[Mailman-Users] resend - mailman 2.1.21 - dmarc check problem

Curtis Villamizar curtis at ipv6.occnc.com
Wed May 4 12:27:24 EDT 2016

I'm resending this with a new subject.  The last email just
disappeared (no bounce).  Maybe having
DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL in the subject tripped an all
caps in subject test.  (Or the moderator is slacking?)


I have mailman set up on an IPv6 only host and publicsuffix.org has no
IPv6 address.  A near identical configuration is set up on a dual
stack host.  Any email to the IPv6 only host fails with an entry in
logs/error of the form "Unable to retrieve data from
https://publicsuffix.org/list/public_suffix_list.dat: <urlopen error
[Errno 43] Protocol not supported>"

It doesn't look as if publicsuffix.org will be getting an IPv6 address
any time soon.  The alternative github.com also doesn't have an IPv6
address.  In the mean time I would like to disable the use of
DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL by setting it empty.  To do this
it seems that I would need the following change:

- --- Mailman/Utils.py.orig       2016-04-09 04:08:56.000000000 -0400
+++ Mailman/Utils.py    2016-05-03 14:37:12.683904000 -0400
@@ -1205,6 +1205,8 @@
     Domain which may be the same as the input."""
     global s_dict
     if not s_dict:
-        get_suffixes(mm_cfg.DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL)
+            get_suffixes(mm_cfg.DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL)
     hits = []
     d = domain.lower().split('.')

In mm_sfg.py I just set "DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL = ''".

This works for .com, .org, .net, etc but not for things like co.uk,
etc (which in my case is not an issue).

A second question is why does failing to access publicsuffix.org
result in a hard fail rather than a soft fail?  The change I made just
skips over get_suffixes and leaves s_dict empty.  It seems that
get_suffixes does do a "try and except" which logs and returns, but
then the mail gets rejected and the reason is not clear to me by just
reading the code.  In logs/smtp-failure there is a message of the form
"failed with code 554: 5.7.1 <fqdn[ipv6addr]>: Client host rejected:
Access denied".  Skipping get_suffixes throws no error and leaves
s_dict empty.  At most an error in get_suffixes should put the email
in shunt but that seems to be in error handling upstream.


More information about the Mailman-Users mailing list