Am Samstag, 28. März 2020, 10:26:34 CEST schrieb Per Jessen:
Lars Vogdt wrote:
> I finally want to start with the new Email setup for openSUSE - and
> I'm currently looking for volunteers... :-)
> Planned short term:
> * set SPF records for openSUSE domains
I hope you'll set them to "?ALL" aka "don't care about the
design SPF" ;-)
Background: We don't have a way for our members to send out mails with
@opensuse.org sender using an openSUSE server, therefore mails from
@opensuse.org basically can/have to be sent from random servers around
> * install mx1 and mx2.opensuse.org
> ** use postfix and rspamd
> ** integrate clamav (and reject messages seen as spam directly)
> ** integrate the alias table for members
Agreed, and don't forget the mailinglist aliases and a few others like
* enable DCIM on all outgoing mail servers
Something I missed?
Probably not :-)
Doing spam-filtering and virus-detection in-line (i.e. without
queueing) will likely lead to time-outs. Mail-servers don't like to
I tend to disagree ;-)
I use pre-queue spam blocking (with amavis) since years without
noticable problems. Maybe my server is bored (~2000 incoming mails per
day), but I'd expect similar or even lower numbers on the openSUSE
Besides that, pre-queue is the only way to block/reject (!= bounce) spam
and viruses without causing backscatter (bounces to faked sender
rspamd is very picky wrt standards. We had some
issues last year.
For our member aliases, I would suggest tagging is better than
rejecting (will always lead to more support cases). Unfortunately, it
also means forwarding spam and virus, which the receiving server
might not appreciate.
I remember some complaints that we forward spam, and adding a tag
doesn't make it much better ;-)
Personally, I'd prefer to have spam mails rejected instantly, even if
that comes with the risk of a few false positives.
(The perfect solution would be to make it configurable in self-service,
but we'll probably need a replacement for connect.o.o before doing
Legally, we might (IANAL) have to ask our members if they want to have
spam blocked. Maybe "just" informing them would also be good enough, but
that's something for a lawyer to answer.
Use different outbound address for member
forwarding, if we have, even a different range. (in case we get
Right, forwarding spam is funny[tm].
Wrt DKIM - do we actually send out much email
from 'opensuse.org' ? (other than automatic stuff).
All mailinglist posts have an envelope sender
I hope and intend to make the unclear situation
even a bit more unclear. ;)
[Lars Müller in opensuse-factory]
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org