<dsatoc/>
<p>
-Emails to @debian.org addresses now go through a LDAP distributed email system.
+Emails to @debian.org addresses go through an LDAP distributed email system.
This system uses the forwarding field in the LDAP directory to route mail
-without passing it through a users .forward file on a single host.
+without passing it through a user's .forward file on a single host.
Multiple machines participate in the forwarding to provide redundancy.
<p>
-Each forwarders inspects the LDAP database
-to see if foo@debian.org has forwarding set to an address, if so the <i>envelope
+Each forwarder inspects the LDAP database
+to determine the forwarding address for foo@debian.org. The <i>envelope
to address</i> is rewritten and the message redirected to the new address.
-Otherwise the message is relayed to master.debian.org for processing by the
-users .forward files. If email forwarding is setup then .forward files are
-<b>NOT</b> considered. Extension addresses (foo-lists) are always routed
-directly to master for processing.
+As that redirection occurs on the mail relays, there is no opportunity for
+the use of .forward files, procmail or other filtering. Extension addresses
+(foo-lists) are supported, but the extension will not be preserved when
+forwarding - i.e. if <tt>foo@debian.org</tt> redirects to <tt>foo@example.com</tt>,
+then <tt>foo-lists@debian.org</tt> also redirects to <tt>foo@example.com</tt>.
+
+<p>
+As a special-case, the forwarding address may be foo@master.debian.org,
+in which case the message is relayed to that system for processing by the
+user's .forward or .procmailrc files. Forwarding to master.debian.org preserves
+the extension part of the original address.
<p>
All machines also use the forwarding attribute as a default destination for
<h2>procmail</h2>
If you use procmail for your main mailbox, PLEASE, erase your .forward
-file and put a .procmailrc in its place instead. This feature has been
-supported on debian.org machines for a good while now, and will continue to be
-supported. .procmailrc files won't be synchronised to all hosts in
-the LDAP directory.
+file and put a .procmailrc in its place instead.
+.procmailrc files will not be synchronised to all hosts in
+the LDAP directory, so you will need to make sure the file exists on any
+relevant hosts yourself.
<p>
The correct way to invoke procmail for extension addresses is "|/usr/bin/procmail [options]"
<p>
Also, 'Exim Filter' files are deliberately turned off.
+
+<h2>Spam handling</h2>
+<p>
+Debian developers have a wide variety of loud and conflicting opinions
+about what constitutes correct handling of their mail, making it impossible for
+an admin to choose a single setup that fits all use cases.
+</p>
+
+<p>
+Instead, we invite you to configure your own spam handling.
+</p>
+
+<p>
+Some options available to you are:
+</p>
+<ul>
+ <li><b>emailForward</b> Address to forward your mail to. Setting this and
+ then rejecting mail from d.o machines is less than helpful.
+ <li><b>mailCallout</b> Whether or not to use Sender Address Verification.
+ <li><b>mailContentInspectionAction</b> One of reject, markup, or blackhole.
+ Applies to checks done on the content of message bodies, such as spam and
+ virus checks. Reject is default, and will reject the mail if a match occurs.
+ Markup will add a header and then forward the mail to you anyway. Blackhole
+ will accept the mail and silently discard it.
+ <li><b>mailDefaultOptions</b> Whether to enable the 'normal' set of
+ SMTP time checks that DSA decide are appropriate. Currently includes greylisting
+ and some RBLs. Defaults to true.
+ <li><b>mailGreylisting</b> Whether to enable greylisting.
+ <li><b>mailRBL</b> Set of RBLs to use.
+ <li><b>mailRHSBL</b> Set of RHSBLs to use.
+ <li><b>mailWhitelist</b> Sender envelopes to whitelist.
+ <li><b>mailDisableMessage</b> Absolute last resort measure - will disable
+ incoming mail from all machines not part of the Debian host list (see
+ /var/lib/misc/thishost/debianhosts on any d.o machine). This makes it very
+ difficult for things like automated pings and mass mailings to all concerned
+ DDs about changes to happen, and is strongly discouraged.
+</ul>
projects / mirror / userdir-ldap-cgi.git / commitdiff