Re: Problem with the draft-all aliases

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 03 January 2017 21:43 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB66E129670 for <ietf@ietfa.amsl.com>; Tue, 3 Jan 2017 13:43:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtgSI5iv6SAj for <ietf@ietfa.amsl.com>; Tue, 3 Jan 2017 13:43:18 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A31911295D4 for <ietf@ietf.org>; Tue, 3 Jan 2017 13:43:18 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id AD465284B0B; Tue, 3 Jan 2017 21:43:17 +0000 (UTC)
Date: Tue, 3 Jan 2017 21:43:17 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: Problem with the draft-all aliases
Message-ID: <20170103214317.GD13486@mournblade.imrryr.org>
References: <095301d26601$72b1c8a0$581559e0$@huitema.net> <C7B14253-C116-4181-8F7B-2D7CDCE80C81@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <C7B14253-C116-4181-8F7B-2D7CDCE80C81@dukhovni.org>
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/zaId7NQpg18n006tRDCWjgUecl4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2017 21:43:22 -0000

On Tue, Jan 03, 2017 at 03:54:49PM -0500, Viktor Dukhovni wrote:

> As for possible remediation, if the lists are
> implemented as local aliases(5) in the ietf.org Postfix server, then assigning
> an "owner-" alias to the list is sufficient to avoid trouble with SPF and simple
> forwarding should not break DKIM or DMARC.
> 
> The aliases(5) file (or its database representation) would then contain
> something along the lines of:
> 
> 	document.all: author1@a.example, author2@b.example
> 	owner-document.all: postmaster@ietf.org

Another (more complex) option is to implement SRS, which routes
any bounces back to the original message envelope sender.  This
can be done via one of the various SRS milters, or more simply via
IPC rewriting tables, such as (untested, YMMV):

    https://seasonofcode.com/posts/setting-up-dkim-and-srs-in-postfix.html#_step_2_srs

Somebody with operational experience with one of the SRS options
would be a much better source of advice on this than I.

-- 
	Viktor.