[Mailman-Users] mm-handler same as postfix-to-mailman.py
Grant Taylor
gtaylor at tnetconsulting.net
Mon Jan 7 15:13:28 EST 2019
On 01/07/2019 09:59 AM, Dmitri Maziuk via Mailman-Users wrote:
> We used to run irix whose sendmail sent every message from host.domain
> and every A record had to have an adjacent MX record for e-mail to even
> work. That way lies madness.
Hum.
I think Sendmail (and other MTAs that I've tested) default to
user at host.domain too. But that's just a default that's easy to change.
I thought that SMTP allowed for falling back to an A record to find
where to send messages for host.domain. Or are you saying that you used
MX records to route email to a different machine, possibly a mail hub?
I also thought that SMTP would iterate up through the right hand side of
email addresses looking for MX / A records and trying to connect to an
SMTP server. Thus it would be possible to have an MX record for domain
and all hosts there in would cascade up to said MX record.
Or is all of this vagaries of SMTP and too unpredictable / unreliable
and best avoided?
> Rather trivial with postfix but a) we have bona fide subscribers posting
> rom their gmail instead of subscribed From: -- I want those to get
> moderated instead of bounced, b) it is of course subject to spoofing,
> and c) how much of a problem is it IRL?
A) Fair enough. I would expect there to be a per-list tunable to either
reject or not-reject messages based on list membership. In the scenario
that you describe, the messages would not be rejected based on sending
email address and assuming the message passes other tests would be
passed further into Mailman.
B) I would hope that other things like SPF / DKIM / DMARC would help
reduce this considerably. But I'm not going to hope enough to hold my
breath.
C) ¯\_(ツ)_/¯ I suspect it's highly mailing list dependent. - I
personally like to do as much as possible during the SMTP transaction.
So if there is a reasonable way to apply some Mailman filtering logic to
applicable messages, why not do it?
> In our -- admittedly very lightly loaded -- domains, it's RBL and fail2ban
> that seem to provide best bang for the buck.
*nod*
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20190107/0bfdd606/attachment.bin>
More information about the Mailman-Users
mailing list