Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Open Feature request MAR-222 Implement strict SPF record checks for hosted domains in mail_server role
action_vote_minus_faded.png
0
Votes
 action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
Issue basics
  • Type of issue
    Feature request
  • Category
    Security
  • Targetted for
    Not determined
  • Status
    New
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    4 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Show / hide more details »
Description

SMTP server from the mail_server role currently does not enforce SPF policy checks against received mails. Primary purpose of this is to avoid legitimate mail delivery failures due to misconfigurations of third-party mail servers and DNS records.

However... It would be benficial to enforce SPF policy checks for domains that are managed by the local SMTP server itself (virtual domains included), thus preventing bogus mails being sent from supposedly legitimate accounts.

The following should be done:

  • Update the mail_server role.
    • Introduce SPF policy checks and enforcement for domains for which the local SMTP server is authoritative for.
  • Determine if mail_forwarder role might benefit from similar policy enforcement.
  • Update role reference documentation.
  • Update usage instructions.
  • Update release noets.
Todos (0 / 0)
Options
There are no comments