[Mailman-Users] Assistance with altering reply-to behaviours and DMARC

Barry S. Finkel bsfinkel at att.net
Fri Aug 28 17:10:53 CEST 2015 

On 8/28/2015 3:03 AM, Will Yardley wrote:
> On Fri, Aug 28, 2015 at 01:37:18PM +0900, Stephen J. Turnbull wrote:
>> Mark writes:
>>   > First, apologies if this has been discussed before.  I run a number
>>   > of mailman lists on a Centos 6 platform and mailman 2.1.12-25. This
>>   > version was updated in July as follows:
>>   > https://rhn.redhat.com/errata/RHSA-2015-1417.html and included
>>   > fixes for a number of DMARC issues.  Including "... With this
>>   > update, domains with a "reject" DMARC policy are recognized
>>   > correctly.."
>>
>> Stock Mailman 2.1.12 doesn't do any DMARC detection.  This is quite
>> bizarre that they would backport such a feature rather than update to
>> 2.1.18-1 or later.  Mailman 2.1 is hardly an unstable package.
>
> That's the way most "stable" Linux distributions do it. I think it has a
> lot to do with keeping the complex web of interdependencies in check,
> but probably also has to do with keeping features predictable. Even with
> security issues, generally, they go to quite a bit of work to backport
> things, rather than change versions.
>
> Not sure about 6, but the specific way they backported the changes for
> the DMARC patch on EL5 had to do partially with dependencies... either
> the fact that the normal version didn't depend on dnspython and this one
> did, or the version of dnspython required wasn't available in EL5 (looks
> like they actually ended up vendoring dnspython inside the Mailman
> package).
>
> Folks who want more up to date versions tend to either jump major
> releases more often, use third party repos, rebuild RPMs from upstream,
> or just build from source. We use the vendor provided Mailman package,
> and for the most part, it works for us, though in cases like this, it is
> problematic.
>
> w

It appears to me that if someone were to back-port the DMARC changes
from 2.1.18 back to 2.1.12, then there is a possibility that there
will be problems with the back-port due to code changes between
.12 and .18.  When I looked at the Ubuntu changes, I saw many
changes that were not documented, and I had no idea what they did.
Part of the problem in Ubuntu (or any other packager) who wants
to create a package for a newer Mailman is that all of these
patches, whether created to fix bugs or add features, have to be
re-fitted into the code.  And that takes time.  I am not sure
which process is more prone to introduce errors - re-fitting
patches into a newer Mailman or trying to re-fit DMARC patches
into on older Mailman.

This is why I determined, when I was running a Mailman installation
on Ubuntu, that I would create my own package from the SourceForge
source instead of installing the Ubuntu Mailman package.  It took
me a while to figure out how to do it, but once I did it, I had
the instructions to re-do it for subsequent SF Mailman releases.

I wanted to know exactly what source I was running, so I could get
assistance from the authors via this list.

--Barry Finkel
--Barry Finkel

More information about the Mailman-Users mailing list