Christian Boltz wrote:
Hello,
Am Samstag, 28. März 2020, 10:26:34 CEST schrieb Per Jessen:
Lars Vogdt wrote:
I finally want to start with the new Email setup for openSUSE - and I'm currently looking for volunteers... :-)
Planned short term: * set SPF records for openSUSE domains
I hope you'll set them to "?ALL" aka "don't care about the broken-by- design SPF" ;-)
Background: We don't have a way for our members to send out mails with @opensuse.org sender using an openSUSE server, therefore mails from @opensuse.org basically can/have to be sent from random servers around the world.
Good point. I wonder if an SPF record is worth bothering with, but maybe it is good to just announce "no policy".
Some comments:
Doing spam-filtering and virus-detection in-line (i.e. without queueing) will likely lead to time-outs. Mail-servers don't like to wait :-)
I tend to disagree ;-)
No problem :-)
I use pre-queue spam blocking (with amavis) since years without noticable problems. Maybe my server is bored (~2000 incoming mails per day), but I'd expect similar or even lower numbers on the openSUSE mailservers.
Just to establish credentials: I have been doing spam-filtering as a business since 2006, and we currently process towards 10'000 messages/per second. The key delay contributors are DNS, the virus scan, a PDF scan and our fuzzy image matching.
Besides that, pre-queue is the only way to block/reject (!= bounce) spam and viruses without causing backscatter (bounces to faked sender addresses).
Yes, that is correct. A pre-queue filter is much better.
For our member aliases, I would suggest tagging is better than rejecting (will always lead to more support cases). Unfortunately, it also means forwarding spam and virus, which the receiving server might not appreciate.
I remember some complaints that we forward spam, and adding a tag doesn't make it much better ;-)
Correct, I agree.
Personally, I'd prefer to have spam mails rejected instantly, even if that comes with the risk of a few false positives.
We'll just assign all the support tickets to you then :-) That is the only reason I don't like the reject - people wondering what happened to their email.
(The perfect solution would be to make it configurable in self-service, but we'll probably need a replacement for connect.o.o before doing that.)
Legally, we might (IANAL) have to ask our members if they want to have spam blocked. Maybe "just" informing them would also be good enough, but that's something for a lawyer to answer.
Having thought about it, I strongly suggest we skip spam & virus filtering altogether. Filtering is a bit of a luxury, but it needs maintenance and tuning, regularly. Will we offer whitelisting and blacklisting to our members? -- Per Jessen, Zürich (1.2°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org