| From: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
|---|---|
| To: | José Luis Tallón <jltallon(at)adv-solutions(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Kevin Grittner <kgrittn(at)gmail(dot)com> |
| Subject: | Re: New email address |
| Date: | 2015-11-26 19:42:37 |
| Message-ID: | 565760AD.9050200@kaltenbrunner.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/24/2015 11:03 PM, José Luis Tallón wrote:
> On 11/24/2015 07:55 PM, Tom Lane wrote:
>> [snip]
>> The clearly critical thing, though, is that when forwarding a message
>> from
>> a person at a DMARC-using domain, we would have to replace the From: line
>> with something @postgresql.org. This is what gets it out from under the
>> original domain's DMARC policy.
>
> One possibility that comes to mind:
>
> - Remove the sender's DMARC headers+signature **after thoroughly
> checking it** (to minimize the amount of UBE/UCE/junk going in)
> - Replace the sender's (i.e. 'From:' header) with
> list-sender+munched-email(at)postgresql(dot)org (VERP-ified address)
>
> - Add the required headers, footers, change the subject line, etc
>
> - DKIM-sign the resulting message with postgresql.org's keys before
> sending it
that seems entirely doable with our current infrastructure (and even
with minimal-to-no hackery on mj2) - but it still carries the "changes
From:" issue :/
>> [snip]
>>
>> If Rudy's right that Gmail is likely to start using p=reject DMARC
>> policy,
>> we are going to have to do something about this before that; we have too
>> many people on gmail. I'm not exactly in love with replacing From:
>> headers but there may be little alternative. We could do something like
>> From: Persons Real Name <nobody(at)postgresql(dot)org>
>> Reply-To: ...
>> so that at least the person's name would still be readable in MUA
>> displays.
> Yup
>
>> We'd have to figure out whether we want the Reply-To: to be the original
>> author or the list; as I recall, neither of those are fully satisfactory.
> Or just strip it, though that trump the sender's explicit preference
> (expressed by setting the header)
>
>
> I might be able to help a bit with implementation if needed.
the MTA side of things is fairly easy/straightforward(including using
exim for some of the heavy lifting like doing the inbound dkim checking
and "hinting" the downstream ML-boxes with the results) - however the
main mailinglist infrastructure is still mj2 and that is aeons old perl
- still interested in helping with implementation? ;)
Stefan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-11-26 20:10:38 | Re: New email address |
| Previous Message | Alvaro Herrera | 2015-11-26 18:52:09 | Re: WIP: About CMake v2 |