[Mailman-Developers] Adding DMARC support for Mailman 3
Stephen J. Turnbull
stephen at xemacs.org
Fri Jul 12 04:56:41 CEST 2013
Barry Warsaw writes:
> On Jul 11, 2013, at 03:23 AM, Stephen J. Turnbull wrote:
> >This is somewhat problematic. DMARC results are potentially
> >trivalent. If action is "reject" and pct is less than 100, some hits
> >are "rejects" and some are "quarantine". Misses are misses. So I
> >guess you do this with a chain of two rules, the first one verifying
> >the message and if that hits (ie, verification fails) the second one
> >rolls the dice for pct.
>
> While ugly, that might be the best we can do for now.
Verbose, yes. Is it really ugly, though? I don't know how much you
were directly influenced by iptables and SIEVE, but the idea of rule
chains as a way to very flexibly configure filters has been
implemented many times. The model is very simple and completely
flexible.
> Instead it would jump to a custom (terminal) chain that made the
> more specific determination of whether to reject or hold the
> message.
This is pretty much what I was suggesting.
> >Silent discards without content analysis make me queasy.
>
> Of course, we'd likely log and fire an event, so at least it wouldn't happen
> completely silently.
No, but it might be many days before the originator gets around to
asking why their message hasn't appeared.
> Yep. There is some limited ability to do additional checking at LMTP time,
> but this isn't pluggable currently.
Does LMTP provide the necessary ability to reject?
Steve
More information about the Mailman-Developers
mailing list