[Mailman-Users] 2.1.18 internal documentation suggestions

Stephen J. Turnbull stephen at xemacs.org
Fri May 2 06:33:57 CEST 2014

Mark Sapiro writes:

 > from_is_list (general): Replace the From: header address with the list's
 > posting address to mitigate issues stemming from the original From:
 > domain's DMARC or similar policies.

That's good!

[snip my suggestion :]

 > The following actions are applied to all list messages when selected
 > here. To apply these actions only to messages where the domain in the
 > From: header is determined to use such a protocol, see the
 > dmarc_moderation_action settings under Privacy options... -> Sender filters.

Good!  Maybe even "encourage" use of d_m_a?

 > No
 >     Do nothing special. This is appropriate for anonymous lists.


 > The transformations for anonymous_list are applied before any of these
 > actions, so if actions other than No are applied on an anonymous list,
 > they will apply to the anonymized message.

This may be confusing?

 > The Reply-To: header munging actions below interact with these actions
 > as follows:
 > first_strip_reply_to = Yes will remove all the incoming Reply-To:
 > addresses but will still add the poster's address to Reply-To: for all
 > three settings of reply_goes_to_list which respectively will result in
 > just the poster's address, the poster's address and the list posting
 > address or the poster's address and the explicit reply_to_address in the
 > outgoing Reply-To: header.
 > [Note: is the above what we want? I think so, but others are adding a
 > header something like X-Mailman-Originally-From:

IIUC, yes, that's what we want.  OnlineGroups has some features
Mailman doesn't (yet?) to handle the "reply munging" issue AIUI.

(1) X- fields are deprecated.  They don't actually help in creating
    "private" protocols, and (not relevant to us here, I think) they
    make it difficult to upgrade to the standardized version.

(2) I think this is pretty useless (with one exception), because most
    MUAs won't display the information.  Even with "Show Source" (how
    many AOLers use that?), you have to dig through a thicket of trace
    fields and spam scores.  Better to log the information.  But why
    do that when we archive the original message as received?  (In
    fact, if we do this correctly it would be possible to post-archive
    DKIM-verify messages!  GSoC 2015? :-)

 > (see the "The future options for mailing list managers" section at
 > <http://onlinegroups.net/blog/2014/05/01/dmarc-taking-responsibility-sending-group-email/>)]

They don't seem to think it's terribly useful though, it's just a sort
of trace field.  BTW, that blog also says

    The attackers succeeded in accessing about 20% of AOL users’ email
    accounts and obtaining details of their contacts.

I hope that means that AOL is now down to the 100 Stupidest On-Line
Americans, of whom 20 were fooled....  But I digress.

 > These actions do not apply to messages in digests or archives or
 > sent to usenet via the Mail<->News gateways.

Is that true of dmarc_moderation_action, too?  (I assume so and would
consider it a bug if not.)

More information about the Mailman-Users mailing list