[Haskell-cafe] Work on mail.haskell.org beginning, please report any problems
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Dec 23 01:44:31 UTC 2016
> On Dec 22, 2016, at 11:55 AM, John Wiegley <jwiegley at gmail.com> wrote:
>
> - [x] Upgrade Postfix to 2.11
If available as a package for your O/S, might as well use 3.1
> - [X] Enable postscreen for pre-queue RBL filtering
This makes it possible to combine multiple lower-weight RBLs, that
individually are not sufficient to reject mail, but you should still
use the SpamHaus zen RBL in smtpd(8).
> - [ ] DKIM sign messages sent from mailman
Fair enough.
> - [ ] Implement DMARC policy (i.e., reject incoming messages improperly
> DKIM signed, or failing SPF check)
DO NOT DO THIS! DMARC is an abomination, abused by Yahoo and others to
shift costs onto others. The right thing to do with DMARC is to avoid
modifying the message headers (no subject tags) and body (no footers).
This way relayed posts pass DKIM checks.
[ See e.g. perma-thread playing out on ietf at ietf.org at the moment. ]
We can ask list subscribers to add the [Haskell-cafe] tag to the first
message in each new thread, so that the list can avoid the need to modify
the message in transit (beyond adding List- headers, a Sender- header and
setting an appropriate envelope sender).
> - [ ] Use SpamAssassin for post-queue filtering
> - [ ] If helpful, enable deep protocol pre-filtering
Deep protocol tests in "postscreen" have proved difficult to use, too many
large providers don't retry messages from a stable IP address, and whitelisting
their ever-changing address blocks is challenging.
--
Viktor.
More information about the Haskell-Cafe
mailing list