1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.DEV

  • debian.org mail handling updates

    From Adam D. Barratt@21:1/5 to All on Tue Oct 22 07:00:01 2019
    [ TL;DR: the "default mail handling" option in LDAP now actually does
    something by default :) and additional optional checks are available. ]

    Hi,

    This mail summarises recent updates to @debian.org mail handling.

    All mail passing through the front-end mail servers is subject to a
    number of mandatory checks that help to ensure that Debian's resources
    are not overloaded. These mandatory checks include:
    - "nomail" and "noservers" RBLs from SORBS;
    - rate-limiting;
    - fail2ban rules; and
    - manually-curated blacklists.

    Additionally, there are a number of optional checks which may be
    controlled via your LDAP settings:
    - greylisting;
    - sender verification callouts;
    - RBLs / RHSBLs such as Spamhaus XBL or SORBS "relay" RBL;
    - malware scanning using clamav (with some unofficial signatures); and
    - checking of URLs within a message body against the SURBL and Spamhaus
    DBL.

    The "mail content inspection action" setting can be used to determine
    if the result of the final two checks should be to reject the mail,
    blackhole it or deliver it to you with the addition of a header
    indicating the issue.

    Enabling "default mail handling" indicates that you accept DSA's
    choices regarding @debian.org mail handling. In addition to the
    mandatory checks mentioned above, this currently means that the
    following optional checks are enabled:
    - greylisting;
    - Spamhaus XBL
    - SORBS "relay" RBL
    - Spamhaus DBL for sender address

    Finally, documentation on @debian.org mail handling can be found at https://db.debian.org/forward.html, whilst all of the configuration
    relating to "default mail handing" comes from DSA's Puppet repository,
    a mirror of which can be found on Salsa. DSA may alter the mandatory
    checks and/or the optional checks enabled by "default mail handling" as necessary.

    Adam
    wrangling exim on behalf of DSA

    -----BEGIN PGP SIGNATURE-----

    iQJNBAABCgA3FiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAl2ujJwZHGFkYW1AYWRh bS1iYXJyYXR0Lm9yZy51awAKCRDFzl3CxULNWRJhD/9kE4MMclo4P+thXxrruzQn TM14n8uShZKfH3WAWWNJcjno1XgwXWgvCsF/GE8t9z4DP5solfFrqXXJwv+dl2po Xu87w1gdNJ/hXDDonUznv6JXyZfHrCvMImPBF1PpbJxTX6KllP0A1mvNsVMH5GVJ d3m0ghmalSd6f/O5JPnxAiKtdeXE/oYqotKet7W7ySIia+JxFhAQ5V4pjpjedB6W PzKdIsv+RE4R55NZePIldbc+zZp5sStsjqeqQjXVP53WwY8kJCv6/+7hyBl8SXRP rDFQkrb4tyFIeFgLyO03tcgiuzThp/qcFu593eQCrLtojETKSuO2QPAx0UnPx6SS 6UNMf5w8yPLIFy9KLi7j+e/tvoZmnUGlxAUI89OP4A7A6e/mBNLN2WBuKvz8YqLe kGYqdMlsshmlfTXj7cdGqtW2tIjv8fzRtww3wvGNNJ5CuyH02Q74ukzrQDGB+gO0 L+3UUJUHzq5hpNyN/kjES3WfsxZ8jljC/8CfQEf/oUq3ObwSi/71on/ZfOFOYHWH pHZXkgm/LF0e4aQbJb9OTcT7v/Pe/LK67FqFAzEMlmJV3JH7mZKq9GhDysSH0mzX T+0AszHsKpVBzoRxH6jUr4F3q9+CLgOYPnv8BKjtdLeu2EcnWmS8ayqF3q1LOEP9 7F+etfGMIFrqE1UIKRQZYQ==
    =HtnB
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)