[26885] in Athena Bugs
Maybe we shouldn't do direct delivery of MIT mail
daemon@ATHENA.MIT.EDU (Mitchell E Berger)
Mon Jul 10 18:45:49 2006
Message-Id: <200607102245.k6AMjAaJ002280@zamboni.csail.mit.edu>
To: bugs@mit.edu
Date: Mon, 10 Jul 2006 18:45:10 -0400
From: Mitchell E Berger <mitchb@mit.edu>
X-Spam-Score: 3.548
X-Spam-Level: *** (3.548)
X-Spam-Flag: NO
Errors-To: bugs-bounces@mit.edu
I think the way we have sendmail handling the case of unauthenticated
mail isn't correct, for a couple of reasons:
1) Ever since the recent Spamassassin upgrade, many people have been
seeing a bunch of false positives on legitimate mail from MIT addresses
to other MIT addresses. Much investigation turned up this observation:
if you send unauthenticated mail through outgoing(-legacy), the score
it receives is reasonable. If you send the same mail through the DMZ
mailers, the score it receives is unfair (about 5 points higher). Because
we have Athena sendmail doing direct delivery of mail when we don't have
tickets, it's looking up the MX records for mit.edu and using the DMZ
mailers. I suspect that part of the reason mail is getting such a high
score through the DMZ (higher than unauthenticated mail that originates
from outside, empirically) is that the DMZ mailers know that they shouldn't
be receiving internal mail.
2) Even setting aside the ramifications of the spam score, we are defying
one of the important principles of the MIT mail system - the DMZ mailers
are intentionally separate from outgoing (the ATHENA MX record) so that when
MIT is inundated with a flood from the outside world, mail internal to the
Institute will continue to be delivered speedily, and won't be hampered by
the hosed DMZ mailers. Our current configuration is set up such that we're
treated as outsiders, and anyone without authentication sending mail from
an Athena machine is vulnerable to external hosage.
I think we should send unauthenticated mail for @mit.edu addresses through
outgoing. We could consider just using outgoing all the time, but one
impact that would have is that MIT would put a spam score on mail that
currently doesn't get scored due to direct delivery. Of course, it would
be worth checking what the real story is about the lifetime of
outgoing-legacy, but I've gotten the impression that contrary to what the
IS&T webpages say, it's not actually likely to leave anytime soon.
Mitch
