[CentOS] Passwords in plain text

Sun Jun 17 16:13:21 UTC 2018
Alice Wonder <alice at domblogger.net>

On 06/17/2018 09:11 AM, Alice Wonder via CentOS wrote:
> On 06/17/2018 08:52 AM, Michael Hennebry via CentOS wrote:
>> I'm petty sure I messed up attributions, so am deleting them.
>>
>>>> I believe this is a DMARC issue. Yahoo, among other places, has set
>>>> their dmarc records to p=reject:
>>
>>>> So, if your mail hosting provider enforces dmarc,(gmail does) and you
>>>> get mail from a list that doesn't rewrite the headers, and people
>>>> from places like yahoo post to the list, you'll likely get some form
>>>> of warning about being being kicked off the mailing list every now
>>>> and then. The frequency depends on how often people from p=reject
>>>> places post, and what the settings are for bounce handling of the
>>>> mailing list in question.
>>
>>> This is indeed what happened.  An email from yahoo.com.uk caused gmail
>>> to reject all the mails sent by that user because of the yahoo DMARC
>>> settings.
>>
>> Say it isn't so: *An* e-mail, just *one* from yahoo.com.uk
>> caused every gmail user to have his account disabled.
>>
>> I'd heard of the DMARC thing with mailing lists before,
>> but had not known it enabled single e-mails of mass destruction.
>
> I run dmarc on my mail server but only in report mode, it doesn't reject.
>
> I did it as a test (for years) and am fully convinced that dmarc is
> worthless for real world protection.
>
> Numerous mail lists out there are configured in such a way that dmarc
> gets triggered and that just isn't going to change.
>
> It's a neat idea but it's not backwards compatible with the way SMTP
> already works.
>
> I can not recommend its use. I do recommend mail server software update
> if possible to be compatible but I just can not recommend mail servers
> enforce dmarc.
>
> DKIM is a good thing, but dmarc breaks things too badly.
>
> Even DKIM though is of limited usefulness - it seems the spammer
> blacklists don't really care. Even with proper DKIM signature on a
> domain with correct reverse DNS set up for years, they will still add
> you to the spam blacklist if any other host on your subnet is identified
> as a spammer.
>
> So even the blacklists don't really utilize this anti-spam anti-spoof
> technology, which makes it kind of worthless.
>
> Using DKIM as one of several factors in spamassassin though is possibly
> helpful, though most spammers these days have a validating DKIM sig.
>
> _______________________________________________


Let me put it this way - in the several years of running dmarc is report 
only mode, over 99% of reported violations are false positives from mail 
lists.

That high of a false positive rate tells me it is broken technology.