On Thu, 2017-10-12 at 13:15 -0700, Mark Sapiro wrote:
On 10/12/2017 12:37 PM, Lindsay Haisley wrote:
So, if someone could give me a few pointers to the relevant code in Mailman 2, and any suggestions which might save me some time, I can take it from there. I'm python-literate and have hacked our copy of Mailman here in the past - perhaps more than is wise since every time I upgrade I need to apply a number of patches to bring my mods along with the upgrade :)
There are two pieces to this in Mailman (both 2.1 and 3.1). One piece is determining the DMARC policy of the From: domain. In MM 2, the code that does this is in Mailman/Utils.py beginning with the comments
# The next functions read data from # https://publicsuffix.org/list/public_suffix_list.dat and implement the # algorithm at https://publicsuffix.org/list/ to find the "Organizational # Domain corresponding to a From: domain.
and extending through the end of the
def _DMARCProhibited(mlist, email, dmarc_domain, org=False):
I'm running MM 2.1.18-1 here and find only
# This takes an email address, and returns True if DMARC policy is p=reject # or possibly quarantine. def IsDMARCProhibited(mlist, email): ... etc
This looks pretty straight-forward. I can dispense with code related to mlist since I need only a True|False determination of whether the sending domain publishes a DMARC "p=reject" or "p=quarantine" record. You folks are obviously up-to-speed on DMARC nuances and this code looks pretty through.
I assume the reference to publicsuffix.org comes with later versions of 2.x and in MM 3 since there's none in 2.1.18-1. This must be something new in the DMARC mitigation world and I'm not familiar with it.
Is there any reason to pull in a more recent MM 2 and use the DMARC detection code therein? Speed is important here since this is simply a turnaround on a single email, not dependent on any list variables. I'm reluctant to burden every redirection turnaround with an HTTP look-up.
Replacement of the From header is just a matter of reading the email headers into an array, making modifications if necessary and pushing the result, followed by the message body, out to Courier's sendmail clone. Basically:
if from_domain publishes bad DMARC: if Reply-To does not exist: copy From header to Reply-To Replace From with "On behalf of old_From" <postmaster@fmp.com> Feed headers and body to Courier's sendmail clone
My take on it is that this should work OK.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1190 |
http://www.fmp.com | -- Hiram W Johnson