From: Julien Cristau <jcristau@debian.org>
Date: Mon, 21 Oct 2019 18:47:29 +0000 (+0200)
Subject: Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/userdir-ldap-cgi
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=7a230f3eae628f0f23269110ca39a5ddae33eea7;hp=7aa8d9ff338d397660d726d6828a98fff3fb7c7f;p=mirror%2Fuserdir-ldap-cgi.git

Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/userdir-ldap-cgi
---

diff --git a/html/.gitignore b/html/.gitignore
index e033b6c..3a1f424 100644
--- a/html/.gitignore
+++ b/html/.gitignore
@@ -3,6 +3,7 @@ doc-general.html
 doc-hosts.html
 doc-mail.html
 doc-mail-handling.html
+fetch-totp-seed.html
 forward.html
 hostinfo.html
 login.html
diff --git a/html/doc-direct.wml b/html/doc-direct.wml
index 2a08180..d8fa039 100644
--- a/html/doc-direct.wml
+++ b/html/doc-direct.wml
@@ -58,7 +58,7 @@ interesting queries are:</p>
 <tt>(&amp;(keyfingerprint=*)(supplementaryGid=Debian))</tt></li>
 <li>Show people in a certain group <tt>gidmembership=adm</tt></li>
 <li>People named james <tt>cn=james</tt></li>
-<li>Someone whos last name phonetically sounds like 'Ackerma'
+<li>Someone whose last name phonetically sounds like 'Ackerma'
 <tt>sn~=ackerm</tt></li>
 <li>All the sparcs <tt>host=sparc</tt></li>
 </ul>
diff --git a/html/doc-mail-handling.wml b/html/doc-mail-handling.wml
index e3681eb..5289d26 100644
--- a/html/doc-mail-handling.wml
+++ b/html/doc-mail-handling.wml
@@ -28,9 +28,9 @@ Some options available to you are:
   virus checks.  Reject is default, and will reject the mail if a match occurs.
   Markup will add a header and then forward the mail to you anyway.  Blackhole
   will accept the mail and silently discard it.
-  <li><b>mailDefaultOptions</b> (to be enabled before 1/1/2010, with any
-  luck) Whether to enable the 'normal' set of (fairly
-  minimal) SMTP time checks that DSA decide are appropriate.  Defaults to true.
+  <li><b>mailDefaultOptions</b> Whether to enable the 'normal' set of
+  SMTP time checks that DSA decide are appropriate.  Currently includes greylisting
+  and some RBLs.  Defaults to true.
   <li><b>mailGreylisting</b> Whether to enable greylisting.
   <li><b>mailRBL</b> Set of RBLs to use.
   <li><b>mailRHSBL</b> Set of RHSBLs to use.
diff --git a/html/forward.wml b/html/forward.wml
index cc5cf55..51f397b 100644
--- a/html/forward.wml
+++ b/html/forward.wml
@@ -4,19 +4,26 @@
 <dsatoc/>
 
 <p>
-Emails to @debian.org addresses now go through a LDAP distributed email system. 
+Emails to @debian.org addresses go through an LDAP distributed email system. 
 This system uses the forwarding field in the LDAP directory to route mail 
-without passing it through a users .forward file on a single host.
+without passing it through a user's .forward file on a single host.
 Multiple machines participate in the forwarding to provide redundancy.
 
 <p>
-Each forwarders inspects the LDAP database
-to see if foo@debian.org has forwarding set to an address, if so the <i>envelope
+Each forwarder inspects the LDAP database
+to determine the forwarding address for foo@debian.org. The <i>envelope
 to address</i> is rewritten and the message redirected to the new address.
-Otherwise the message is relayed to master.debian.org for processing by the
-users .forward files. If email forwarding is setup then .forward files are
-<b>NOT</b> considered. Extension addresses (foo-lists) are always routed
-directly to master for processing.
+As that redirection occurs on the mail relays, there is no opportunity for
+the use of .forward files, procmail or other filtering. Extension addresses
+(foo-lists) are supported, but the extension will not be preserved when
+forwarding - i.e. if <tt>foo@debian.org</tt> redirects to <tt>foo@example.com</tt>,
+then <tt>foo-lists@debian.org</tt> also redirects to <tt>foo@example.com</tt>.
+
+<p>
+As a special-case, the forwarding address may be foo@master.debian.org,
+in which case the message is relayed to that system for processing by the
+user's .forward or .procmailrc files. Forwarding to master.debian.org preserves
+the extension part of the original address.
 
 <p>
 All machines also use the forwarding attribute as a default destination for
@@ -42,10 +49,10 @@ foo@debian.org</tt>
 
 <h2>procmail</h2>
 If you use procmail for your main mailbox, PLEASE, erase your .forward
-file and put a .procmailrc in its place instead. This feature has been
-supported on debian.org machines for a good while now, and will continue to be
-supported.  .procmailrc files won't be synchronised to all hosts in
-the LDAP directory.
+file and put a .procmailrc in its place instead.
+.procmailrc files will not be synchronised to all hosts in
+the LDAP directory, so you will need to make sure the file exists on any
+relevant hosts yourself.
 
 <p>
 The correct way to invoke procmail for extension addresses is "|/usr/bin/procmail [options]"
@@ -66,3 +73,40 @@ Exim.
 
 <p>
 Also, 'Exim Filter' files are deliberately turned off.
+
+<h2>Spam handling</h2>
+<p>
+Debian developers have a wide variety of loud and conflicting opinions
+about what constitutes correct handling of their mail, making it impossible for
+an admin to choose a single setup that fits all use cases.
+</p>
+
+<p>
+Instead, we invite you to configure your own spam handling.
+</p>
+
+<p>
+Some options available to you are:
+</p>
+<ul>
+  <li><b>emailForward</b> Address to forward your mail to.  Setting this and
+  then rejecting mail from d.o machines is less than helpful.
+  <li><b>mailCallout</b> Whether or not to use Sender Address Verification.
+  <li><b>mailContentInspectionAction</b> One of reject, markup, or blackhole.
+  Applies to checks done on the content of message bodies, such as spam and
+  virus checks.  Reject is default, and will reject the mail if a match occurs.
+  Markup will add a header and then forward the mail to you anyway.  Blackhole
+  will accept the mail and silently discard it.
+  <li><b>mailDefaultOptions</b> Whether to enable the 'normal' set of
+  SMTP time checks that DSA decide are appropriate.  Currently includes greylisting
+  and some RBLs.  Defaults to true.
+  <li><b>mailGreylisting</b> Whether to enable greylisting.
+  <li><b>mailRBL</b> Set of RBLs to use.
+  <li><b>mailRHSBL</b> Set of RHSBLs to use.
+  <li><b>mailWhitelist</b> Sender envelopes to whitelist.
+  <li><b>mailDisableMessage</b> Absolute last resort measure - will disable
+  incoming mail from all machines not part of the Debian host list (see
+  /var/lib/misc/thishost/debianhosts on any d.o machine).  This makes it very
+  difficult for things like automated pings and mass mailings to all concerned
+  DDs about changes to happen, and is strongly discouraged.
+</ul>