Re: [Mailman-Users] disable DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL in mailman 2.1
On 05/05/2016 02:39 PM, Curtis Villamizar wrote:
In message <572AA1F6.8090807@msapiro.net> Mark Sapiro writes:
As for as why it's a 554: 5.7.1 hard fail, That's the status your MTA is giving to this condition. If you think this should be a 4xx status, you may be able to configure that in your MTA.
I think this might have been due to a connect to port 25 rather than running sendmail. Connect to port 25 would only work if using TLS (after STARTTLS) and then passing SASL auth. This host acts as an MDA and as a MSA for mailman using a dual-stack "smarthost" relay but not as an MX/MTA (MX points to two DS MTA and the MTA relays to it).
If that is the case it was a config problem in mailman. I'm still working on backing up and restoring a complete mailman config. (That could be another topic).
I would strongly suggest you not use
DELIVERY_MODULE = 'Sendmail'
If you need TLS and SASL, use
DELIVERY_MODULE = 'SMTPDirect'
in conjunction with the patch at <https://bugs.launchpad.net/mailman/+bug/558281>.
I have now (finally) applied a version of this patch at <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1649>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
In message <572D116A.30009@msapiro.net> Mark Sapiro writes:
On 05/05/2016 02:39 PM, Curtis Villamizar wrote:
In message <572AA1F6.8090807@msapiro.net> Mark Sapiro writes:
As for as why it's a 554: 5.7.1 hard fail, That's the status your MTA is giving to this condition. If you think this should be a 4xx status, you may be able to configure that in your MTA.
I think this might have been due to a connect to port 25 rather than running sendmail. Connect to port 25 would only work if using TLS (after STARTTLS) and then passing SASL auth. This host acts as an MDA and as a MSA for mailman using a dual-stack "smarthost" relay but not as an MX/MTA (MX points to two DS MTA and the MTA relays to it).
If that is the case it was a config problem in mailman. I'm still working on backing up and restoring a complete mailman config. (That could be another topic).
I would strongly suggest you not use
DELIVERY_MODULE = 'Sendmail'
If you need TLS and SASL, use
DELIVERY_MODULE = 'SMTPDirect'
in conjunction with the patch at <https://bugs.launchpad.net/mailman/+bug/558281>.
I have now (finally) applied a version of this patch at <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1649>.
Mark,
Yes I remember reading that. I did briefly set up to use Sendmail but I forgot that I then changed it to have mailman use port 587 on the same host where postfix was set up to only accepted connections from its own addresses. I did that before going live and that was a server ago (rebuild everything from source since).
Thanks for pointing out this patch. It would be preferable to pick up the patch and use the MSA directly with TLS and SASL.
I'm rebuilding FreeBSD yet again due to security advisories. There are recent advisories on base (openssl and one on ntp that doesn't apply to me - don't use ntp in that way) and so I'm rebuilding the base and all the ports I use. I can use this oportunity to apply this as a local patch (FreeBSD ports is at mailman-2.1.22 and no mailman3 port yet, not that it would be all that hard to write a ports makefile and debug it - just don't have the time at this point).
On FreeBSD its a matter of:
fetch -o /usr/ports/mail/mailman/files/patch-Mailman-TLS+SASL
http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1649?context=3
Edit out or fix the patch to the News file since it doesn't apply
cleanly. I just deleted that part of the patch. Then:
cd /usr/ports/mail/mailman
make deinstall && rm -rf work && make install
optional:
make PACKAGES=/usr/packages package
I'm only now starting to use mailman again after a long (decade+) period of not maintaining any mailing lists. It might be a while before I get things right. Thanks for the help.
Curtis
ps - Mark - sorry for the duplicate. I forgot to change this to send from the domain I'm subscribed on. I need to add another subscribe with no delivery to fix this.
participants (2)
-
Curtis Villamizar -
Mark Sapiro