Re: [Nut-upsuser] Keeping the traffis on or off the list ?
On Feb 17, 2024, at 7:57 AM, Jim Klimov wrote: Other than that, I think the mailing list service we get from alioth comes "as is", not sure we can configure much about it. Can check, but not really inclined to - let humans decide how to best post and what is correct for each case :) On 17.02.24 11:09, Charles Lepple via Nut-upsuser wrote: I think this made more sense before, when the mailing list didn't *add* a Reply-To that goes to the individual sender. Since the defaults have changed, and there seems to be no option for "don't add Reply-To" (see my previous email with links to applicable documentation), I personally think the default should be changed to reply to the list (which individual senders can still override). Unfortunately this is the only (sane) way to put OP address into headers (since From: has to be mailing list). At least the only that comes to my mind now. On 17.02.24 11:17, Greg Troxel via Nut-upsuser wrote: I would guess that reply-to is getting added because of header munging. Turn off munging and this all goes away. This requires turning off header munging (adding Subject: prefix), body munging (addign list signature) and still, if someone from domain with DMARC but without DKIM signature (they exist) sent mail, it would either need to be rejected, or still munged. Otherwise the list server risks getting bounces. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
The list appears to have settings enabled: - modify the subject by adding [Nut-upsuser] - add a footer I believe these are controlled by the list administrator, in the same way as reply_goes_to_list. Both of these are, in the eyes of DKIM, attacks on the integrity of the message. I believe that when mailman is attacking the message :-) due to configuration, and the address in From publishes a DMARC policy, then it changes the From: and inserts a Reply-To back to the sender. Or rather that there is a setting "when breaking the message and From has a DMARC policy, forge from". Here are the headers of a message you recently sent to the list (and not also to me, so I'm seeing the list headers): From: Charles Lepple via Nut-upsuser Subject: Re: [Nut-upsuser] Keeping the traffis on or off the list ? To: Jim Klimov Cc: Charles Lepple , nut-upsuser Mailing List Date: Sat, 17 Feb 2024 11:09:20 -0500 (43 minutes, 27 seconds ago) Reply-To: nut-upsuser Mailing List As you can see the From: is forged. ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
On Feb 17, 2024, at 11:17 AM, Greg Troxel wrote: > > I would guess that reply-to is getting added because of header munging. > Turn off munging and this all goes away. Please re-read my email that explains the current setup of the list: https://alioth-lists.debian.net/pipermail/nut-upsuser/2024-February/013560.html TL;DR we are not root on the mailing list server. This has worked out well enough for a few decades, during which time I acknowledge that email standards have moved a bit (an as users of the Alioth mailing list service, we have not had to think about this much). The only time this is a problem is when a major email provider decides to switch to hard enforcement of standards like DKIM, and a raft of people get unsubscribed due to the bounce messages. The list currently has "reply_goes_to_list" set to "poster". According to the documentation: > reply_goes_to_list: This variable controls whether Mailman will add its own > Reply-To: header, and if so, what the value of that header will be (not > counting original header stripping - see above). > > When you set this variable to Poster, no additional Reply-To: header will be > added by Mailman. This setting is strongly recommended. The other settings will explicitly add a Reply-To header. Maybe this is a bug in either Mailman or its documentation. Either way, with the knobs we have available to us, I am inclined to do the next best thing, which is to set the reply-to back to the list (and maybe add a disclaimer to the footer of the list to pay attention to the destination addresses). If that is not acceptable, I think the idea of moving to an alternate mailing list server is still on the table. (I have my hands full managing my home email server, so I am not volunteering for this job.) [please use Reply-All as we get this all sorted out, thanks. No intentional asides to me; I will instinctively add back the list address as I have been doing manually for years when people email me directly about NUT issues.] -- Charles Lepple clepple@gmail ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
I would guess that reply-to is getting added because of header munging. Turn off munging and this all goes away. ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
On Feb 17, 2024, at 7:57 AM, Jim Klimov wrote: > > Other than that, I think the mailing list service we get from alioth comes > "as is", not sure we can configure much about it. Can check, but not really > inclined to - let humans decide how to best post and what is correct for each > case :) > Jim, I think this made more sense before, when the mailing list didn't *add* a Reply-To that goes to the individual sender. Since the defaults have changed, and there seems to be no option for "don't add Reply-To" (see my previous email with links to applicable documentation), I personally think the default should be changed to reply to the list (which individual senders can still override). - Charles ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
I sometimes get replies that are directed only to me. Oftentimes it is a sender "error" to not have used Reply to All, so I direct my response back to the list. Rarely it is about something the senders deem confidential, where a pointed reply seems to make sense (overriding would be bad). Other than that, I think the mailing list service we get from alioth comes "as is", not sure we can configure much about it. Can check, but not really inclined to - let humans decide how to best post and what is correct for each case :) Jim On Sat, Feb 17, 2024 at 9:32 AM Roger Price via Nut-upsuser < nut-upsuser@alioth-lists.debian.net> wrote: > I recently wrote to the list. The distributed message had the following > headers: > > > Date: Fri, 16 Feb 2024 19:22:59 +0100 (CET) > > From: Roger Price via Nut-upsuser > > Reply-To: Roger Price > > To: nut-upsuser Mailing List > > Subject: ... > > Note that the Reply-To goes back to the original poster, not the list. > Many mailing lists encourage the subscribers to "keep the list traffic on > the > list", rather than wandering off into private discussions. The > nut-upsuser > setup has exactly the opposite effect. > > Is it the intention to send the subscibers into private conversation? If > not, > and I suspect not, then the current Reply-To looks like a bug. > > Any replies to the list please. Roger > > ___ > Nut-upsuser mailing list > Nut-upsuser@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser > ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
On Feb 17, 2024, at 3:29 AM, Roger Price wrote: > > Note that the Reply-To goes back to the original poster, not the list. > Many mailing lists encourage the subscribers to "keep the list traffic on the > list", rather than wandering off into private discussions. The nut-upsuser > setup has exactly the opposite effect. Thanks for bringing this upstream change to our attention. For context, NUT has been using Mailman through the Alioth mailing list services ever since the project used CVS and Subversion code hosting services from Alioth as well. While it is handy to not have to maintain all of the infrastructure of a mailing list server (especially in this age of complex requirements for successful mail delivery), it also means that we do not have a ton of visibility into the changes made upstream. As Matus pointed out, the header-signing requirements are apparently forcing mailing lists to put in default values for some headers. While I am not sure I agree with the Mailman decision, this has made me aware of two settings that seem to have crept in when we weren't looking: - first_strip_reply_to (currently: no) - reply_to_goes_to_list (currently: poster) Documentation: https://www.gnu.org/software/mailman/mailman-admin/node11.html I have not yet adjusted reply_to_goes_to_list on the Mailman end, but I set the Reply-To header in my mail client in addition to putting the list in the To field. In theory, the first_strip_reply_to setting should allow my Reply-To header to pass through. If that works, I am okay with changing reply_to_goes_to_list to actually point to the list. IMHO, if subscribers really want replies to their messages to include their address, they can go to the trouble of setting a Reply-To header that includes both the list and their personal address. On Feb 17, 2024, at 5:09 AM, Roger Price wrote: > > Debian doesn't do it. Why should we? Debian (and NetBSD, to Greg's point) are larger projects that can afford to make much more intentional choices about their infrastructure, such as mailing lists. They can also directly monitor the fallout from decisions such as not signing headers. If anyone is interested in taking on the project of maintaining a separate mailing list server for NUT, please get in touch with the -owner alias for this list. (If that sounds like an overreaction, but you would still like to help manage the current mailing lists, we could also use a few more moderators.) [please use Reply-All as we get this all sorted out, thanks. No intentional asides to me; I will instinctively add back the list address as I have been doing manually for years when people email me directly about NUT issues.] -- Charles Lepple clepple@gmail ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
Reply-To: is about the *author*. On a list, people should "reply all" and include the list, generally, unless they intend to send a private reply. Having Reply-To set to the list violates standards and causes the "reply" MUA action to send a reply to other than the author, violating expectations. > From: Roger Price via Nut-upsuser There's more broken: the list changes the subject and adds a footer, breaking DKIM, and to work around that changes From: to the list. This also means the reply MUA sends an intended-private reply to the list. So all of that should be deconfigured, with the list passing messages unmodified except for List-Foo headers. The Reply-To: you are seeing is a workaround for forging From, which is a workaround for modifying the message. Really, the solution is to just stop all of this. NetBSD lists have zero of it and there is no trouble. ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
On 17.02.24 09:29, Roger Price via Nut-upsuser wrote: I recently wrote to the list. The distributed message had the following headers: Date: Fri, 16 Feb 2024 19:22:59 +0100 (CET) From: Roger Price via Nut-upsuser Reply-To: Roger Price To: nut-upsuser Mailing List Subject: ... Note that the Reply-To goes back to the original poster, not the list. Many mailing lists encourage the subscribers to "keep the list traffic on the list", rather than wandering off into private discussions. The nut-upsuser setup has exactly the opposite effect. This is side effect of adding list signatures (which many lists do because many users are often unaware of a concept of mailing lists) and message authentication mechanisms like SPF, DKIM and DMARC. Many domains use these mechanism to prevent others from spoofing their mail and many providers (e.g. gmail) require using these mechanisms on domains to accept mail from them. It's impossible to forward mail without changing envelope from: address, since it would fail SPF check. With modifying some headers and body it's impossible to keep original DKIM signature working and that's how DKIM works - it guarantees that mail was send from original domain as-is. While mailing list server may DKIM-sign all passing mail, in order to pass DMARC check, the mail must have either valid DKIM signature from domain in header From:, or it must pass SPF check from the same domain. Thus, mailing lists change From: address to their domain and sign mail with their domain DKIM key. The resulting mail will have @alioth-lists.debian.net in envelope from: (thus pass SPF) and header From: (thus pass DKIM). The only way now is to keep original sender address in Reply-To: header. Is it the intention to send the subscibers into private conversation? If not, and I suspect not, then the current Reply-To looks like a bug. It's necessary change. Users are welcome to use mail clients supporting mailing lists, or use Reply-All function of their MUA. Any replies to the list please. Roger I agree here. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet. ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
On Sat, 17 Feb 2024, Harlan Stenn via Nut-upsuser wrote: I'd bet the following is news to nobody. Some of us Dislike setting Reply-To: at all. Debian doesn't do it. Why should we? If it exists, there's an expectation that it should be followed. That's the problem for me - it exists and it drives the traffic off the list. *Not* setting Reply-To: lets the recipient decide. That's the way it should be. Roger ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] Keeping the traffis on or off the list ?
I'd bet the following is news to nobody. Some of us Dislike setting Reply-To: at all. If it exists, there's an expectation that it should be followed. Some folks will want to reply to the sender, others to the list. So no matter which way is chosen, one group will be disappointed. An email client that makes it difficult for the user to override Reply-To: ... makes it ... difficult. *Not* setting Reply-To: lets the recipient decide. The downside there is that it means the recipient has to put a bit of thought in to where the reply should go. But at least this way, at least some of us believe that the responsibility lands where it should. On 2/17/2024 12:29 AM, Roger Price via Nut-upsuser wrote: I recently wrote to the list. The distributed message had the following headers: Date: Fri, 16 Feb 2024 19:22:59 +0100 (CET) From: Roger Price via Nut-upsuser Reply-To: Roger Price To: nut-upsuser Mailing List Subject: ... Note that the Reply-To goes back to the original poster, not the list. Many mailing lists encourage the subscribers to "keep the list traffic on the list", rather than wandering off into private discussions. The nut-upsuser setup has exactly the opposite effect. Is it the intention to send the subscibers into private conversation? If not, and I suspect not, then the current Reply-To looks like a bug. Any replies to the list please. Roger ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
[Nut-upsuser] Keeping the traffis on or off the list ?
I recently wrote to the list. The distributed message had the following headers: Date: Fri, 16 Feb 2024 19:22:59 +0100 (CET) From: Roger Price via Nut-upsuser Reply-To: Roger Price To: nut-upsuser Mailing List Subject: ... Note that the Reply-To goes back to the original poster, not the list. Many mailing lists encourage the subscribers to "keep the list traffic on the list", rather than wandering off into private discussions. The nut-upsuser setup has exactly the opposite effect. Is it the intention to send the subscibers into private conversation? If not, and I suspect not, then the current Reply-To looks like a bug. Any replies to the list please. Roger ___ Nut-upsuser mailing list Nut-upsuser@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser