I've been running a number of mailing lists for quite a while and never noticed any problems until I setup one which has some yahoo and hotmail addresses on it. Now I have to deal with the DMARC problem. :(
Looking at:
https://wiki.list.org/DEV/DMARC
I see it says:
In 2.1.16 a from_is_list feature was implemented which if enabled by a site configuration option would offer a list admin the ability to either:
• Rewrite (Munge) the From: header with the posters name 'via the list' and the list's address and merge the poster's address into Reply-To: or • Wrap the message as a message/rfc822 sub-part in a MIME format outer message with From: and Reply-To: as above.
I'm running 2.1.17 and the only thing I see which seems related to this is the "anonymous list" option under General Options. Is this what's being referred to here, or is there some other "site configuration" (i.e., per-site configuration?) method somewhere?
/raj
On 07/15/2016 01:45 PM, Richard Johnson wrote:
In 2.1.16 a from_is_list feature was implemented ...
I'm running 2.1.17 and the only thing I see which seems related to this is the "anonymous list" option under General Options. Is this what's being referred to here, or is there some other "site configuration" (i.e., per-site configuration?) method somewhere?
You really should upgrade. There have been ongoing changes in this area through 2.1.22. See <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS>. However, to answer your question, in 2.1.16 and 2.1.17 the from_is_list feature had to be enabled by putting
ALLOW_FROM_IS_LIST = Yes
in mm_cfg.py.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I have now upgraded to 2.1.22. Thanks!
/raj
On Jul 15, 2016, at 2:37 PM, Mark Sapiro <mark@msapiro.net> wrote:
On 07/15/2016 01:45 PM, Richard Johnson wrote:
In 2.1.16 a from_is_list feature was implemented ...
I'm running 2.1.17 and the only thing I see which seems related to this is the "anonymous list" option under General Options. Is this what's being referred to here, or is there some other "site configuration" (i.e., per-site configuration?) method somewhere?
You really should upgrade. There have been ongoing changes in this area through 2.1.22. See <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS>. However, to answer your question, in 2.1.16 and 2.1.17 the from_is_list feature had to be enabled by putting
ALLOW_FROM_IS_LIST = Yes
in mm_cfg.py.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/raj%40mischievous.us
On 07/15/2016 03:15 PM, Richard Johnson wrote:
I have now upgraded to 2.1.22. Thanks!
And in 2.1.22, dmarc_moderation_action is generally preferable to from_is_list because it is only applied to those post that need it.
See Privacy options... -> Sender filters
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
This is described as:
Action to take when anyone posts to the list from a domain with a DMARC Reject/Quarantine Policy.
but the problem I'm getting is:
https://help.yahoo.com/kb/postmaster/SLN7253.html
which seems to be caused by the "From" address not matching the domain name wince the message was sent. I think in order to satisfy this, I need to simply apply "from_is_list"="Munge From". When I apply this along with "reply_goes_to_list"="This list", then the original sender's address appears in the "CC" list, which is ok, since most people just hit "reply" and not "reply all". I created a test list and played with it, looking at the SMTP interaction to verify that yahoo seems to think this is fine.
/raj
On Jul 15, 2016, at 5:00 PM, Mark Sapiro <mark@msapiro.net> wrote:
On 07/15/2016 03:15 PM, Richard Johnson wrote:
I have now upgraded to 2.1.22. Thanks!
And in 2.1.22, dmarc_moderation_action is generally preferable to from_is_list because it is only applied to those post that need it.
See Privacy options... -> Sender filters
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 07/15/2016 05:22 PM, Richard Johnson wrote:
This is described as:
Action to take when anyone posts to the list from a domain with a DMARC Reject/Quarantine Policy.
but the problem I'm getting is:
https://help.yahoo.com/kb/postmaster/SLN7253.html
which seems to be caused by the "From" address not matching the domain name wince the message was sent.
That link discusses mail rejected by Yahoo which may or may not have anything to do with DMARC. The typical DMARC issue is mail From: a yahoo.com user is bounced by multiple recipient ISPs including, but not limited to Yahoo.
I think in order to satisfy this, I need to simply apply "from_is_list"="Munge From". When I apply this along with "reply_goes_to_list"="This list", then the original sender's address appears in the "CC" list, which is ok, since most people just hit "reply" and not "reply all". I created a test list and played with it, looking at the SMTP interaction to verify that yahoo seems to think this is fine.
I think you'll find that setting from_is_list to No and dmarc_moderation_action to Munge From and possibly also setting dmarc_quarantine_moderation_action to Yes will also work, but will only apply the Munge From action to posts From: domains such as yahoo.com that publish DMARC p=reject policies and optionally domains that publish p=quarantine.
As far as the original poster's address in Cc: is concerned, we try to make Munge From result in mail which will be dealt with by MUA reply and reply all the same as unmunged mail.
Thus, if reply_goes_to_list is Poster, we put the original poster's address in Reply-To: so with compliant MUAs at least, 'reply' goes to the OP and 'reply-all' goes to the OP and the list address in To:.
For reply_goes_to_list = This list, we put the OP's address in Cc: rather than Reply-To: so 'reply' will go to only the list, but 'reply all' will go to the list and the OP.
In all cases, we want the OP's address somewhere in visible headers.
Here are our goals (from comments in the handler that does this):
# We need to do some things with the original From: if we've munged # it for DMARC mitigation. We have goals for this process which are # not completely compatible, so we do the best we can. Our goals are: # 1) as long as the list is not anonymous, the original From: address # should be obviously exposed, i.e. not just in a header that MUAs # don't display. # 2) the original From: address should not be in a comment or display # name in the new From: because it is claimed that multiple domains # in any fields in From: are indicative of spamminess. This means # it should be in Reply-To: or Cc:. # 3) the behavior of an MUA doing a 'reply' or 'reply all' should be # consistent regardless of whether or not the From: is munged. # Goal 3) implies sometimes the original From: should be in Reply-To: # and sometimes in Cc:, and even so, this goal won't be achieved in # all cases with all MUAs. In cases of conflict, the above ordering of # goals is priority order.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
(catching up on mail)
Mark Sapiro writes:
possibly also setting dmarc_quarantine_moderation_action to Yes
If you use the dmarc_* settings, I recommend doing this.
"p=quarantine" is not very common as far as I know, but (1) sites like GMail[1] do not promote "quarantine" to "safe", so mail *will* end up in Spam folders, and (2) experience shows that many users ignore their Spam folders for extended periods. It's not worth the minor beautification of the From address to have any mail end up in Spam folders.
Steve
Footnotes: [1] Which takes "reject" as advice rather than a command, and often promotes From mismatches to the Spam folder rather than simply deleting them, based on lack of spam-like or phishing content.
participants (3)
-
Mark Sapiro
-
Richard Johnson
-
Stephen J. Turnbull