Thus spake Mark Sapiro: > On 05/28/2014 05:41 AM, Joel Uckelman wrote: > > > > I'm running the just-released RPM for 2.1.18 on Fedora 20. I have the > > python-dns package installed, which I read was required for DMARC > > checks. > > > The required package is dnspython. This is not the same as PyDNS. It > looks like the Fedora python-dns package is the right one, but I'm not sure.
I'm certain I have the correct package: The URL 'rpm -qi' gives for the pacakge is http://www.dnspython.org/, which is the same as the one given by the 2.1.18 release announcement. > What happens when you invoke the python that Mailman is using and type > > import dns.resolver > from dns.exception import DNSException [uckelman@one ~]$ python Python 2.7.5 (default, Feb 19 2014, 13:47:28) [GCC 4.8.2 20131212 (Red Hat 4.8.2-7)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import dns.resolver >>> from dns.exception import DNSException >>> The dns module appears to be found. > If you get an ImportError, something is wrong. Otherwise things should > be OK. You can see what python Mailman is using by looking at the > command lines reported by > > ps -fAw | grep qrunner [uckelman@one ~]$ ps -fAw | grep -m 1 qrunner mailman 2733 2700 0 May22 ? 00:01:01 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s Looks like /usr/bin/python, which is the same one as on the path: [uckelman@one ~]$ which python /usr/bin/python > There will normally be an entry in Mailman's vette log for every DMARC > p=reject (and p=quarantine if enabled) found and possible entries in > Mailman's error log for lookup errors and other unusual conditions. I have five vette logs handy, going back as far as 5 May (which would be before I installed 2.1.18). Three are empty; the other two contain one message each about rejecting a post by a nonsubscriber. There's nothing about DMARC in any of them. > If there are no 'DMARC' entries in Mailman's logs, it most likely means > the imports I show above didn't succeed in the python that Mailman is > using, in which case dmarc_moderaction_action will not be done at all. Do you still think that given what I found above? > > There is one unusual thing about my list---namely that it sits at one > > end of a bridge to a phpbb forum. That is, all of the posts from the > > forum are posted to the list with their Sender set to a special address > > which is subscribed to the list, and all post from the list are > > received by that special address and posted to the forum from there. > > This means that a lot of the addresses in From headers of messages going > > out over the list are not actually subscribers to the list. Could this > > be tripping up the dmarc_moderation_action? > > > What do you mean by Sender? Do you mean the Sender: header or the From: > header or what? Yes, exactly. By "Sender" I'm referring to the Sender: header. > Perhaps you can explain more precisely what you mean by the above in > terms of the From: header seen by Mailman and the From: header in the > list message that recipients see. > > If all you are saying is that a lot of posts are From: non-members > because they come via the phpbb forum, that shouldn't matter. Mailman > should still check the From: domain for DMARC and apply the > dmarc_moderation_action as required regardless of list membership. This is exactly what I'm saying. Many messages posted to the list via the bridge have From: headers with non-list-member addresses in them. All messages posted to the list via the bridge have the Sender: address set to a special address which *is* a list subscriber, which is why (I believe) Mailman does not reject such messages as originating from non-subscribers. -- J. ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
