Greetings, I am having issues with some addresses on a couple of the few thousand lists that I am hosting in mailman. The addresses in question are using Mimecast for their email protection. So, I'm asking all of you for your opinion/advice.
Problem 1: One list gets their email rejected with a 550 Rejected by header based Anti-Spoofing policy: ... https://community.mimecast.com/docs/DOC-1369#550 If I am reading the referenced (https://community.mimecast.com/docs/DOC-1419-anti-spoofing-policies) page correctly, the problem is that the sender of the list is at domain A, the recipients of the lists are at domain A, but the listserv itself is in domain B, and from Mimecast's POV, there shouldn't be mail from A to A being relayed by B. And then it goes on to say that you should reconfigure your Mimecast to put in a bypass policy for this server. What the mail folks at domain A would prefer is that I (domain B) fix this. I'm thinking that I could fix this by using either anonymous_list or changing the setting of from_is_list. But, what isn't clear to me is if this is really the correct step to take (my initial inclination is that they should follow Mimecast's direction of putting in a bypass policy). Problem 2: Another list I have -- they actually accept the mail, and then send it back. So, I see status=sent in my postfix logs, but the members don't get it. Apparently, it is running into a problem because the HELO greeting from my mail gateways (MX) doesn't match the FQDN of the mailman server. So, the mailman server is smarthosted to my MX servers, which do some scanning of the message before sending it out. Apparently, what these Mimecast users want me to do is to rewrite the envelope so that instead of the mailman server's FQDN, I replace it with either the FQDN of the MX server, or just my domain. In the /etc/aliases file on my MX servers, I have the 'post' address listed, so mail sent to listname@domain gets routed to the mailman server. I haven't listed any of the other 9 mailman addresses (i.e. -admin, -bounces, -confirm, -join, -leave, -owner, -request, -subscribe, -unsubscribe). So, my thinking is that if I do the rewrite, so the message comes from listname-bounces@domain, instead of listname-bounces@lists.domain, I will need to add this and the other addresses on my MX server so that mail routing will work. Since I have 3000+ lists, that's like 27k more lines in /etc/aliases to add/manage. Again, I'm thinking that they should put in some exception in their Mimecast configuration. Am I just being obstinate here for no reason? Should I just assume the pain and change the behavior of my mailman server? Thoughts? Thanks! -p -- Pat Hirayama Systems Engineer / 206.667.4856 / phira...@fredhutch.org / Fred Hutch / Cures Start Here CIT | Advancing IT and Data Services to Accelerate the Elimination of Disease ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
