Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
W dniu 05.10.2015 o 16:43, Reindl Harald pisze: well, that people should send their mail from the Fedora servers and not from a wrong configured random MTA allowing random envelope senders Many of those people send their mail from properly configured MTA allowing random envelope senders for authenticated users. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
And openpgpkey-milter :) And put in a TLSA record for their MX :) Paul Sent from my iPhone > On Oct 5, 2015, at 10:58, Michel Alexandre Salim> wrote: > > On a related note to that, it would be great if active Fedora contributors do > get to use an SMTP server with SPF and DKIM set up. > > -- > Michel > >> On Mon, Oct 5, 2015 at 9:47 PM, Marcin Juszkiewicz >> wrote: >> W dniu 05.10.2015 o 16:43, Reindl Harald pisze: >>> well, that people should send their mail from the Fedora servers and >>> not from a wrong configured random MTA allowing random envelope >>> senders >> >> Many of those people send their mail from properly configured MTA allowing >> random envelope senders for authenticated users. >> >> -- >> devel mailing list >> devel@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/devel >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
Am 05.10.2015 um 16:16 schrieb Stephen John Smoogen: On 4 October 2015 at 03:03, Reindl Haraldwrote: is there a reason that the list-subdomain has a SPF record but the main domain not? now that as example "bo...@fedoraproject.org" sends a lot of mails it would make sense to shortciruit them as ham on spamfilters as it is possible for the mailing-lists I think the fact that various people use n...@fedoraproject.org as their email address. If we put an SPF that bodhi email comes from a certain address area, then those people will need to send email also from that zone or be treated as SPAM. Of course I could be completely wrong here.. and I am ok with that. well, that people should send their mail from the Fedora servers and not from a wrong configured random MTA allowing random envelope senders however, it would make a lot of sense use for infrastructure mails a own subdomain like "lists.fedoraproject.org" because handling them different then personal sent mails from probably hacked accounts BTW - that should also be the bodhi-adress and not the karma commenter as envelope: Return-Path: lupi...@fedoraproject.org [Fedora Update] [comment] kde-runtime-15.08.1-2.fc22 lists.fedoraproject.org. 300IN TXT "v=spf1 mx a:lists.fedoraproject.org a:bastion.fedoraproject.org a:bastion02.fedoraproject.org a:bastion01.fedoraproject.org ~all" [harry@srv-rhsoft:~]$ dig TXT fedoraproject.org ; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> TXT fedoraproject.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47349 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1024 ;; QUESTION SECTION: ;fedoraproject.org. IN TXT ;; AUTHORITY SECTION: fedoraproject.org. 120 IN SOA ns04.fedoraproject.org. hostmaster.fedoraproject.org. 2443921540 3600 600 2419200 86400 ;; Query time: 27 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: So Okt 04 10:59:15 CEST 2015 ;; MSG SIZE rcvd: 98 signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
On 4 October 2015 at 03:03, Reindl Haraldwrote: > is there a reason that the list-subdomain has a SPF record but the main > domain not? now that as example "bo...@fedoraproject.org" sends a lot of > mails it would make sense to shortciruit them as ham on spamfilters as it is > possible for the mailing-lists I think the fact that various people use n...@fedoraproject.org as their email address. If we put an SPF that bodhi email comes from a certain address area, then those people will need to send email also from that zone or be treated as SPAM. Of course I could be completely wrong here.. and I am ok with that. > > > lists.fedoraproject.org. 300IN TXT "v=spf1 mx > a:lists.fedoraproject.org a:bastion.fedoraproject.org > a:bastion02.fedoraproject.org a:bastion01.fedoraproject.org ~all" > > > [harry@srv-rhsoft:~]$ dig TXT fedoraproject.org > ; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> TXT fedoraproject.org > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47349 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1024 > ;; QUESTION SECTION: > ;fedoraproject.org. IN TXT > > ;; AUTHORITY SECTION: > fedoraproject.org. 120 IN SOA ns04.fedoraproject.org. > hostmaster.fedoraproject.org. 2443921540 3600 600 2419200 86400 > > ;; Query time: 27 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: So Okt 04 10:59:15 CEST 2015 > ;; MSG SIZE rcvd: 98 > > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Stephen J Smoogen. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
On a related note to that, it would be great if active Fedora contributors do get to use an SMTP server with SPF and DKIM set up. -- Michel On Mon, Oct 5, 2015 at 9:47 PM, Marcin Juszkiewiczwrote: > W dniu 05.10.2015 o 16:43, Reindl Harald pisze: > >> well, that people should send their mail from the Fedora servers and >> not from a wrong configured random MTA allowing random envelope >> senders >> > > Many of those people send their mail from properly configured MTA allowing > random envelope senders for authenticated users. > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
On Mon, 5 Oct 2015 16:47:09 +0200 Marcin Juszkiewiczwrote: > W dniu 05.10.2015 o 16:43, Reindl Harald pisze: > > well, that people should send their mail from the Fedora servers and > > not from a wrong configured random MTA allowing random envelope > > senders > > Many of those people send their mail from properly configured MTA > allowing random envelope senders for authenticated users. There's no "sending from Fedora servers". @fedoraproject.org _aliases_ are just aliases. They aren't real mailboxes. We will never have SPF records for fedoraproject.org. The bodhi emails are IMHO a bug: https://github.com/fedora-infra/bodhi/issues/626 It should ideally not send them at all (in favor of FMN) or if it has to for some reason, they should come from a known address and not pretend to be from the commenter. kevin pgpswSphjdL65.pgp Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
On Mon, 5 Oct 2015 11:04:40 -0400 Paul Wouterswrote: > And openpgpkey-milter :) > > And put in a TLSA record for their MX :) I don't think it makes much sense for Fedora Infrastructure to get into the business of being a SMTP server provider. Is this something that would help forward the goals of the Fedora Project? If so, how? Additionally I suspect the admin overhead would be large just answering "Your smtp server sent me spam" type of noise... kevin -- > > Paul > > Sent from my iPhone > > > On Oct 5, 2015, at 10:58, Michel Alexandre Salim > > wrote: > > > > On a related note to that, it would be great if active Fedora > > contributors do get to use an SMTP server with SPF and DKIM set up. > > > > -- > > Michel > > > >> On Mon, Oct 5, 2015 at 9:47 PM, Marcin Juszkiewicz > >> wrote: W dniu 05.10.2015 o 16:43, Reindl > >> Harald pisze: > >>> well, that people should send their mail from the Fedora servers > >>> and not from a wrong configured random MTA allowing random > >>> envelope senders > >> > >> Many of those people send their mail from properly configured MTA > >> allowing random envelope senders for authenticated users. > >> > >> -- > >> devel mailing list > >> devel@lists.fedoraproject.org > >> https://admin.fedoraproject.org/mailman/listinfo/devel > >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > > > -- > > devel mailing list > > devel@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/devel > > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct pgpMdJkmno5Ok.pgp Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
Am 05.10.2015 um 16:47 schrieb Marcin Juszkiewicz: W dniu 05.10.2015 o 16:43, Reindl Harald pisze: well, that people should send their mail from the Fedora servers and not from a wrong configured random MTA allowing random envelope senders Many of those people send their mail from properly configured MTA allowing random envelope senders for authenticated users well, and that's why spamfighting is that complicated a MTA allowing random sender is *not* properly configured however, at least the bodhi mails should come from a subdomain with a SPF record or at least DKIM signed which would also hit "whitelist_auth", alternatively STOP THAT NEW mass mails while using fedora-easy-karma (which now works after a long time), i know by myself that i have commented a testing update i guess you don't use random sevrers fro your @redhat.com redhat.com. 600 IN TXT "v=spf1 include:u1969764.wl.sendgrid.net include:_spf1.redhat.com include:_spf2.redhat.com -all" signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
W dniu 05.10.2015 o 16:58, Reindl Harald pisze: Am 05.10.2015 um 16:47 schrieb Marcin Juszkiewicz: Many of those people send their mail from properly configured MTA allowing random envelope senders for authenticated users well, and that's why spamfighting is that complicated a MTA allowing random sender is *not* properly configured My MTA has to send my emails. I connect, authenticate and provide emails to send. I may fetch them from many different servers but send them through one SMTP server. i guess you don't use random sevrers fro your @redhat.com My emails from company address go through company MTA because that's policy and they can contain confidential information. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
Am 05.10.2015 um 17:12 schrieb Kevin Fenzi: On Mon, 5 Oct 2015 11:04:40 -0400 Paul Wouterswrote: And openpgpkey-milter :) And put in a TLSA record for their MX :) I don't think it makes much sense for Fedora Infrastructure to get into the business of being a SMTP server provider. Is this something that would help forward the goals of the Fedora Project? If so, how? Additionally I suspect the admin overhead would be large just answering "Your smtp server sent me spam" type of noise... my whole point was that automatic generated mails of infrastructure should live in a subdomain with a SPF record to handle them different than ordinary mail - a whitelist_auth / shortcircuit message eats no ressources ona incoming filter and you don't need bayes-training while SPF prevents forging the sender signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
Am 05.10.2015 um 17:43 schrieb Marcin Juszkiewicz: W dniu 05.10.2015 o 16:58, Reindl Harald pisze: Am 05.10.2015 um 16:47 schrieb Marcin Juszkiewicz: Many of those people send their mail from properly configured MTA allowing random envelope senders for authenticated users well, and that's why spamfighting is that complicated a MTA allowing random sender is *not* properly configured My MTA has to send my emails. I connect, authenticate and provide emails to send. I may fetch them from many different servers but send them through one SMTP server. RTFM your SMTP servers manual for such cases our MTA has the SMTP credentials of the sender and uses a sender-based relay to *not* blow out forged mail, while that's off-topic here: A records without SPF lead to forged mails and more important makes it impossible on the RCPT side to distinct between forged and legit mail for whitelisting and in general however, off-topic, for the moment i only care about mass mails from the fedora infrastructure which hits BAYES_50 alerts and i don't want to train as ham for good reasons signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: SPF records @fedoraproject.org versus @lists.fedoraproject.org
On Mon, 5 Oct 2015, Kevin Fenzi wrote: On Mon, 5 Oct 2015 11:04:40 -0400 Paul Wouterswrote: And openpgpkey-milter :) And put in a TLSA record for their MX :) I don't think it makes much sense for Fedora Infrastructure to get into the business of being a SMTP server provider. Is this something that would help forward the goals of the Fedora Project? If so, how? I wasn't refering to Fedora Infrastructure, but to people running fedora for their mail servers. That said, if we run MX for fedoraproject.org, we should also do that of course :) Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
SPF records @fedoraproject.org versus @lists.fedoraproject.org
is there a reason that the list-subdomain has a SPF record but the main domain not? now that as example "bo...@fedoraproject.org" sends a lot of mails it would make sense to shortciruit them as ham on spamfilters as it is possible for the mailing-lists lists.fedoraproject.org. 300IN TXT "v=spf1 mx a:lists.fedoraproject.org a:bastion.fedoraproject.org a:bastion02.fedoraproject.org a:bastion01.fedoraproject.org ~all" [harry@srv-rhsoft:~]$ dig TXT fedoraproject.org ; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> TXT fedoraproject.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47349 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1024 ;; QUESTION SECTION: ;fedoraproject.org. IN TXT ;; AUTHORITY SECTION: fedoraproject.org. 120 IN SOA ns04.fedoraproject.org. hostmaster.fedoraproject.org. 2443921540 3600 600 2419200 86400 ;; Query time: 27 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: So Okt 04 10:59:15 CEST 2015 ;; MSG SIZE rcvd: 98 signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct