On 04/30/2014 07:57 PM, Stephen J. Turnbull wrote:
> 
> May as well rewrite the doc ... here goes:
> 
>     from_alignment:  Try to ensure that From is not "misaligned" with
>     the author's domain, to conform with protocols like DMARC.
>     [FIXME: I don't see how to avoid the double negative.  Help?!]


I'm not sure what to change at this point. I really don't want another
change in the attribute name, but maybe.

I'm also not sure about alignment as that is a technical term in the
DMARC spec and may be more technical than we want here.

If I understand the double negative remark, what about 'From is
"aligned" ...', but that really is not the issue. The issue is that if
the From: domain publishes a DMARC p=reject policy, that domain must
align with that of a valid DKIM signature or a valid SPF envelope
sender/server. The SPF won't align because the envelope is from the
list's domain for bounce processing, and the DKIM sig from the author's
domain won't validate because of list transformations on the message.

We are really rewriting the From: header (I need to remove the 'sender'
wording) to avoid it's containing the author's address because that
address won't pass DMARC.


>     This setting replaces the from_is_list setting, which is now
>     deprecated.  Existing from_is_list settings will be respected.
> 
>     Several protocols now in wide use attempt to ensure that use of
>     the domain in the author's address (ie, in the From header field)
>     is authorized by that domain.  These protocols may be incompatible
>     with common list features such as footers, causing participating
>     email services to bounce list traffic merely because of the
>     address in the From field.  *This has resulted in members being
>     unsubscribed despite being perfectly able to receive mail.*
> 
>     The following actions are applied to messages where use of such a
>     protocol is detected by Mailman.  [FIXME: Is that correct?]


The current from_is_list applies to all list messages.
dmarc_moderation_action applies only to messages From: a domain "where
use of such a protocol is detected by Mailman."


>     Valid values:
> 
>     'no': Do nothing special.  This is appropriate for anonymous lists.
>     It is appropriate for dedicated announcement lists, unless the
>     "From" address is not within the Mailman host's domain.  [FIXME:
>     Maybe None is a better value here.  Of course that's not backward
>     compatible, but with the name change it would be possible to check
>     the old from_is_list.]
> 
>     'shift author': Shift the address(es) in From to Reply-To
>     (preserving existing addresses in Reply-To), and insert the list's
>     [posting?] address in From.
>
>     'wrap message': Treat the message as a MIME forward with list in
>     From and the original message encapsulated in a MIME message/rfc822
>     part.  Subscribers will perceive this as a "one message digest".
>     [FIXME: Should this respect the MIME vs. legacy encapsulation
>     ('digest') setting?  If 'yes', that setting should move to General
>     or so?]


I don't want to go the FIXME route. It's too hard for this release.
Also, are you suggesting doing this for all messages based on what is
now Digest options-> mime_is_default_digest or doing it per user based
on the user's "Get MIME or Plain Text Digests?" (which has a value for
everyone even if they don't get digests). Of course, we are only
concerned with non-digest members here and their value is probably the
list default anyway.

Also, this (legacy encapsulation) really only differs from the Munge
>From option in that a few headers are copied to the body of the message
and non-text/plain part are scrubbed, and I don't know how valuable it
would be.


>  > These settings play as expected with the anonymous_list and Reply-To:
> 
> What does "as expected" mean?  (If *I* have to ask.... :-)


Point taken.


>  > header munging settings below with the exception of adding "via
>  > real_name" to the display name in the From: for an anonymous list and
> 
> ??  Adding real name to From in an *anonymous* list?


real_name refers the the list attribute which is the list name with
possibly different capitalization, but I see it should be changed.


>  > adding the poster's address to Reply-To: in almost all cases.
>  > 
>  > If anonymous_list is Yes, there is no reason to set from_is_list to
>  > anything other than No.
> 
> Unnecessary with my wording above.
> 
>  > If dmarc_moderation_action applies to this message with an action other
>  > than Accept, that action rather than this is applied
> 
> This doesn't seem correct.  True, if Reject (aka "emit backscatter")
> or Discard, the message will never reach this point.  But if it's
> Hold, this processing will be applied if the message is accepted by
> the moderator.  How about


Hold is not an option for dmarc_moderation_action. it is the action
which applies to messages From: a domain with DMARC policy p=reject an
optionally p=quarantine. The possible actions are Accept, Munge From,
Wrap Message, Reject or Discard


>     See also dmarc_moderation_action (which will be applied earlier in
>     processing than this feature).
> 


-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to