Re: [exim] DMARC and ARC in the default configuration?

Top Page
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: Christian Balzer
CC: exim users
Subject: Re: [exim] DMARC and ARC in the default configuration?
On Thu, 27 Dec 2018 at 11:53, Christian Balzer via Exim-users <
exim-users@???> wrote:

>
> Hello,
>
> it's a few days to 2019 and the default, non-experimental configuration
> options for Exim are still w/o SPF, DMARC or ARC (can of worms if I ever
> saw one) for that matter.
>
> Given that this ML is clearly run by an Exim build that has all of these
> enabled, the question is, why?
>
> DKIM is in there, but of very limited utility by itself at this point in
> time.
>
> No DMARC to be had via SpamAssassin either, so that easy way out isn't
> present as well.
>
> And I don't see the Debian maintainers turning these things on even in the
> exim-daemon-heavy package either while they're "EXPERIMENTAL".
>
> Aside from being lazy the usual answer of "compile it yourself" means
> potentially critical delays when it comes to security updates, so I'm
> asking what's stopping these things from becoming non-experimental?
>
> If nothing else, more exposure by being easily accessible/configurable
> will help polish these features.
>
> Note that I'm no fan of any of the above schemes, but that lemmings train
> seems to have come and gone.
>
> Regards,
>
> Christian
> --
> Christian Balzer        Network/Systems Engineer
> chibi@???           Rakuten Communications



I believe that configuring DKIM signing is pretty standard. There can be a
configuration in the default configure, but it will remain just an example,
and un-activated
because of the process required in generating the keys and the DNS records
creation.
The same can be said about DMARC. The packagers for the different platforms
could do this, but they are NOT gonna do it - because it's up to the Mail
Server Admin to do that.
DKIM+SPF+DMARC are not BASIC requirements for mail delivery. They are ways
to ensure "safe" mail delivery. I think of them as advanced methods of
ensuring the Internet is clean from spam, so they are actually addons for
mitigating spam.
It's the same way the default configuration does not include any bits to
use spamassassin/rspamd to fight counter spam - because the external
softwares require work by the MailAdmin., work which is out of the scope of
Exim itself.



Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)