Mail setup
Note: this page only lists the high-level mail setup to prevent leaking information to spammers who might benefit from it.
Mail checks
Validity of:
- HELO/EHLO required
- Protocol conformity (pipelining, etc)
- non-RBL listing of sender
- DNS <-> RDNS
- Envelope sender accepts bounces (sender callout verification)
- SPF validation
Mail content:
- SpamHaus? DBL, URIBL.com (through: https://www.teuton.org/~ejm/exim_surbl/)
- SpamAssassin?
- DKIM checks (implemented, not yet enforced)
Note: The URIBL.com blacklist requires specific DnsConfiguration for blacklist lookups
Note: SpamAssassin? also contains the SpamHaus? DBL, but mails containing links listed in the DBL were regularly forwarded regardless (due to insufficient SPAM score). This has been addressed by checking the DBL and blocking DBL listing at the MTA level.
Sender authentication schemes
Mail sent by common-lisp.net should validate:
- DKIM - all mail sent out through common-lisp.net must be signed by common-lisp.net
- SPF - all mail sent out through common-lisp.net must not fail SPF validation
SPF validation
Mail forwarded by common-lisp.net due to .forward files, may not be valid under SPF restrictions if the sender domain specifies an SPF policy. common-lisp.net uses SRS to rewrite senders which specify such a polity (which includes Google, Yahoo! and other big mail providers). Sender domains which do not specify a policy will not be rewritten, thereby not elevating the SPF validity to "valid".
Mail accepted by common-lisp.net is checked for SPF validity. Failing mail (but not softfailing mail) will be rejected.
