On 11/24/2015 11:03 PM, José Luis Tallón wrote: > On 11/24/2015 07:55 PM, Tom Lane wrote: >> [snip] >> The clearly critical thing, though, is that when forwarding a message >> from >> a person at a DMARC-using domain, we would have to replace the From: line >> with something @postgresql.org. This is what gets it out from under the >> original domain's DMARC policy. > > One possibility that comes to mind: > > - Remove the sender's DMARC headers+signature **after thoroughly > checking it** (to minimize the amount of UBE/UCE/junk going in) > - Replace the sender's (i.e. 'From:' header) with > list-sender+munched-em...@postgresql.org (VERP-ified address) > > - Add the required headers, footers, change the subject line, etc > > - DKIM-sign the resulting message with postgresql.org's keys before > sending it
that seems entirely doable with our current infrastructure (and even with minimal-to-no hackery on mj2) - but it still carries the "changes From:" issue :/ >> [snip] >> >> If Rudy's right that Gmail is likely to start using p=reject DMARC >> policy, >> we are going to have to do something about this before that; we have too >> many people on gmail. I'm not exactly in love with replacing From: >> headers but there may be little alternative. We could do something like >> From: Persons Real Name <nob...@postgresql.org> >> Reply-To: ... >> so that at least the person's name would still be readable in MUA >> displays. > Yup > >> We'd have to figure out whether we want the Reply-To: to be the original >> author or the list; as I recall, neither of those are fully satisfactory. > Or just strip it, though that trump the sender's explicit preference > (expressed by setting the header) > > > I might be able to help a bit with implementation if needed. the MTA side of things is fairly easy/straightforward(including using exim for some of the heavy lifting like doing the inbound dkim checking and "hinting" the downstream ML-boxes with the results) - however the main mailinglist infrastructure is still mj2 and that is aeons old perl - still interested in helping with implementation? ;) Stefan -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
