On 05/28/2014 05:41 AM, Joel Uckelman wrote:
I'm running the just-released RPM for 2.1.18 on Fedora 20. I have the python-dns package installed, which I read was required for DMARC checks.
The required package is dnspython. This is not the same as PyDNS. It looks like the Fedora python-dns package is the right one, but I'm not sure.
What happens when you invoke the python that Mailman is using and type
import dns.resolver from dns.exception import DNSException
If you get an ImportError, something is wrong. Otherwise things should be OK. You can see what python Mailman is using by looking at the command lines reported by
ps -fAw | grep qrunner
When I grep my logs for 'DMARC', all I see are the bounce messages in my Postfix log---so if the DMARC checks that should be made when a post from a yahoo.com account comes to the list are failing, they're failing in a way which isn't showing up.
There will normally be an entry in Mailman's vette log for every DMARC p=reject (and p=quarantine if enabled) found and possible entries in Mailman's error log for lookup errors and other unusual conditions.
If there are no 'DMARC' entries in Mailman's logs, it most likely means the imports I show above didn't succeed in the python that Mailman is using, in which case dmarc_moderaction_action will not be done at all.
There is one unusual thing about my list---namely that it sits at one end of a bridge to a phpbb forum. That is, all of the posts from the forum are posted to the list with their Sender set to a special address which is subscribed to the list, and all post from the list are received by that special address and posted to the forum from there. This means that a lot of the addresses in From headers of messages going out over the list are not actually subscribers to the list. Could this be tripping up the dmarc_moderation_action?
What do you mean by Sender? Do you mean the Sender: header or the From: header or what?
Mailman does DMARC checks on the From: domain of the message it sees, but then recipient MTAs do DMARC checks on the From: domain of the message they see.
Perhaps you can explain more precisely what you mean by the above in terms of the From: header seen by Mailman and the From: header in the list message that recipients see.
If all you are saying is that a lot of posts are From: non-members because they come via the phpbb forum, that shouldn't matter. Mailman should still check the From: domain for DMARC and apply the dmarc_moderation_action as required regardless of list membership.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan