On 01/07/2019 09:59 AM, Dmitri Maziuk via Mailman-Users wrote:
We used to run irix whose sendmail sent every message from host.domain and every A record had to have an adjacent MX record for e-mail to even work. That way lies madness.
Hum.I think Sendmail (and other MTAs that I've tested) default to user@host.domain too. But that's just a default that's easy to change.
I thought that SMTP allowed for falling back to an A record to find where to send messages for host.domain. Or are you saying that you used MX records to route email to a different machine, possibly a mail hub?
I also thought that SMTP would iterate up through the right hand side of email addresses looking for MX / A records and trying to connect to an SMTP server. Thus it would be possible to have an MX record for domain and all hosts there in would cascade up to said MX record.
Or is all of this vagaries of SMTP and too unpredictable / unreliable and best avoided?
Rather trivial with postfix but a) we have bona fide subscribers posting rom their gmail instead of subscribed From: -- I want those to get moderated instead of bounced, b) it is of course subject to spoofing, and c) how much of a problem is it IRL?
A) Fair enough. I would expect there to be a per-list tunable to either reject or not-reject messages based on list membership. In the scenario that you describe, the messages would not be rejected based on sending email address and assuming the message passes other tests would be passed further into Mailman.
B) I would hope that other things like SPF / DKIM / DMARC would help reduce this considerably. But I'm not going to hope enough to hold my breath.
C) ¯\_(ツ)_/¯ I suspect it's highly mailing list dependent. - I personally like to do as much as possible during the SMTP transaction. So if there is a reasonable way to apply some Mailman filtering logic to applicable messages, why not do it?
In our -- admittedly very lightly loaded -- domains, it's RBL and fail2ban that seem to provide best bang for the buck.
*nod* -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
