Benjamin LaHaise <bcrl@xxxxxxxxx> writes: > On Tue, Nov 08, 2016 at 04:46:44PM -0600, Eric W. Biederman wrote: >> Kees Cook <keescook@xxxxxxxxxxxx> writes: > ... >> > This is a problem for Google folks too sometimes. This is saying that >> > xmission.com is checking redhat.com's SPF records and refusing to let >> > kernel.org deliver email as if it were redhat.com (due to >> > security@xxxxxxxxxx being an alias not a mailing list). There aren't >> > good solutions for this, but best I've found is to have my >> > security@xxxxxxxxxx alias be a @kernel.org address instead of an >> > @google.com address... >> >> Ugh. Is even redhat configuring the redhat email to do that? >> I will have to look. >> >> Last I looked xmission.com was just enforcing the policy that the other >> mail domains were asking to be enforced on themselves. But those are >> policies that are incompatible with mailing lists in general. Although >> I do get confused about which part SPF and DKIM play in this mess. >> >> I just remember that the last several ``enhancements'' to email were >> busily breaking mailing lists and I thought they were completely insane. >> I can even find evidence that it is (or at least was) so bad that email >> standards comittee member's can't comminicate with each other via email >> lists. >> >> vger.kernel.org appears to rewrite the envelope sender to avoid >> problems. > > Envelope sender rewriting is insufficient, the From: lines need to be > rewritten to be compliant. This is a pain in the ass for the @kvack.org > mailing lists as well -- people with @google.com addresses don't see the > mailing list postings of users from @google.com and other domains using > "enhanced" email header "validation" techniques. That definitely happens in the worst case. At least for Oleg something less serious is happening because the from header does not get changed and the email gets to me through the vger.kernel.org lists. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html