Hi, Dňa 24. júna 2022 16:54:29 UTC používateľ Alessandro Vesely via mailop <mailop@mailop.org> napísal:
>Yup, that seems to have become a de facto standard. However, I also >set an Author: header field, just in case. Thanks to point me to Author: header, i miss it previously, but see below... >My filter tries every message; it's not list-specific. That is about trust (again), as you surely know, any header can be spoofed/faked, thus i afraid to blindy believe them. But i can believe some headers if i will know that it is set by trusted source, eg. by ML software, which can be authorized by some way, eg. by DKIM, or in some cases at least by SPF/IP. That is what i mean by "per list". >Besides Author: and Reply-To: one can also check Cc: and >[X-]Original-From:. I sketched a recipe here: >https://datatracker.ietf.org/doc/html/draft-vesely-dmarc-mlm-transform Nice idea, but the same as i wrote about trust already. >Neither I use it. I didn't know rspamd implements ARC. Most of that >module's documentation seems to be about signing, which is not >difficult. But there is a whitelisted_signers_map variable, for >verifying. Did you set it? When i use something i read its docs, in case of rspamd i read a lot of its Lua sources, which is needed here, because its docs are often behind of the code or simple not complete (or sometime hard to understand for me). Thus, of course, i am aware of this (and many other its) map... >In order to have ARC working for mailing lists, you need to add the >relevant domain to that map, for every list you subscribe to. rspamd is able to read its maps eg. from HTTP, which allow to get per user map content, but one have to develop UI (and backend) for this... But i didn't check if it is supported by this map too. Anyway, even if i will develop something for users to they can add these MLs into it, i afraid that only small part of users will do it... > ... > if they know that you did set whitelisted_signers_map appropriately. They have crystal ball? I want one too! Or all attacks are attempts to see that map's content only? I am joking, of course ;-) regards -- Slavko https://www.slavino.sk
pgpm9_Yc_O28w.pgp
Description: Digitálny podpis OpenPGP
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop