Project:Infrastructure/Mailing Lists

Overview
Gentoo currently uses mlmmj for mailing list management.

Gentoo-Dev
Currently its a fairly standard install except for the "gentoo-dev" mailing list. The 'gentoo-dev' list has custom posting policies and by Council Resolution it is only for Gentoo Developers and their delegates.

Managing the Gentoo-Dev whitelist
Only developers can edit the whitelist. Only single email addresses will be accepted. To modify the whitelist please do the following:


 * 1) git clone git+ssh://git@git.gentoo.org/infra/gentoo-dev-whitelist
 * 2) cd gentoo-dev-whitelist
 * 3) ${EDITOR} whitelist
 * 4) Add the email address
 * 5) git commit
 * 6) git push

git will reject unsigned pushes, so please sign your push with a valid gpg key.

Abuse of the whitelist
Every commit is signed and correlated with a developer; abuse of the whitelist (e.g. by attempting to whitelist ".*@.*" or other such attempts) is not appropriate and will result in disciplinary action.

Other whitelist requests
From time to time we may modify the whitelist in broad strokes (by whitelisting things like ".*@debian.org" as an example) and these requests should be made to the Gentoo Council.

Managing un-whitelisted mail
Currently mail that is not via whitelisted posters goes to the mailing list moderators. Its their role to inform people how to get whitelisted.

Special infra implementation
It is our policy to not send deny messages for mlmmj lists as its trivial for spammers to send mail to a list when they are not subscribed, causing denial messages to be sent to to whomever is in the headers. As spammers often forge headers, this can lead to a concept known as [|backscatter]. As such, Infra attempts to meet the requirements of issuing denials while avoid backscatter. To do this we must move list-post denial messages to smtp session time. This entails the following:


 * Configuring the Gentoo-dev list in smtpd_recipient_restrictions
 * Configuring the lists in smtpd_recipient_restrictions to have a check_policy_service
 * Write a postfix check_policy_service that admit messages on the whitelist; it will deny messages that are not on the whitelist at smtpd time.

As a bonus to preventing backscatter, we can also attempt to prevent header forgery as the policy service will have access to the envelope sender (something the list server does not have access to).

Note: https://mtpolicyd.org/