xiffy

Public posts from @xiffy@mastodon.nl

@Mdubbelm En hoe schrijf je je site? Speciale markdown editor of gewoon in een IDE?

VK: Voorpagina

Volkskrant.nl biedt het laatste nieuws, opinie en achtergronden

Trump en Netanyahu beginnen als beste vrienden aan taaie onderhandelingen

Wel.nl

Minder lezen, Meer weten.

Bouw 280 kilometer lang hek op grens Letland en Rusland afgerond

RIGA (ANP/DPA) - Letland heeft de bouw van een hek langs de hele grens met Rusland afgerond. De regering in Riga had daartoe besloten na de Russische inval in Oekraïne. Volgens minister van Binnenlandse Zaken Rihards Kozlovskis vormt Rusland ook een bedreiging voor Letland en moet de grens daarom goed bewaakt worden.

Letland bouwde eerder al een hek langs de gehele grens met Belarus en is van plan om komend jaar nog meer maatregelen te nemen, zoals betere surveillance. Het nu gebouwde hek langs de 280 kilometer lange grens met Rusland vormt "een belangrijke bijdrage aan de veiligheid van de Letse bevolking", aldus Kozlovskis. "Ons hoofddoel is om de modernste grensbewaking van de oostgrens van de EU op te zetten."

De drie Baltische staten (Estland, Letland en Litouwen) werken al nauw samen om de grenzen met Rusland en Belarus te versterken. Ze bouwen onder meer bunkers in het grensgebied en plaatsen betonnen barrières op strategische plekken om een eventuele Russische aanval te beteugelen.


Today in "Google broke email"

I have just learned that, beginning in 3 days, my employees will no longer be able to receive their work email.

Apparently Google is dropping support for Gmail accounts being able to fetch mail from outside accounts. At all. And they announced this change less than 60 days ago. (The announcement was in the basement, stairs, leopard, etc.)

What I want to accomplish is simple:

  1. When email arrives for employee@dnalounge.com, have it delivered to the inbox of dna_employee@gmail.com.
  2. When that employee is logged into that gmail account, have them able to send email with employee@dnalounge.com in the From: header.

This cannot be accomplished by simply having mail.dnalounge.com forward messages for employee@dnalounge.com to dna_employee@gmail.com because SPF destroyed email forwarding. Specifically:

  1. customer@example.com sends mail to employee@dnalounge.com.
  2. The SPF record of example.com includes "-all" (strict) as is now common.
  3. mail.dnalounge.com forwards that messages to dna_employee@gmail.com.
  4. Gmail says, "example.com does not permit dnalounge.com to send email on their behalf" and rejects it with "550 SPF hard fail".

My current email flow is this:

  1. Inbound mail:
    1. Email for employee@dnalounge.com arrives at my server.
    2. Message is stored in my server's Dovecot/Maildir.
    3. dna_employee@gmail.com has "Import emails from my other account (POP3)" selected, and Gmail has a saved plaintext copy of their mail.dnalounge.com email password to accomplish this.
    4. Gmail polls and downloads their email over POP3 every 30-90 minutes, sometimes longer. ← This is the thing that is going away.
    5. Gmail runs their aggressive spam filtering on that, and puts some subset of it into their Gmail inbox.

  2. Outbound mail:
    1. dna_employee@gmail.com has its outgoing From address configured as employee@dnalounge.com (via "Add another email address").
    2. When they use Gmail to send mail from their employee@dnalounge.com address, Gmail delivers it to mail.dnalounge.com, authenticating with the saved plaintext copy of the employee's mail.dnalounge.com password.
    3. mail.dnalounge.com delivers it to customer@example.com, so the SPF record matches mail.dnalounge.com as the origin (and I don't have to have my SPF record say "any spammer on gmail.com is allowed to send mail pretending to be any dnalounge.com address.").

The linked article says "Gmail will continue to support IMAP" which sounds like: "Gmail can still poll your server to download email, you just have to switch from POP to IMAP". That would be fine if it were true, but it is not. Gmail does not and has never supported importing email via IMAP into the Gmail MDA/MTA. It only supports adding an IMAP server as a second account in the MUA, which is not the same thing at all.

Now that Google is removing the ability to have Gmail poll my server to download messages, what are my options?

Here are some things that people will suggest that are unacceptable:

  1. Have the dnalounge.com MX record point to some Google thing and let them take over 100% of my company's email. Fuck no. Also it wouldn't integrate with our internal systems, store, transactional emails, bounce processing, etc.

  2. Have my employees' official business email addresses end in @gmail.com. Obviously no. (Maybe @aol.com though.)

  3. Use "Sender Rewriting Scheme" to have dnalounge.com rewrite customer@example.com to customer%example.com@dnalounge.com before forwarding it to dna_employee@gmail.com, which is insane, but also will cause any forwarded spam to be tallied against dnalounge.com and Google will just stop delivering them. At some point, Google's "best practices for forwarding" document specifically dis-recommended SRS.

  4. Find some other third-party email provider that still offers the POP3-download service that Gmail used to, and tell my staff, "Great news everybody! You have to switch from Gmail to Hotmail now."

So the only options that I think I have left are:

  1. Self-host IMAP.
    1. Every employee gets their own IMAP account, hosted on my own server.
    2. They can add that account to the Gmail mobile app or whatever, as a second IMAP account that is not Gmail. Which is apparently still supported. For now.
    3. My server is now responsible for storing all of their messages, including all of their spam. It is a vast amount of data. I will have to implement quotas.
    4. My employees will be wasting a bunch of time trying to find and delete emails with the same giant attachment in each of the 30 messages in the same thread, and if they don't, mail to them will bounce.
    5. "I can't find that old email any more" is a conversation that we will be having all the time.
    6. My employees will be receiving way more spam, since Gmail's spam filtering is (presumably?) still more effective than what I can accomplish with some stock set of spamassassin rules.

  2. Walk North until I reach the nearest fjord, board an ice floe, lie down, and wait for my bones to turn to dust. The ocean will sequester my carbon. I hope this email does not find you.

Do I have other options?

In summary, everything is terrible.

Previously, previously, previously, previously, previously, previously, previously.

thexiffy

Last.fm last recent tracks from thexiffy.

Explosions in the Sky - It's Never Going To Stop

Explosions in the Sky

Explosions in the Sky - The Fight

Explosions in the Sky

Explosions in the Sky - All Mountains

Explosions in the Sky

Explosions in the Sky - Peace or Quiet

Explosions in the Sky

Slashdot

News for nerds, stuff that matters

GOG and CD Projekt Founder Acquires 100% Ownership of GOG

Michal Kicinski, who co-founded both CD Projekt and the DRM-free digital games store GOG back in 2008, has acquired 100% ownership of GOG from CD Projekt, bringing the platform full circle to one of its original creators.

GOG was already operating as part of CD Projekt through its Sp.z.o.o. subsidiary, but Kicinski now takes complete control of the company. The platform will continue operating independently and maintain its commitment to DRM-free gaming. "The mission stays the same: Make Games Live Forever," GOG said in its announcement.

CD Projekt's joint CEO Michal Nowakowski said the parent company's focus on its development roadmap and franchise expansion made this the right time for the move. GOG has signed a distribution agreement ensuring all upcoming CD Projekt Red titles will release on the platform. Kicinski, describing himself as a "mature gamer" who plays classics, said he's personally involved in developing several retro-spirited games slated for GOG in 2026.

Read more of this story at Slashdot.

Joy Beune gaat niet naar de Spelen op haar favoriete afstand, en dat doet pijn

Joy Beune won dit jaar elke wereldbekerwedstrijd op de 1.500 meter, maar plaatste zich maandag niet op haar favoriete afstand voor de Spelen. Winnares Antoinette Rijpma-de Jong reed haar race „met het mes op de keel”.