[Mailman-Users] DNS error behaviour with DMARC

Jeff White jaw171 at pitt.edu
Wed Aug 27 17:54:54 CEST 2014


With dmarc_moderation_notice set to anything but "Accept" Mailman will 
do a DNS query for every message that comes in and check the DMARC 
record of the sending domain.  I have two questions regarding this:

1. Has anyone on this list noticed any performance issues with the 
overhead this adds?  I doubt there is anything noticeable but curious if 
anyone has seen any issue.

2. What is Mailman's behaviour if the query fails (e.g. times out)? 
Defaults.py says:

# Parameters for DMARC DNS lookups. If you are seeing 'DNSException:
# Unable to query DMARC policy ...' entries in your error log, you may need
# to adjust these.
# The time to wait for a response from a name server before timeout.
DMARC_RESOLVER_TIMEOUT = seconds(3)
# The total time to spend trying to get an answer to the question.
DMARC_RESOLVER_LIFETIME = seconds(5)

... but what happens to the post when DNSException is thrown?  Is the 
message rejected and a bounce sent to the poster?  Is it re-queued and 
tried again?  If so when does Mailman give up?  Does Mailman simply 
shunt the post and throw an error?


If someone can point me to the file that holds this code I can review it 
and report what the behaviour is.

-- 
Jeff White - GNU+Linux Systems Administrator
University of Pittsburgh - CSSD


More information about the Mailman-Users mailing list