[UCIMC-Tech] Mailman 2.1.18? - DMARC: Yahoo vs internet mailing lists

Josh King jking at chambana.net
Thu May 8 22:21:42 EDT 2014 

To be honest, I'm not entirely clear how wrap message works. On further
inspection, I think what they're talking about with DKIM is just that
using 'Mung From' makes DKIM possible for lists, whereas before it
really wasn't. DKIM associates a cryptographic key with a particular
domain, but given that mailinglists typically have the 'From' address be
that of the original sender of the message, the DKIM key is mismatched
and so Mailman usually strips out DKIM headers. Since this function
changes the 'From' address to be the list and the 'Reply-to' to be the
original sender, DKIM should work where it usually wouldn't. But despite
their confusing wording, I don't think it's _necessary_. I would
probably try 'Mung from' first.

On 05/08/2014 07:30 AM, Jay Schubert wrote:
> thanks.  So until that time, do you recommend *Mung From* or *Wrap
> Message* setting for/from_is_list/?
> 
> - Jay
> 
> 
> On Wed, May 7, 2014 at 9:25 PM, Josh King <jking at chambana.net
> <mailto:jking at chambana.net>> wrote:
> 
>     I upgraded mailman late last night, apologies for needing time to do a
>     little additional research.
> 
>     The options are now permitted under General Options in list
>     administration. I figure I'll leave it up to you guys to experiment with
>     the settings you want for from_is_list, unless you want me to do it,
>     which is fine too. Mailman seems to recommend that we set up DKIM
>     signing for domains for which we enable munging. I had been planning on
>     setting this up at some point anyway, but I likely won't get to it until
>     at least this weekend.
> 
>     On 05/06/2014 11:58 AM, Stuart Levy wrote:
>     > Yes, thank you, having that 2.1.16 from_is_list workaround, even
>     though
>     > imperfect, would be a great relief!
>     >
>     > And, thanks, too, for pursuing hotmail.   Blast them.
>     >
>     > On 5/6/14 9:28 AM, Josh King wrote:
>     >> Actually, it looks like there is a (not as good) DMARC workaround in
>     >> 2.1.16. I'm going to try updating to that in order to try it out, and
>     >> see if that will allow us to get around Yahoo until 2.1.18 ends up in
>     >> the repositories officially.
>     >>
>     >> On 05/06/2014 10:25 AM, Josh King wrote:
>     >>> Thanks for tracking down this issue. Unfortunately the newest
>     version
>     >>> of Mailman available for Debian (even unstable) is 2.1.16. We do
>     have
>     >>> our own apt repository, though. I'll see if I can roll an
>     updated dpkg,
>     >>> though it'll be a little risky. It's pretty ridiculous of Yahoo
>     to do
>     >>> this.
>     >>>
>     >>> Btw, I've applied for hotmail delisting twice, but gotten just
>     >>> automated messages repeating the nonsense about namespace mining
>     that
>     >>> shows up in the logs anyway. I'm currently looking at whether I can
>     >>> switch just the mailinglists to a different IP in our allocation to
>     >>> work around it.
>     >>>
>     >>> On Tue 06 May 2014 07:25:18 AM EDT, Jay Schubert wrote:
>     >>>> I can't do the mailman upgraded, but I will mention that BTP really
>     >>>> needs this fixed.  We're dead in the water with our three lists
>     until
>     >>>> this is resolved.
>     >>>>
>     >>>>
>     >>>> On Mon, May 5, 2014 at 11:56 PM, Stuart Levy
>     <stuartnlevy at gmail.com <mailto:stuartnlevy at gmail.com>
>     >>>> <mailto:stuartnlevy at gmail.com <mailto:stuartnlevy at gmail.com>>>
>     wrote:
>     >>>>
>     >>>>     Dear IMC Tech people,
>     >>>>
>     >>>>     I'm sorry to bother you again, but am wondering if you can help
>     >>>>     with this, or if I can, or both.
>     >>>>
>     >>>>     Having read last month that Yahoo's DMARC mail trust
>     settings were
>     >>>>     breaking mailing lists including the IETF's own -
>     >>>>        
>     http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html
>     >>>>     ... I wondered why it wasn't happening here.   Well, it is.
>     >>>>
>     >>>>     The effect is that, when a Yahoo user writes to an IMC mailing
>     >>>>     list which has other Yahoo users as non-digest recipients,
>     all of
>     >>>>     them - sender and receivers - get bounce messages.   The
>     receivers
>     >>>>     get fatal bounces which immediately suspend them from the list.
>     >>>>     This is happening now.
>     >>>>
>     >>>>     There are workarounds for this in the latest version of
>     Mailman,
>     >>>>     2.1.18, released just this last weekend --
>     >>>>
>     >>>>         release notes here:
>     >>>>
>     >>>>    
>     https://mail.python.org/pipermail/mailman-users/2014-May/076787.html
>     >>>>
>     >>>>         including this:
>     >>>>
>     >>>>           [...] a new Privacy options -> Sender filters ->
>     dmarc_moderation_action
>     >>>>           feature which applies to list messages where the
>     From: address is in a
>     >>>>           domain which publishes a DMARC policy of reject or
>     possibly quarantine.
>     >>>>           This is a list setting with values of Accept, Wrap
>     Message, Munge From, Reject or Discard.
>     >>>>           There is a new DEFAULT_DMARC_MODERATION_ACTION
>     configuration setting to set the
>     >>>>           default for this, and the list admin UI is not able
>     to set an action
>     >>>>           which is 'less' than the default.
>     >>>>
>     >>>>     What would it take to get Mailman 2.1.18 on the
>     chambana.net <http://chambana.net>
>     >>>>     <http://chambana.net> mailing list server?
>     >>>>
>     >>>>     _______________________________________________
>     >>>>     IMC-Tech mailing list
>     >>>>     IMC-Tech at lists.chambana.net
>     <mailto:IMC-Tech at lists.chambana.net>
>     <mailto:IMC-Tech at lists.chambana.net
>     <mailto:IMC-Tech at lists.chambana.net>>
>     >>>>     https://lists.chambana.net/mailman/listinfo/imc-tech
>     >>>>
>     >>>>
>     >>>>
>     >>>>
>     >>>> _______________________________________________
>     >>>> IMC-Tech mailing list
>     >>>> IMC-Tech at lists.chambana.net <mailto:IMC-Tech at lists.chambana.net>
>     >>>> https://lists.chambana.net/mailman/listinfo/imc-tech
>     >>> --
>     >>> Josh King
>     >>> PGP Fingerprint: 8269 ED6F EA3B 7D78 F074 1E99 2FDA 4DA1 69AE 4999
>     >>>
>     >>>
>     >>>
>     >>>
>     >>> _______________________________________________
>     >>> IMC-Tech mailing list
>     >>> IMC-Tech at lists.chambana.net <mailto:IMC-Tech at lists.chambana.net>
>     >>> https://lists.chambana.net/mailman/listinfo/imc-tech
>     >>>
>     >>
>     >>
>     >> _______________________________________________
>     >> IMC-Tech mailing list
>     >> IMC-Tech at lists.chambana.net <mailto:IMC-Tech at lists.chambana.net>
>     >> https://lists.chambana.net/mailman/listinfo/imc-tech
>     >
> 
>     --
>     Josh King
>     PGP Fingerprint: 8269 ED6F EA3B 7D78 F074 1E99 2FDA 4DA1 69AE 4999
> 
> 

-- 
Josh King
PGP Fingerprint: 8269 ED6F EA3B 7D78 F074 1E99 2FDA 4DA1 69AE 4999

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.chambana.net/pipermail/imc-tech/attachments/20140508/b0aff4ea/attachment.sig>

More information about the IMC-Tech mailing list