Mark, et al
While configuring the MM 2.1 DMARC mitigation code for use in Courier- MTA I note that the return fromĀ _DMARCProhibited(..) for a detected policy of "p=none" is True, just as it is for "p=quarantine" and "p=reject". Why is this? I would assume that if this code is reached, and p=none, that no From munging would be required.
http://www.fmp.com | -- Hiram W Johnson
On 10/19/2017 07:32 AM, Lindsay Haisley wrote:
Mark, et al
While configuring the MM 2.1 DMARC mitigation code for use in Courier- MTA I note that the return fromĀ _DMARCProhibited(..) for a detected policy of "p=none" is True, just as it is for "p=quarantine" and "p=reject". Why is this? I would assume that if this code is reached, and p=none, that no From munging would be required.
I think the code you're looking at is conditional on dmarc_none_moderation_action being True which is neither a default nor a recommended setting. It was added (reluctantly) in response to https://bugs.launchpad.net/mailman/+bug/1539384 and probably should not have been. It is not in Mailman 3.
If you have time and interest, read the bug report (and all 11 comments).
On Thu, 2017-10-19 at 18:13 -0700, Mark Sapiro wrote:
On 10/19/2017 07:32 AM, Lindsay Haisley wrote:
Mark, et al
While configuring the MM 2.1 DMARC mitigation code for use in Courier- MTA I note that the return from _DMARCProhibited(..) for a detected policy of "p=none" is True, just as it is for "p=quarantine" and "p=reject". Why is this? I would assume that if this code is reached, and p=none, that no From munging would be required.
I think the code you're looking at is conditional on dmarc_none_moderation_action being True which is neither a default nor a recommended setting. It was added (reluctantly) in response to https://bugs.launchpad.net/mailman/+bug/1539384 and probably should not have been. It is not in Mailman 3.
If you have time and interest, read the bug report (and all 11 comments).
I read the comments on the bug report and looked further at the original code at http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Utils.py. It looks as if munging on a policy of "p=none" is a per-list or per-site choice. I cut out code related to the mlist object from my application so this remained as a default. I've set line 1359 to "return False", but will give the issue some thought and possibly make it a configuration option from a comment-annotated variable definitions near the start of the code. I'm trying to keep this piece as simple as possible. For anyone interested, I've posted the dmarc_shield.py publicly at http://linode.fmp.com/contrib/dmarc_shield.py.
On 10/20/2017 09:24 AM, Lindsay Haisley wrote:
It looks as if munging on a policy of "p=none" is a per-list or per-site choice. I cut out code related to the mlist object from my application so this remained as a default.
That's the issue. The stanza beginning at http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Utils.py#L1352 requires three conditions to return True on p=none. They are all conditions on list settings:
dmarc_none_moderation_action - True dmarc_quarantine_moderation_action - True dmarc_moderation_action - Munge From or Wrap Message.
This is consistent with the web UI help text at http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Gui/Privacy.py#L339
I've set line 1359 to "return False", but will give the issue some thought and possibly make it a configuration option from a comment-annotated variable definitions near the start of the code. I'm trying to keep this piece as simple as possible. For anyone interested, I've posted the dmarc_shield.py publicly at http://linode.fmp.com/contrib/dmarc_shield.py.
I recommend just deleting the entire stanza at lines 1352-1360 which will fall through to the "return False" at line 1361.
On Fri, 2017-10-20 at 11:15 -0700, Mark Sapiro wrote:
I recommend just deleting the entire stanza at lines 1352-1360 which will fall through to the "return False" at line 1361.
Probably a wise application of the KISS principle as well :)
participants (2)
-
Lindsay Haisley -
Mark Sapiro