Hello,
I have mm3 up and running via docker (courtesy of maxking/docker-mailman) but when i send an email to my test list, it bounces back claiming user unknown. it states:
<"lmtp:[172.19.199.2]:8024"@>: unknown user:
"lmtp:[172.19.199.2]:8024"
looking at the email source, it seems as though the message is trying to be delivered to:
Final-Recipient: rfc822; "lmtp:[172.19.199.2]:8024"@<my email server's FQDN>
Original-Recipient: rfc822;test123@<my list's email domain>
all of various alias transport maps are defined in postfix's main.cf. not sure where to go from here. does anyone have any clues?
--
Thanks,
Fabian S.
OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
Hi and hope the answer(s) to my question are relatively simple. On one of two lists I manage, some people are getting deleted due to too many bounces. And the bounces seem to be related to their mail provider not allowing the messages. As far as I can tell, the main culprits are gmail, yahoo, and hotmail.
Of course, those people blame Mailman. From what i have read, it is not necessarily that. But complicating things is that people were complaining that the default REPLY to SENDER was not appropriate for a discussion list, so I just switched it over to REPLY TO GROUP. I do not THINK that is the reason for the trouble, but here in the space of a few minutes are some of the messages I have gotten with my questions in caps.
PROBLEM ONE
UNABLE TO SEND? RECEIVE?
a(a)yahoo.com <mailto:a@yahoo.com>
host mta7.am0.yahoodns.net <http://mta7.am0.yahoodns.net/> [66.196.118.37]
SMTP error from remote mail server after end of data:
554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html <https://help.yahoo.com/kb/postmaster/SLN7253.html>
SEEMS TO BE YAHOO DOE SNOT LIKE MAILMAN AND ALSO SHE CANNOT ADD MAILMAN TO A WHITE LIST (THEY DO NOT HAVE).—>
IS IT POSSIBLE SHE IS USING A MAIL CLENT THAT DOES NOT SEND CORRECTLY? OR IS THIS THE YAHOO INTERACE?
IS THIS HER MESSAGE BEING SENT OR HER MAIL PROGRAM NOT ACCEPTING MESSAGES?
RELATED TO THIS:
Some people are getting unsubscribed as a result:
List: Galeexec
Member ie(a)hotmail.com <mailto:mccandie@hotmail.com>
Action: Subscription disabled.
Reason: Excessive or fatal bounces.
CAUSE OF ALL THE ABOVE?
SOLUTIONS—BY LIST OWNER? BY MEMBER?
NEXT
hn(a)hotmail.com <mailto:hn@hotmail.com>
host hotmail-com.olc.protection.outlook.com <http://hotmail-com.olc.protection.outlook.com/> [104.44.194.233]
SMTP error from remote mail server after end of data:
550 5.7.0 (SNT004-MC7F11) Unfortunately, messages from (199.223.209.221) on behalf of (yahoo.com <http://yahoo.com/>) could not be delivered due to domain owner policy restrictions.
SAME THING? I note the user has a hotmail address.
CAUSE OF THE ABOVE?
SOLUTIONS—BY LIST OWNER? BY MEMBER?
BELOW THAT IS MORE INFO (RELATED TO THE ABOVE?)
RESPECTIVELY
Action: failed
Final-Recipient: rfc822;ya(a)yahoo.com <mailto:quenbya@yahoo.com>
Status: 5.0.0
Remote-MTA: dns; mta7.am0.yahoodns.net <http://mta7.am0.yahoodns.net/>
Diagnostic-Code: smtp; 554 5.7.9 Message not accepted for policy reasons. See https://help.yahoo.com/kb/postmaster/SLN7253.html <https://help.yahoo.com/kb/postmaster/SLN7253.html>
Action: failed
Final-Recipient: rfc822; hn(a)hotmail.com <mailto:hn@hotmail.com>
Status: 5.0.0
Remote-MTA: dns; hotmail-com.olc.protection.outlook.com <http://hotmail-com.olc.protection.outlook.com/>
Diagnostic-Code: smtp; 550 5.7.0 (SNT004-MC7F11) Unfortunately, messages from (199.223.209.221) on behalf of (yahoo.com <http://yahoo.com/>) could not be delivered due to domain owner policy restrictions.
There are others like this and they all share one of the two providers.
PROBLEM TWO
Though GMAIL USERS have reported messages in SPAM. No errors messages to the list.
CAUSE OF THE ABOVE?
SOLUTIONS—BY LIST OWNER? BY MEMBER?
Thank you very much.
Paul Arenson
Japan
EMAIL
tokyoprogressive(a)mailbox.org <mailto:tokyoprogressive@mailbox.org>
paul(a)tokyoprogressive.org
- - - - - - - - - - - - - - - - - - - - - -
NEWS AND ACTIVISM
http://tokyoprogressive.org
MUSIC
http://paularenson.org
- - - - - - - - - - - - - - - - - - - - - -
Phone/Voice Mail
050-5308-5394
From abroad 81-50-5308-5394
Phone/SMS
090-4173-3873
From abroad 81-90-4173-3873
Contact via LINE is also possible.
- - - - - - - - - - - - - - - - - - - - - -
EMAIL
tokyoprogressive(a)mailbox.org
paul(a)tokyoprogressive.org
- - - - - - - - - - - - - - - - - - - - - -
NEWS AND ACTIVISM
http://tokyoprogressive.org
MUSIC
http://paularenson.org
- - - - - - - - - - - - - - - - - - - - - -
Phone/Voice Mail
050-5308-5394
From abroad 81-50-5308-5394
Phone/SMS
090-4173-3873
From abroad 81-90-4173-3873
Contact via LINE is also possible.
- - - - - - - - - - - - - - - - - - - - - -
At one time I set
Reply-To: header munging
under general settings to Yes. Some of my users used a screen reader
that balked unless the header was munged, for some reason. Well that
software has gone away, and ISP's are much pickier these days, with
MARC and dkim and SPF etc. Would this setting cause me delivery
problems ?? Should I go back and change it on older lists. I no
longer set it to yes, leave it at no, its default.
Dave
---
This email has been checked for viruses by AVG.
http://www.avg.com
Hallo Mark, Kolleagues,
maybe somebody will be able to help me here.
I would like to relay (also check with Antivir and sign them with DKIM) all Mailman e-mails from our external partners to our final customers. Relaying seems to work nice but we have a problem with DKIM authentication and Return-Path.
Mailman server needs to stay by external partners with old domains and needs to receive bounces. My SMTP gateway is only responsible for receiving and sending e-mails out from the all mailman instances.
The problem is that we are sending an E-mail which looks as follow:
From: campaign(a)myserver.com
Return-Path: mailman-bounces(a)external-company.com
To: @gmail.com
The problem is that DKIM check on the gmail server server (and all others) returning error:
[...mailman-bounces@external-company.com](mailto:mailman-bounces@external-company.com) does not designate xx.xx.xx.xx as permitted sender
How to solve that issue ? At the moment we have a DKIM key only for myserver.com. Why DKIM check checking Return-Path and not From address ?
Could You please help here how to manage that issue ? We simply would like to forward all messages from the external mailman instances installed on the different domains to the final customers using our sender domain [myserver.com.](mailto:campaign@myserver.com)
I will appreciate any feedback from Your side.
Cheers
Dlugasny
My mailing list is hosted on a low-cost service with shared servers and
so a couple of times a year some other customer gets them onto a spam
blacklist and mail starts bouncing. I need to know about those
situations ASAP so that I can prod the provider into fixing the problem
and requesting delisting, but Mailman doesn't seem to have a way to tell
me when it gets a bounce... only when it's gotten several bounces and
disabled a membership. Since I don't want to wait for several bounces,
I have it set on a hair trigger; it disables people on the first bounce
and so I immediately get a notification. That works, kind of, but it
means that I have an extra re-enable step to repair the damage and that
if I somehow drop a notification on the floor I can leave somebody disabled.
What I'd like would be a way to ask Mailman to notify me on *every*
bounce, without disabling the user.
(Or, of course, if there's just something I've missed in the config
pages, please educate me.)
Dmitri, Chip, Mark
Thank you.
So your judgment would be for Yahoo users in particular to get a new address? How about hotmail, outlook, or gmail users?
Of course they could, I assume, keep those addresses for nob mailing list stuff and open a new account for mailing lists with protonmail, tutanova etc if they do not have a company or school address (and forward to a mail client if they know how to do that-which many of my users being language teachers seem to be resistant to understanding-grin).
Any recommendations on big email companies that are safe?
And would you limit it to Yahoo or tell others on hotmail and gmail having trouble the same?
Thanks
------------------Paul Arensonpaul(a)tokyoprogressive.org
Hi,
I’m soon to take over Mailman from a colleague who is leaving at the end of the month, I'm brand new to Mailman and I have to learn it fast.
My colleague who is leaving, set up and configured Mailman, he used his work email for the administrator accounts email when he first set Mailman up. We would like to change this to my work email address.
I’ve looked online, and I can’t find a way to change/reset the administrator account email.
Is it possible to do this?
Looking forward to hearing from you.
Thanks,
Marc Gilliatt
Thank you, Mark. Had to resend this as I forgot to remove the quotes in the first attempt. Re it being a DMARC issue, all the options look bad (except telling people to use another email provider).
OPTIONS
A few are unclear, such as RESTARTING Mailman. How does one restart it? I use Cpanel and do not know the inner workings.
Which do you think it the best of the suggestions? I already have content filtering set to off to allow attachments. And there is currently only a footer that says:
_______________________________________________
Galeexec mailing list
Galeexec(a)gale-sig.org <mailto:Galeexec@gale-sig.org>
http://mail.gale-sig.org/mailman/listinfo/galeexec_gale-sig.org <http://mail.gale-sig.org/mailman/listinfo/galeexec_gale-sig.org>
Again, the list is REPLY TO LIST.
IS IT ONLY YAHOO ADDRESSES?
I found another article that makes me wonder— https://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-bre… <https://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-bre…>
it says "List subscribers with email accounts on servers that perform DMARC checks, such as Gmail, Hotmail (Outlook.com <http://outlook.com/>), Comcast or Yahoo itself, will reject the original message and respond back to the list with automated DMARC error messages"……. making it seem that all of these providers are no-nos.
But later it says "So users of Gmail, Hotmail and other DMARC-enabled providers will not only fail to receive messages sent to the mailing list by Yahoo users, but will flood the list with bounce messages, risking to be bounced off the list themselves”.
This sentence seems to imply that it is YAHOO users who should switch. But the previous quote implies people with all of those providers should switch.
Can you give me your opinion. Is it Yahoo that is breaking mailing lists, or is it Yahoo, Gmail and Hotmail?
Thanks
Paul Arenson
> On Oct 10, 2017, at 21:58, Mark Sapiro <mark(a)msapiro.net <mailto:mark@msapiro.net>> wrote:
>
> On October 9, 2017 11:56:02 PM PDT, paul(a)tokyoprogressive.org <mailto:paul@tokyoprogressive.org> wrote:
>> Hi and hope the answer(s) to my question are relatively simple. On one
>> of two lists I manage, some people are getting deleted due to too many
>> bounces. And the bounces seem to be related to their mail provider not
>> allowing the messages. As far as I can tell, the main culprits are
>> gmail, yahoo, and hotmail.
>
>
> I think this is a DMARC issue. See <https://wiki.list.org/x/17891458 <https://wiki.list.org/x/17891458>>.
>
>
>
> --
> Mark Sapiro <mark(a)msapiro.net <mailto:mark@msapiro.net>>
> Sent from my Not_an_iThing with standards compliant, open source software.
Using OWASP ModSecurity Core Rule Set ver.3.0.2 on cPanel v66.0.23; CentOS
7.3, Mailman 2.1.23:
ModSecurity with the OWASP rules (which come with cPanel nowadays) doesn't
like Mailman's list options url for some email addresses.
Specifically a URL in the form
http://lists.xxx.xxx/mailman/options/listname/localpart--at--domain.com is
blocked with a 403 error. Only '.com" addresses are affected, as far as I
can tell, and the reason is rule 920440:
SecRule REQUEST_BASENAME "\.(.*)$" "chain, capture, phase:request,
t:none,t:urlDecodeUni,t:lowercase, block, msg:'URL file extension is
restricted by policy', severity:'CRITICAL', rev:'2', ver:'OWASP_CRS/3.0.0',
maturity:'9', accuracy:'9', id:920440, logdata:'%{TX.0}',
tag:'application-multi', tag:'language-multi', tag:'platform-multi',
tag:'attack-protocol', tag:'OWASP_CRS/POLICY/EXT_RESTRICTED',
tag:'WASCTC/WASC-15', tag:'OWASP_TOP_10/A7',
tag:'PCI/6.5.10',logdata:'%{TX.0}', setvar:tx.extension=.%{tx.1}/"
SecRule TX:EXTENSION "@within %{tx.restricted_extensions}" "t:none,
setvar:'tx.msg=%{rule.msg}',
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:tx.%{rule.id
}-OWASP_CRS/POLICY/EXT_RESTRICTED-%{matched_var_name}=%{matched_var}"
tx.restricted_extensions, defined elsewhere, lists a lot of file
extensions, .com being among them:
'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/
.cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/
.db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/
.licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/
.resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/
.xsd/ .xsx/'
So basically ModSecurity sees .com at the end of the URL and thinks a risky
file is being requested and blocks the request.
With some help from the OWASP list I wrote a new rule that works around
this problem. It is entered in the "ModSecurity Tools" section of cPanel's
WHM. I don't know if there's a way to do it if you don't have access to
WHM. I couldn't find one.
SecRule REQUEST_URI "^\/mailman\/options\/.*"
"id:900240,phase:1,nolog,pass,t:none,setvar:'tx.restricted_extensions=.asa/
.asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .config/
.conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/
.idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/
.pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/
.vsdisco/ .webinfo/ .xsd/ .xsx/'"
That substitutes a new list of restricted extensions for requests to a page
containing the "/mailman/options/" string.
Now:
http://lists.xxx.xxx/mailman/options/listname/localpart--at--domain.com is
admitted
http://lists.xxx.xxx/mailman/Xoptions/listname/localpart--at--domain.com is
blocked
I'm posting this mostly for the sake of anyone else who runs into this
problem. If there's a simple fix on the Mailman side, though, so much the
better. Maybe substitute another character for the dot?
EMAIL
tokyoprogressive(a)mailbox.org
paul(a)tokyoprogressive.org
- - - - - - - - - - - - - - - - - - - - - -
NEWS AND ACTIVISM
http://tokyoprogressive.org
MUSIC
http://paularenson.org
- - - - - - - - - - - - - - - - - - - - - -
Phone/Voice Mail
050-5308-5394
From abroad 81-50-5308-5394
Phone/SMS
090-4173-3873
From abroad 81-90-4173-3873
Contact via LINE is also possible.
- - - - - - - - - - - - - - - - - - - - - -
> On Oct 10, 2017, at 23:57, paul(a)tokyoprogressive.org wrote:
>
> Thank you, Mark. All the options look bad (except telling people to use another email provider).
>
>
> OPTIONS
> A few are unclear, such as RESTARTING Mailman. How does one restart it? I use Cpanel and do not know the inner workings.
>
> Which do you think it the best of the suggestions? I already have content filtering set to off to allow attachments. And there is currently only a footer that says:
>
> _______________________________________________
> Galeexec mailing list
> Galeexec(a)gale-sig.org <mailto:Galeexec@gale-sig.org>
> http://mail.gale-sig.org/mailman/listinfo/galeexec_gale-sig.org <http://mail.gale-sig.org/mailman/listinfo/galeexec_gale-sig.org>
>
>
> Again, the list is REPLY TO LIST.
>
>
> IS IT ONLY YAHOO ADDRESSES?
>
> I found another article that makes me wonder— https://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-bre… <https://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-bre…>
>
> it says "List subscribers with email accounts on servers that perform DMARC checks, such as Gmail, Hotmail (Outlook.com <http://outlook.com/>), Comcast or Yahoo itself, will reject the original message and respond back to the list with automated DMARC error messages"……. making it seem that all of these providers are no-nos.
>
> But later it says "So users of Gmail, Hotmail and other DMARC-enabled providers will not only fail to receive messages sent to the mailing list by Yahoo users, but will flood the list with bounce messages, risking to be bounced off the list themselves”.
>
>
> This sentence seems to imply that it is YAHOO users who should switch. But the previous quote implies people with all of those providers should switch.
>
>
> Can you give me your opinion. Is it Yahoo that is breaking mailing lists, or is it Yahoo, Gmail and Hotmail?
>
>
> Thanls
>
>
>
>
>
>
>> On Oct 10, 2017, at 21:58, Mark Sapiro <mark(a)msapiro.net <mailto:mark@msapiro.net>> wrote:
>>
>> On October 9, 2017 11:56:02 PM PDT, paul(a)tokyoprogressive.org <mailto:paul@tokyoprogressive.org> wrote:
>>> Hi and hope the answer(s) to my question are relatively simple. On one
>>> of two lists I manage, some people are getting deleted due to too many
>>> bounces. And the bounces seem to be related to their mail provider not
>>> allowing the messages. As far as I can tell, the main culprits are
>>> gmail, yahoo, and hotmail.
>>
>>
>> I think this is a DMARC issue. See <https://wiki.list.org/x/17891458 <https://wiki.list.org/x/17891458>>.
>>
>>
>>
>> --
>> Mark Sapiro <mark(a)msapiro.net <mailto:mark@msapiro.net>>
>> Sent from my Not_an_iThing with standards compliant, open source software.
>
