Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPF and DKIM #10

Open
3 tasks done
danielrichman opened this issue Jan 21, 2015 · 1 comment
Open
3 tasks done

SPF and DKIM #10

danielrichman opened this issue Jan 21, 2015 · 1 comment

Comments

@danielrichman
Copy link
Member

Since we send mails from host.vm.habhub.org, the SPF and DKIM stuff does not appear to fully work:

  • SPF flat out does not apply recursively
  • DKIM: Result: pass (signature verifies; identity doesn't match any headers)

It looks as though we may need

  • _domainkey.host.vm.habhub.org for every host
  • a TXT SPF record for every host.
  • the support VM / exim relay to figure out which dkim_domain to say it is.

We have a couple of options

  • add a sync-public-dns command to habcloud-infra/vms/habcloud-vms that uses the Linode API
  • run a BIND server and do zone-transfers to linode.

The second option sucks because running BIND sucks. The first option is a bit sad because it means we need to worry about where we keep linode API credentials.

  • Could put them in ceto:/.linode-api; since if ceto gets pwned then we're pretty sad anyway
  • Could require them to be pasted in on each run
    Note that we can recover the linode account if it's lost: it's a sub-account of mine (Daniel).
@danielrichman
Copy link
Member Author

TODO: DMARC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielrichman