On 6/20/20 1:39 PM, Johannes Rohr wrote: > Am 20.06.20 um 19:37 schrieb Mark Sapiro: >> On 6/20/20 5:52 AM, Johannes Rohr wrote: >>> >>> Jun 19 21:02:42 2020 (14835) Message discarded, msgid: <************@***>' >>> list: ******, >>> handler: SpamDetect >> >> There are 3 reasons why SpamDetect can discard a message. >> >> 1) (not likely) The message contains a header with value matching a >> header/regexp combination in mm_cfg.KNOWN_SPAMMERS which is empty by >> default. >> >> 2) The message is from a sender in a domain publishing a DMARC policy of >> reject or possibly quarantine and the list's Privacy options... -> >> Sender filters -> dmarc_moderation_action is Discard. > > Thanks, Marc, a lot for the explanation!!! Very helpful!! Now, for the > messages that got rejected, none of the three reasons apply. However, in > /var/log/mailman/error, I see the message I wrote about " DNSException: > Unable to query DMARC policy for *** (_dmarc.***.org). The DNS operation > timed out." with both the time and sender address matching the rejected > message. So could it be that mailman treats a failed DMARC DNS query as > if the domain in question had set its DMARC policy to "reject" or > "quarantine"?
Yes. That's exactly what it does. If it can't get an answer from DNS, it assumes that mitigation when not required is safer than not mitigating when required. Arguably, this is not correct if the dmarc_moderation_action is Discard or even Reject, but that's what it does. > And in our case, I feel that disabling this kind of checks altogether > would make sense, given that all mail is parsed by rspamd before it is > handed over to mailman. rspamd does an outstanding job, therefore, I > don't think that there is a need for mailman to parse messages for spam. The Handler that does this is SpamDetect, but it isn't doing the DMARC checks for spam reasons. It's just that there were a few checks including DMARC that needed to be checked early in the pipeline and rather than creating a new handler for them, I added them to SpamDetect. In your case, the message is discarded for DMARC policy reasons, presumably because of the DNS timeout. Do you really want this list configured to discard these messages? -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/