Akt 53/UDP & TCP MX Record easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. [email protected] @ easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. 10 20 23 42 100 1337 10 10 10 23 42 1337 easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. IN MX 10 kilbeggan.fourecks.de. kilbeggan IN AAAA 2001:DB8::e99 IN MX 10 kilbeggan.fourecks.de. kilbeggan IN CNAME kilkenny IN MX 10 2001:DB8::e99 IN MX 10 kilbeggan.fourecks.de. kilbeggan IN AAAA 2001:DB8::e99 kilbeggan IN A 88.198.54.132 IN MX 10 kilbeggan.fourecks.de. kilbeggan IN AAAA 2001:DB8::e99 kilbeggan IN A 88.198.54.132 IN MX 10 kilbeggan.fourecks.de. kilbeggan IN AAAA 2001:DB8::e99 kilbeggan IN A 88.198.54.132 IN MX 10 kilbeggan.fourecks.de. easterhegg.eu. IN AAAA 2001:DB8::e99 easterhegg.eu. IN A 88.198.54.132 IN MX 10 kilbeggan.fourecks.de. easterhegg.eu. IN AAAA 2001:DB8::e99 easterhegg.eu. IN A 88.198.54.132 PTR $ORIGIN 54.198.88.in-addr.arpa 132!IN!PTR!kilbeggan.fourecks.eu. $ host -t MX easterhegg.eu easterhegg.eu mail is handled by 10 kilbeggan.fourecks.de. $ host kilbeggan.fourecks.de kilbeggan.fourecks.de has address 88.198.54.132 kilbeggan.fourecks.de has IPv6 address 2a01:4f8:131:1302::1 $ host 88.198.54.132

132.54.198.88.in-addr.arpa domain name pointer kilbeggan.fourecks.de. $ host 2a01:4f8:131:1302::1

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.3 .1.1.3.1.0.8.f.4.0.1.0.a.2.ip6.arpa domain name pointer kilbeggan.fourecks.de. FQDN FQDN Fully Qualified Domain Name Ich mag keine Emails! NULL MX IN MX 0 . $ host -t MX ssltest.security.fail ssltest.security.fail mail is handled by 0 . Danke an @TheSecurityFail Inbox Zero

Achievement unlocked Inbox Zero 4EVAR

Achievement unlocked SPF Sender Policy Framework example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" example.com. IN TXT "v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.128 ip6:2001:DB8::e99/64 mx -all" Qualifier

~ soft fail - hard fail + no policy DNS Typen a mx all / SPF / Sender Policy Framework Sender ID spf2.0/mfrom spf2.0/mfrom,pra spf2.0/pra spf2.0/mfrom spf2.0/mfrom,pra spf2.0/pra spf2.0/mfrom spf2.0/mfrom,pra spf2.0/pra spf2.0/mfrom spf2.0/mfrom,pra spf2.0/pra / Sender ID DKIM Domain Key Identified Mail aMTA

+ DKIM-Signature: rMTA

✔ From: DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane; c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938; h=from:to:subject:date:keywords:keywords; bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3OD kwMTI=; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav +yuU4zGeeruD00lszZVoG4ZHRNiYzR DKIM Setup apt-get install dkim-filter $ openssl genrsa -out \ default-2016-03-!25.private 4096 $ openssl rsa -in \ default-2016-03-25.private -out \ default-2016-03-25.public -pubout \ -outform PEM

$ grep -v -e "^-" \ default-2016-03-25.public | tr -d "\n" default-2016-03-25._domainkey IN TXT "v=DKIM1\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3[…]EBAQUAA4GNADCB" Postfix $EDITOR main.cf smtpd_milters = inet:localhost:8893 $EDITOR /etc/dkim-filter.conf OmitHeaders!!Return- Path,Received,Comments,Keywords,Bcc,Resent- Bcc SubDomains!yes X-Header!!yes Background!yes Selector!!default-2016-03-25 Canonicalization!relaxed/simple KeyFile!/etc/dkim/default-2016-03-25.private / DKIM / Domain Key Identified Mail DMARC Domain based Message Authentication, Reporting and Conformance TXT v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400 Postmark https://dmarc.postmarkapp.com/

/ DMARC / Domain based Message Authentication, Reporting and Conformance Fazit DANE DNS-Based Authentication of Named Entities / 2. Akt 3. Akt Blacklisting RBLS, DNSBL NiX Spam http://www.dnsbl.manitu.net/ Greylisting Greylisting Whitelisting Tarpitting Early Talker main.cf

smtpd_helo_required = yes Rate limiting Header Checks Header Checks X-Flags: X-Original-To: X-Topics: X-Google-Appengine-App- X-Rocket-Received: X-Apple-Mail-Stationery: X-MS-Exchange-CrossTenant- X-Twittersendername: X-BeenThere: X-Sieve: X-ACL-Warn: Id-Alias: X-SpamTest-Info: X-TradeDoubler-MailID: FromEntityHeader: X-Twittersenderid: X-Provags-ID: X-Mailer: X-Df-Sender: X-RT-Original-Encoding: X-TorMail-User: X-TradeDoubler-EmailId: X-Exchange-Antispam-Report- X-Twitterrecipientscreenname: X-Mailman-Version: X-Received: X-Apple-Content-Length: X-Postfix-Sender: X-AOL-IP: X-TradeDoubler- Test: X-Twitterrecipientname: X-Enigmail-Version: X-Inode-SpamFlag: X-campaignid: X-Postfix-Queue-ID: X-Accounttype: EmailCategoryType: X-Microsoft-Antispam-PRVS: X-Twitterrecipientid: X-Y-GMX-Trusted: X-Facebook: X-Campaign: X-Feedback-ID: X-Suspected-Spam: X-MS-Exchange-Transport- X-Inode-ss: X-Twitteremailtype: X-Scan-Signature: X-FuHaFi: X-RZG-CLASS-ID: X-Subject: X-Reply-To: CrossTenantHeadersStamped: X-PGP-Fingerprint: X-Twittercreatedat: X-Gm-Message-State: X-Facebook-Notify: X-RZG-AUTH: X-LinkedIn-fbl: X-Forefront-Antispam-Report: X-Modwest-MailScanner: X-Mail-Calendar-Part: X-BLTSYMAVREINSERT: X-Google-DKIM-Signature: X-FACEBOOK-PRIORITY: X-Spam-Processed: X-Apple-Base-Url: X-List-Administrivia: X-Binding: X-Language-Identified: X-Recipient: X-To-Get-Off-This-List: X-Universally-Unique- X-GMX-Htest: X-MIMETrack: X-Authority-Analysis: X-jID: X-AuthFastPath: X-Friv-Forum: X-MS-TNEF-Correlator: Identifier: X-Originating-Email: X-Microsoft-Exchange- X-DKIM-Authentication- X-cuID: X-RocketYMMF: X-DSNContext: X-MS-Has-Attach: X-AntiAbuse: X-bounce-key: Diagnostics: Results: X-cID: X-EOPAttributedMessage: X-Confirm-Reading-To: X-GMX-Antivirus: X-MSMail-priority: X-PMX-Version: X-Attach-Flag: X-Library: X-aID: X-Mandrill-User: X-eC-messenger-sender- X-Amavis-Alert: X-Sent-To: X-cid: X-Business-Group: X-Abuse: X-Gpgmail-State: X-AuthReport-Spam: domain: X-MSFBL: X-MANTSH: X-Spam: X-PHP-Script: X-PVIQ: X-Mimeole: X-MS-Exchange-CrossTenant- X-VirusChecked: X-Virus-Scanned: X-CLX-Spam: X-MDaemon-Deliver-To: X-Campaign-ID: X-CTCH-RefID: X-AOL-SENDER: OriginalAttributedTenantConne X-StarScan-Version: X-Cron-Env: X-CLX-Score: X-Return-Path: X-Google-Group-Id: X-Bounce: X-LLPP: ctingIp: X-Inode-Mailcheck: X-Pgp-Agent: X-Original-Authentication- X-sgxh1: X-Mailer-MsgId: X-Ack: X-Glassboard-Message-ID: X-MS-Exchange-CrossTenant-Id: X-Env-Sender: X-GMX-Antispam: Results: X- X-Mailer-CSID: X-Injected-Via-Gmane: X-CTCH-Spam: X-info1: X-BigFish: X-Greylist: X-GitHub-Recipient: DKIM_SIGN_REQUIRED: X-To: X-Gmane-NNTP-Posting-Host: X-URL: X-code: X-SpamTest-Version: X-Brightmail-Tracker: X-GitHub-Recipient- X-Univie-Virus-Scan: X-Brightmail: X-CSA-Complaints: X-Failed-Recipients: X-Unsubscribe-Web: X-Msg-Ref: X-Sender: Address: X-rext: X-SA-Do-Not-Run: X-CLX-UnSpecialScore: X-MailScanner-From: X-KeepSent: X-Barracuda-URL: X-Originating-IP: X-Authenticated-User: X-Enigmail-Draft-Status: X-MIME-Autoconverted: X-Apple-Mail-Signature: X-MA-Reference: X-Message-Info: X-Barracuda-Start-Time: X-Dcc-Metrics: X-SG-EID: X-Scanned-By: X-Forwarded-Message-Id: X-ecm-part-format: X-Elrippo-NOT-TRUSTED- X-Matching-Connectors: X-Barracuda-Connect: X-PHP-Originating-Script: X-AuditID: X-Notifications: X-UI-Message-Type: X-mailer: Header: X-CTCH-ScoreCust: X-ASG-Orig-Subj: X-GMX-UID: X-Sendgrid-EID: X-SpamDetect: X-DomainKeys: X-H-Notify: X-Mokka: X-CTCH-Score: X-ASG-Debug-ID: X-OriginalArrivalTime: X-Listbox-Post-Id: X-MEETUP-TRACK: X-SES-Outgoing: X-Forefront-PRVS: X-Apple-Mail-Plain-Text-Draft: X-CTCH-Rules: X-Modwest-MailScanner-From: X-Spam-Status: X-Listbox-List-ID: X-MEETUP-RECIP-ID: X-DCC-ZID-Univie- X-Apple-Mail-Remote- X-eC-messenger-mid: X-CTCH-SenderID: X-CNFS-Analysis: X-Spam-Level: X-Brightmail-scanned: X-TMN: Metrics: Attachments: X-eC-messenger-email: X-CTCH-SenderID-TotalVirus: X-CM-Score: X-Spam-Score: X-Accept-Language: X-Notification-Type: X-Forwarded-For: X-Twitterimpressionid: X-eC-messenger-cid: X-CTCH-SenderID- X-return-path-rewrite: X-Spam-Flag: X-SG-ID: X-Sender-ID: X-LinkedIn-Class: X-PhaseofMoon: X-Type: TotalSuspected: X-Yandex-Uniq: X-Inode-Forwarded: X-policyd-weight: X-Notification-ID: X-MC-User: X-WR-ALARMUID: X-Server-Quench: X-CTCH-SenderID-TotalSpam: X-Tracker: X-Inode-Scanner: X-Info: X-Notification-Category: X-Forwarded-To: X-Sasl-enc: X-RCPT-To: X-CTCH-SenderID- X-SpamTest-Status: X-Original-Sender: X-Authentication-Warning: X-Google-Appengine-App- X-LinkedIn-Template: X-Steve: X-Mail-From: TotalRecipients: X-SpamScore: X-SourceIP: X-IP-stats: Id: X-AntiVirus: X-Apple-Windows-Friendly: X-Authentic-SMTP: X-CTCH-SenderID- X-Spam-RelayCountries: X-Content-Filtered-By: X-Yahoo-SMTP: X-DKIM: X-AV-Do-Run: X-Google-Original-From: X-AuthRoute: TotalMessages: X-Spam-Language: X-Inode-SpamScore: X-twfbl: X-MDRemoteIP: X-Spam-TU-Processing- X-ABUID: X-nextra-mail01-rcpt: X-CTCH-SenderID- X-MessageID: X-Inode-SpamReport: X-CERTat-MailScanner: X-Sasl-Enc: Host: X-Footer: X-WR-CALNAME: TotalConfirmed: X-ref: X-Inode-SpamBar: X-CERTat-MailScanner- X-Spam-Checker-Version: X-Connecting-Host: X-Mao-Original-Outgoing-Id: X-CTCH-VOD: X-CTCH-SenderID-TotalBulk: X-ray: X-SA-Exim-Version: SpamCheck: X-Complaints-To: X-Connecting-Addr: X-Should-Pgp-Sign: X-CTCH-Flags: X-CTCH-SenderID- X-TNEFEvaluated: X-Quarantine-ID: X-CERTat-MailScanner-ID: X-Authenticated-IP: X-Sent-From: X-Should-Pgp-Encrypt: X-AMAZON-RTE-VERSION: BlueWhiteFlag: X-PMWin-Version: X-Google-Sender-Auth: X-CERTat-MailScanner- X-SEQ: X-Mailgun-Sid: X-Request-UUID: X-AMAZON-MAIL-RELAY- X-ClientProxiedBy: X-Campaign-Id: X-Phorum: From: X-VirtualServerGroup: X-Auto-Response- X-All-Senders-In-Circles: TYPE: X-TM-AS-Product-Ver: X-CCS-MailScanner: X-Virus-Status: X-Antivirus: X-HTTP-UserAgent: Suppress: X-Eon-Sig: X-Face: X-Mailer-SID: X-CCS-MailScanner-Info: X-YMail-OSG: X-Priority: X-IP: X-OriginatingIP: X-Eon-Dm: X-UFL-Spam-Level: X-TM-AS-Result: X-Original-MessageID: X-MIMEOLE: X-Avast: X-EmailType-Id: X-No-Archive: X-Apple-Auto-Saved: X-rim-org-msg-ref-id: X-Mailer-Sent-By: X-nextra-mail02-rcpt: X-MimeOLE: X-Antivirus-Status: X-MailingID: X-Cloudmark-Score: X-Return-Receipt-To: X-Trac-Version: X-Mailer-LID: X-WU-uvscan-status: X-MSMail-Priority: X-RT-Loop-Prevention: X-SMHeaderMap: X-Spam-DCC: X-Notes-Item: X-Trac-Project: X-GPG-Fingerprint: X-User-Agent: X-Source: X-Default-Received-SPF: X-Destination-ID: X-IronPort-Anti-Spam- X-Disposition-Notification-To: X-Resent-To: X-Match: X-Ivanova: X-Source-Dir: X-mailstream: X-Request-ID: Result: X-MB-Message-Type: X-Resent-For: X-Scanner: X-Originating-Ip: X-Source-Args: X-Sendgrid-ID: X-Managed-By: X-IronPort-Anti-Spam- X-MB-Message-Source: X-Resent-By: X-ME-Bayesian: X-Barracuda-Envelope-From: X-SA-Exim-Mail-From: X-CLX-Shades: X-MailGenerator: Filtered: X-X-Sender: X-Microsoft-Antispam: X-Elrippo-SMTP-Header: X-ListMember: X-SA-Exim-Scanned: X-Report-Abuse: X-MDAV-Processed: X-IronPort-AV: X-Spam-Report: X-Interia-Antivirus: X-IADB-IP: X-Report-Abuse-To: X-Yahoo-Newman- X-Authenticated: X-Get-Message-Sender-Via: X-HELO-Warning: X-no-archive: X-FID: X-IADB-IP-REVERSE: X-AuthVirus-Status: Property: X-UI-Out-Filterresults: X-MEETUP-MESG-ID: X-BTPH: X-Sequence: X-Trac-Ticket-URL: X-Campaignid: X-eC-messenger-token: X-Yahoo-Newman-Id: X-Authenticated-Sender: X-Github-Recipient: X-A1Mail-Track-Id: X-Phorum--Version: X-Trac-Ticket-ID: X-MarketoID: X-TRID: X-SA-Exim-Connect-IP: X-MyRbl: X-Rocket-MIMEInfo: X-message-flag: X-Phorum--Thread: X-Exchange-Antispam-Report- X-Mailfrom: X-SpamTest-Status-Extended: X-Image-Url: X-Proofpoint-Spam-Details: X-VirtualServerGroup- X-SMType: X-Phorum--Parent: CFA-Test: X-Ffncampaignrp-ID: X-SpamTest-Rate: X-Smtp-Server: X-Proofpoint-Virus-Version: Source: X-SMSignature: X-Phorum--Forum: X-MS-Exchange-CrossTenant- X-Mailer-RecptId: X-SpamTest-Method: X-Mailman-Approved-At: X-Broadcast-Id: X-Hostid: X-SMRef: X-smtpID: OriginalArrivalTime: X-Twittersenderscreenname: X-SpamTest-Group-ID: main.cf

header_checks = regexp:/etc/postfix/ header_checks /^Date: .* 199[0-9]/ REJECT \ Your mail Date is way in the past, please buy a realtime clock for your computer! /^X-LinkedIn-Class: / REJECT Go away! Body Checks main.cf

body_checks = pcre:/etc/postfix/ body_checks Spamassassin master.cf smtp!inet!n!-!-!-!-!smtpd -o content_filter=spamassassin submission inet n!-!-!-!-!smtpd -o content_filter=spamassassin spamassassin!unix!-!n!n!-!-!pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} $ {recipient} # How many hits before a message is considered spam. required_hits 5.0 # Text to prepend to subject if rewrite_subject is used rewrite_header Subject [**Lovely SPAM**] add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ X-Spam-Status: No, score=-1.9 required=3.5 tests=AWL,BAYES_00,SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 whitelist_from_dkim *@easterhegg.eu \ easterhegg.eu score USER_IN_DKIM_WHITELIST -4.0 score DKIM_VERIFIED -1.3 score DKIM_POLICY_TESTING 0 AntiVirus, -Malware, -Phishing ClamAV/Clamd Pyzor Razor Amavisd-new

Local Delivery LMDA main.cf virtual_transport = lmtp:unix:private/ dovecot-lmtp Dovecot /etc/dovecot/conf.d/20-lmtp.conf protocol lmtp { postmaster_address = postmaster@domainname # required mail_plugins = quota sieve } Filtering/Sorting if address :is ["From", "To"] "[email protected]" { fileinto "INBOX.mailinglist"; }

/ 3. Akt 4. Akt Webmail

Roundcube Plugins https://plugins.roundcube.net/ johndoh/sieverules roundcube/carddav jirutka/virtuser_ldap mat_krauser/image_paster roundcube/customizr roundcube/chbox kitist/html5_notifier Two-Factor-Authentication northox/roundcube-yubikey-plugin alexandregz/twofactor_gauthenticator rcdevs/openotp_authentication Push Notifications für  https://github.com/st3fan/dovecot-xaps-daemon

/ 4. Akt

@leyrer @MacLemon