On Fri, May 22, 2009 at 10:30:03PM +0100, Stephen Gran wrote: > Hello all, > > So I've looked through a few weeks of mail logs to packages.debian.org, > and it looks like it collects some useful mail from automated scripts > on various debian.org machines (primarily ries), and about 1000 spams a > day from elsewhere. I haven't done an exhaustive survey, but it seems > pretty clear so far that the domain does not get any significant amount > of legitimate mail from machines other than the debian.org hosts. > > If this is actually the case, I'd like to close the domain down to only > accept mail from other debian.org machines. If it's not, I'd like to work > with people who do use it to either make it possible to send their mail > from debian.org machines or from a short whitelist of machines elsewhere. > If this isn't possible, we'll of course continue to offer it as a public > service if it's needed. It's just that if it doesn't need to be a > public facing mail domain, we all get a little less spam in our inbox, > and the service becomes easier to administer. > > In the large scheme of things, of course, 1000 spams a day is pretty > minimal. The amount of processing power that goes into turning away > the other 60000 mails/day and then resending the 1000 spams that do get > through, though, does approach significance, and I'd like to make it > simple to admin and more friendly to the final recipients.
How hard would it be to set up a self-service whitelisting interface? I've used @packages.do.o addresses sporadically in the past to contact package maintainers when I've been too lazy to look them up. regards Andrew
signature.asc
Description: Digital signature
