infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Lambertus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-12309) block invalid apache.org inbound email
Date Tue, 25 Jun 2019 04:54:00 GMT

    [ https://issues.apache.org/jira/browse/INFRA-12309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16871996#comment-16871996
] 

Chris Lambertus commented on INFRA-12309:
-----------------------------------------

This will be tested with a new MX server rollout planned in the next few days, implemented
via postfix-policyd-spf-python and an initial setup to force fail non-matching SPF records:

Reject_Not_Pass_Domains = apache.org

This will ensure that any mail coming into the new external border MX server purporting to
be from @apache.org must originate from a server on our SPF list. This is an interim step
prior to switching our DNS SPF record from ~all to -all.

[~gstein] fyi

> block invalid apache.org inbound email
> --------------------------------------
>
>                 Key: INFRA-12309
>                 URL: https://issues.apache.org/jira/browse/INFRA-12309
>             Project: Infrastructure
>          Issue Type: Planned Work
>          Components: Mailing Lists
>            Reporter: Chris Lambertus
>            Assignee: Chris Lambertus
>            Priority: Major
>
> Evaluate using check_sender_access along with mynetworks to reject mail from @apache.org
that doesn't match our internal mail relays/networks. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message