Mark Sapiro writes:
On 11/24/18 9:17 PM, Jayson Smith wrote:
I had a Mailman/DNS problem after upgrading a lot of packages. A message came in, Mailman couldn't properly look up the DMARC policy of the sending ISP, didn't munge the From: and sent the message on its way...
What was the lookup issue? I.e., what were the messages in Mailman's error and maybe vette logs? What Mailman version is this?, beginning with Mailman 2.1.25, some failures in DNS lookups of DMARC policy result in mitigations being applied.
Another possibility would be to cache the results, as a fallback to the DNS lookup. If the cache hit rate is high enough (as it would be for members-only lists -- the member test would be done first), this should reduce DMARC lookup failures to near zero, which would allow either mitigation-on-failure or quarantine-on-failure strategies by default. A more complex approach would be to lookup in the cache first and trust it until the original lookup expires. Both approaches would have to be opt-in, of course. I don't think either the space impact or performance impact would be very great.
A brief RFE for Mailman 3 (which keeps a much more extensive database, so is more likely to implement) is in https://gitlab.com/mailman/mailman/issues/527.
Steve
-- Associate Professor Division of Policy and Planning Science http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnbull@sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN