SPF ... I've added SPF records:
The ~all (soft-fail) is intended to be quite temporary ... intending to strip that out in the coming day(s) to week or so. It's mostly there as a "just in case" to prevent hard fail should anything else be particularly screwed up or incorrect. Expecting to alter that bit to hard fail in near future (notably after some mailings have exercised the SPF at least some reasonable bit and that all looks fine and good). So ... be on notice :-) ... presumably nobody/nothing has any legitimate need/reason to do SMTP envelope FROM from the @{lists.,temp.,}balug.org domains - other than what's emailed from the (VM) host itself. One can, "of course", use Reply-To - e.g. I do that BALUG-Announce postings for meetings - as those ask for RSVP, and many folks just click "Reply" without specifically targeting the RSVP address ... so ... just easier to set Reply-To to the RSVP address - then most of the actual replies from folks (at least from that particular mailing) gets emailed to the generally intended/desired email address.
TXT *and* SPF DNS RR types? Yeah, I included type SPF, mostly for any (deprecated) stuff that may still be using (or preferring) that. Doesn't much hurt to also have it included ... save for the hazard of potentially not consistently maintaining SPF when altering TXT. Interesting too, BIND 9.9.5 - named-checkconf complains if RR type TXT SPF record(s) are present but corresponding(/matching?) RR type SPF are absent. Perhaps more/most current version of BIND changes that behavior in named-checkconf? If I get curious/board, I might also do some DNS query logging (notably around time of sending some of the larger list mailings - most notably BALUG-Announce, but likewise to lesser extent BALUG-Talk) ... and see what kinds of ratios show up for TXT and SPF RR queries.
$ (for s in '' lists. temp.; do dig +noall +answer "$s"balug.org. TXT "$s"balug.org. SPF; done) balug.org. 14400 IN TXT "v=spf1 ip4:198.144.194.238 ip6:2001:470:1f04:19e::2 ~all" balug.org. 14400 IN SPF "v=spf1 ip4:198.144.194.238 ip6:2001:470:1f04:19e::2 ~all" lists.balug.org. 14400 IN TXT "v=spf1 ip4:198.144.194.238 ip6:2001:470:1f04:19e::2 ~all" lists.balug.org. 14400 IN SPF "v=spf1 ip4:198.144.194.238 ip6:2001:470:1f04:19e::2 ~all" temp.balug.org. 14400 IN TXT "v=spf1 ip4:198.144.194.238 ip6:2001:470:1f04:19e::2 ~all" temp.balug.org. 14400 IN SPF "v=spf1 ip4:198.144.194.238 ip6:2001:470:1f04:19e::2 ~all" $
{temp,lists}.balug.org.:
@list.balug.org probably mostly or entirely works - but certainly haven't fully tested/validated it ... at least yet.
https://lists.balug.org/%5B...] isn't yet fully operational - some more web configuration bits before that's all fully squared away.
mailman (and possibly some exim4 bits too?) - still need to update configurations (once all other prerequisite bits have been properly covered), to make lists.balug.org once again the canonical, while preserving compatibility with temp.balug.org (at least until about 2010-11-30).