[Mailman-Users] DMARC hack

Stephen J. Turnbull stephen at xemacs.org
Sun May 24 20:14:21 CEST 2015

Allan Hansen writes:

 > Checking for aol.com and yahoo.com here alone will not work. I have
 > a bunch of other subscribers that have  accounts with providers
 > that are owned by Yahoo (mostly) and AOL, but whose addresses are
 > not of this form.

Oddly enough, it turns out that they only use DMARC p=reject at their
principal domain (aol.com and yahoo.com).  You can check for any given
domain by prepending _dmarc. and checking the TXT record.  For
example, for aol.com it would be "host -t TXT _dmarc.aol.com" if you
have the host utility for doing DNS lookups.

 > I would have to do this for all addresses, to be safe.

If you're worried about safety and care about conforming to standards,
you really should upgrade to at least Mailman 2.1.18-1.  That allows
you to be nonconformant only for authors whose addresses are in
troublesome domains, and handles the reply-to issue as well as
possible (making everybody happy isn't quite possible).  I'm sure you
have good reason for not doing so *right* *now*, but keep it in mind.

 > If I do this and add the bit about the Reply-To, what would the
 > code look like?

If you do it for all mail, you just delete the "if" line and shift
everything left one dedent.

    name, addr = parseaddr(msg.get('from'))
        name = "%s (%s) via list" % (name if name else "Anonymous", addr)
        fromaddr = mlist.GetListEmail()
        del msg['from']
        msg['from'] = formataddr((name, addr))
        # reply-to handling goes here

I'm not comfortable trying to say what to do about reply-to, because
it's quite complicated depending on how you want to handle each of a
large number of variations: what to do with a preexisting Reply-To and
whether to put the list and/or the from address there.  See the
Mailman/Handlers/CookHeaders.py file in the Mailman distribution.

More information about the Mailman-Users mailing list