CAcert System Admins discussion list

["Disch, Uwe (Disch Engineering™)" <uwe.disch AT disch-online.de>]

Hi,

Am 16.11.2014 um 00:32 schrieb Benny Baumann:

> Hi Mario,
>
> Am 15.11.2014 um 12:00 schrieb Mario Lipinski:
> > Hi Uwe,
> >
> > imho you should not set '-all' for domains you are using for services
> > that include mail redirection, such as mailing lists.
> >
> >       
> An even better practice is Sender Rewriting on the part of the mailing
> list server, thus the envelope sender of the mail originating from the
> mailing list becomes CAcert and thus the CAcert ML SPF records apply.
> It's a known problem with SPF deployment but hardly ever addressed anywhere.
>     
    Yes, this was in my mind when I sent my initial post.  Please see:
    https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
    
    For example Google is using SRS.  Patched qmail also.
    
    And with this DMARC and SPF stuff I know who is trying to abuse my
    domains...
> > Mario
> >
> >       
> Regards,
> BenBE.
>     
    Bye
    Uwe
> > Am 15.11.2014 11:25, schrieb "Disch, Uwe (Disch Engineering™)":
> > > the actual setup of the list servers of cacert.org violates DMARC.
> > >
> > > The list mail servers should not send e-mails for which them not
> > > authorized to do so (mainly SPF rule violation).  See attachments for
> > > more info.
> > >         
> >       
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature