[Mailman-Users] mm-handler same as postfix-to-mailman.py

Grant Taylor gtaylor at tnetconsulting.net
Mon Jan 7 15:13:28 EST 2019

On 01/07/2019 09:59 AM, Dmitri Maziuk via Mailman-Users wrote:
> We used to run irix whose sendmail sent every message from host.domain 
> and every A record had to have an adjacent MX record for e-mail to even 
> work. That way lies madness.


I think Sendmail (and other MTAs that I've tested) default to 
user at host.domain too.  But that's just a default that's easy to change.

I thought that SMTP allowed for falling back to an A record to find 
where to send messages for host.domain.  Or are you saying that you used 
MX records to route email to a different machine, possibly a mail hub?

I also thought that SMTP would iterate up through the right hand side of 
email addresses looking for MX / A records and trying to connect to an 
SMTP server.  Thus it would be possible to have an MX record for domain 
and all hosts there in would cascade up to said MX record.

Or is all of this vagaries of SMTP and too unpredictable / unreliable 
and best avoided?

> Rather trivial with postfix but a) we have bona fide subscribers posting 
> rom their gmail instead of subscribed From: -- I want those to get 
> moderated instead of bounced, b) it is of course subject to spoofing, 
> and c) how much of a problem is it IRL?

A) Fair enough.  I would expect there to be a per-list tunable to either 
reject or not-reject messages based on list membership.  In the scenario 
that you describe, the messages would not be rejected based on sending 
email address and assuming the message passes other tests would be 
passed further into Mailman.

B) I would hope that other things like SPF / DKIM / DMARC would help 
reduce this considerably.  But I'm not going to hope enough to hold my 

C) ¯\_(ツ)_/¯  I suspect it's highly mailing list dependent.  -  I 
personally like to do as much as possible during the SMTP transaction. 
So if there is a reasonable way to apply some Mailman filtering logic to 
applicable messages, why not do it?

> In our -- admittedly very lightly loaded -- domains, it's RBL and fail2ban 
> that seem to provide best bang for the buck.


Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20190107/0bfdd606/attachment.bin>

More information about the Mailman-Users mailing list