[Mailman-Developers] Extracting some Mailman code

Lindsay Haisley fmouse at fmp.com
Sun Oct 15 10:35:19 EDT 2017 

On Thu, 2017-10-12 at 13:15 -0700, Mark Sapiro wrote:
> On 10/12/2017 12:37 PM, Lindsay Haisley wrote: 
> > So, if someone could give me a few pointers to the relevant code in
> > Mailman 2, and any suggestions which might save me some time, I can
> > take it from there. I'm python-literate and have hacked our copy of
> > Mailman here in the past - perhaps more than is wise since every time I
> > upgrade I need to apply a number of patches to bring my mods along with
> > the upgrade :)
> 
> There are two pieces to this in Mailman (both 2.1 and 3.1). One piece is
> determining the DMARC policy of the From: domain. In MM 2, the code that
> does this is in Mailman/Utils.py beginning with the comments
> 
> # The next functions read data from
> # https://publicsuffix.org/list/public_suffix_list.dat and implement the
> # algorithm at https://publicsuffix.org/list/ to find the "Organizational
> # Domain corresponding to a From: domain.
> 
> and extending through the end of the
> 
> def _DMARCProhibited(mlist, email, dmarc_domain, org=False):

I'm running MM 2.1.18-1 here and find only

> # This takes an email address, and returns True if DMARC policy is p=reject
> # or possibly quarantine.
> def IsDMARCProhibited(mlist, email):
> ... etc

This looks pretty straight-forward. I can dispense with code related to
mlist since I need only a True|False determination of whether the
sending domain publishes a DMARC "p=reject" or "p=quarantine" record.
You folks are obviously up-to-speed on DMARC nuances and this code
looks pretty through.

I assume the reference to publicsuffix.org comes with later versions of
2.x and in MM 3 since there's none in 2.1.18-1. This must be something
new in the DMARC mitigation world and I'm not familiar with it.

Is there any reason to pull in a more recent MM 2 and use the DMARC
detection code therein? Speed is important here since this is simply a
turnaround on a single email, not dependent on any list variables. I'm
reluctant to burden every redirection turnaround with an HTTP look-up.

Replacement of the From header is just a matter of reading the email
headers into an array, making modifications if necessary and pushing
the result, followed by the message body, out to Courier's sendmail
clone. Basically:

if from_domain publishes bad DMARC:
    if Reply-To does not exist:
        copy From header to Reply-To
    Replace From with "On behalf of old_From" <postmaster at fmp.com>
Feed headers and body to Courier's sendmail clone

My take on it is that this should work OK.

-- 
Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson

More information about the Mailman-Developers mailing list