Re: [Mailman-Users] Why do my posts to own mailman list disappear.

[Stephen J. Turnbull]

Paul Arenson/tokyoprogressive writes:

 > Right. I received it.

 > I responded once from the same account.  And once from the
 > Tokyoprogressive account.

To "st...@turnbull.sk.tsukuba.ac.jp"?

I don't see either one yet, but that could be my network.  The
university just upgraded the network and past experience suggests
things are likely to be unreliable here until New Year's.

 > I believe ONLY the one I sent from Tokyoprogressive went through,
 > pointing to a SENDING problem from nangoku-jiyu-jin and maybe also
 > turnlefthosting.org.  Tokyoprogressive would be unaffected because
 > it is a totally different provider.

If you got (temporary) bounces sending to "step...@xemacs.org", that
is probably due to "greylisting" (an antispam measure) at xemacs.org.

 > No, and everything I do though in mailman is in the mailman
 > program.  Almost never touch cpanel.

OK, that's helpful to know in general, although it doesn't change any
immediate diagnosis.

 > On my Mac in my mail client. There is a web interface in cpanel,
 > but I have rarely used it.

Is your mail client configured to use those hosts (that would be very
unusual), or just your local ISP connection?

 > In Cpanel they have something called Softaculous. Previously they
 > used something called Fantastico. I guess they are a collection of
 > auto installers. So you can find Joomla, Mailman, etc. all located
 > there.

I see.  Love people who care more about names than functionality, but
I guess that's the marketing department.  I'll see if your mail comes
through in the next few hours.

Steve
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] need assistance upgrading Mailman

[Stephen J. Turnbull]

Nina Nicholson writes:

 > Our listservs are hosted by MediaTemple which provides Mailman
 > ver. 2.1.9. I understand that if I were to upgrade to the latest
 > version there are new features that would solve this problem.

Yes.  They don't completely solve the problem, but they provide a
level of mitigation that is satisfactory for most lists.

 > I've found the upgrade instructions, but they are beyond my limited
 > Unix skills.  MediaTemple refuses to do the upgrade.
 >
 > I'm desperately looking for some guidance on how to get this taken
 > care of.

I assume you have the necessary access (a shell login account, and
permissions to install software) to the server to do the upgrade.  It
should be a straightforward operation for an experienced Mailman
admin, so hiring a consultant should be an inexpensive and quick way
to improve your service.

For the long run, I would suggest considering a specialist host if you
don't want to take on a permanent Unix admin or put a consultant on
retainer.  Mail services require quite a bit of finicky configuration,
more so than pretty much any other Internet service.  There is active
research on protecting mail service from spam and phishing going on,
and no guarantee that there won't be further adjustments needed in the
future.  There are plenty of inexpensive hosts out there, and you
don't necessarily need to move your other services.

Steve
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Why do my posts to own mailman list disappear.

[Paul Arenson/tokyoprogressive]

Thanks for your message, Steven.



> On 2015/08/24, at 1:44, Stephen J. Turnbull  wrote:
> 
> Paul Arenson/tokyoprogressive writes:
> 
>> Actually I am not sure what PTR is…..but my reseller hosting is
>> just that, I pay for space from EZPZ and then can do as described
>> above.
> 
> Ah, sorry.  PTR is the pointer record from a numeric IP address to a
> human-readable domain name.
> 
>> I see. Not sure exactly what that means….but thanks...
> 
> If you don't know, and don't care, no problem.  If you want the long
> story, just ask. :-)
> 


Thanks

>>> That said there are a few long shots you could try to diagnose it
>>> yourself.  One is a manual transaction with the mailserver and see if
>>> it's being rejected at the SMTP level.
>> 
>> What would I need to do?
> 
> Give me an existing address, which you already did.  :-)  I just sent
> you a test message from st...@turnbull.sk.tsukuba.ac.jp, and it was
> accepted "OK" by nangoku-jiyu-jin-net (which again identified itself
> as dionysus).  So it's not a problem at the incoming SMTP level, mail
> is going in to the host.


Right. I received it. I responded once from the same account. And once from the 
Tokyoprogressive account.  I believe ONLY the one I sent from Tokyoprogressive 
went through, pointing to a SENDING problem from nangoku-jiyu-jin and maybe 
also turnlefthosting.org.  Tokyoprogressive would be unaffected because it is a 
totally different provider.
> 
>> Nothing changed at all in my list.
> 
> No changes to the host configuration (general spam filters, etc) that
> you know of, either, right?
> 
>> It was working with no problems for 2 years.  Recently I have been
>> getting a lot of spam, so when a sufficient number had built up I
>> went in and got rid of it using BAN so-and-so, DISCARD, so and so…
> 
> You mean in the Mailman moderation interface for the list, right?
> Theoretically you could have sent mail, it got spamtrapped but you
> didn't notice the your post never appeared on the list, you banned the
> author and didn't notice it was you, etc, etc.  Doesn't seem likely.
> 
> It would be much more likely if you entered patterns by hand in the
> Privacy -> {Sender,Recipient,Spam} Filter screens.  (I don't know if
> cPanel has those, that's what they are called in unmodified Mailman.)
> But I guess you didn't do that?
> 

No, and everything I do though in mailman is in the mailman program.  Almost 
never touch cpanel.  
>> Yes, both p...@nangoku-jiyu-jin.net
>>  and p...@turnlefthosting.org
>>  work when sent mail from another
>> address.
>> 
>> BUT it is going on 5 minutes that I sent mail FROM each of those
>> addresses to themselves and they did NOT arrive.
> 
> How do you do that?  By setting the From and To addresses in your
> local mail client, and sending via smtp.comcast.net?  Or do you have
> webmail running on nangoku-jiyu-jin.net, or ... ?

On my Mac in my mail client. There is a web interface in cpanel, but I have 
rarely used it.
> 
>> They show up in their respective SENT folders and I get no error
>> message.
> 
> Do you have a copy of an old message sent through your list, with all
> headers intact (I want to look at the Received headers)?  I don't need
> the content, just the headers, but if the content is innocuous, just
> forward the whole message to me.

Yes. When I get home I can send you the July message, which went through.  In 
mailman's archives it shows up with the html unreadable, but in  a mail client 
it works.
> 
>> This sounds like NOT a MAILMAN problem…
> 
> I agree.
> 
>> http://nangoku-jiyu-jin.net/mailman/listinfo/tokyoprogressive_nangoku-jiyu-jin.net
> 
> Everything looks good there.  Not that there's all that much, but it
> looks like the admin addresses etc in the mailto links are right and
> the archive link works, and the admin link works (although as expected
> it's not very helpful since I can't log in).

I could enable that if need be.
> 
>>> Are your lists archived?
> 
> Thanks, I found them.  Unfortunately, they don't have the trace
> headers (Received) in them (and they wouldn't have the outgoing hops
> anyway).  So they weren't much help.
> 
>> You are in Japan by any chance? You know the term “kechi”.  There
>> is an historian on Japanese history with your name, but wait, there
>> is an academic at Tsukuba with the same name.  (I was there for two
>> years starting in 2009 or 10).
> 
> I'm the latter, in the Policy and Planning Sciences department.

Dozo,yoroshiku. I was at the language center and also taught the head of the 
nursing dept privately as my wife is also a nurse.
> 
>> I wonder….EZPZ is pretty big, but i guess that doesn’t necessarily
>> mean anything….Also, this is an installation from the Softaculous
>> package, so I doubt they even support it.
> 
> How do you install something unsupported if you don't have a shell
> account?  I'm curious because maybe you do have a shell account but
> don't know it. :

Re: [Mailman-Users] SPF best practices?

[Stephen J. Turnbull]

Mark Sapiro writes:
 > On 08/23/2015 10:59 AM, Stephen J. Turnbull wrote:
 > > Mark Sapiro writes:
 > > 
 > >  > The scenario is your list member is u...@example.com.
 > >  > u...@example.com is set to forward all mail to example_u...@yahoo.com.
 > > 
 > > Heh.  This user is screwed if you use dmarc_moderation_action too.
 > 
 > 
 > I don't think so. The munged From:

I was thinking about the opposite case, where it *doesn't* get munged.
Temporary brain fart -- that is OK because the *From* domain can't be
p=reject, so no problem with DMARC even though Yahoo! has draconian
policies.  (Of course the user must deal with rejects due to Yahoo!'s
AUP, but that doesn't have anything to do with DMARC.)

This stuff is just hard to think about. :-(


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] need assistance upgrading Mailman

[Mark Sapiro]

On 08/23/2015 04:45 PM, Nina Nicholson wrote:
> I manage 70+ Mailman listservs for the Episcopal Diocese of Newark, and we 
> are having terrible problems with emails not being delivered because they 
> fail DMARC Evaluation, to the point that it's disrupting communications in 
> the diocese.


Please see 


> Our listservs are hosted by MediaTemple which provides Mailman ver. 2.1.9. I 
> understand that if I were to upgrade to the latest version there are new 
> features that would solve this problem. I've found the upgrade instructions 
> (http://wiki.list.org/DOC/4.80%20How%20do%20I%20upgrade%20from%20Mailman%202.1.x%20to%20a%20later%20Mailman%202.1.y%3F)
>  but they are beyond my limited Unix skills. MediaTemple refuses to do the 
> upgrade.


Do you have a VPS with Mailman installed or are you on a shared host? If
the latter, it is unlikely that you have the access necessary to upgrade
Mailman on the host and it is unlikely that MediaTemple would be happy
with your doing it even if you could.

You may wish to see
. I have no
information on most of these, but based on interactions with the
proprietor of EMWD and dotList, I can recommend them. This should not be
construed as a negative review of anyone else on that list. It's just
that I have no basis to evaluate most of them.

You may also find
 of interest.
Particularly the link to the Python jobs board.

Finally, you may wish to try one of the suggestions at
 as an interim stopgap measure.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] need assistance upgrading Mailman

[Nina Nicholson]

I manage 70+ Mailman listservs for the Episcopal Diocese of Newark, and we are 
having terrible problems with emails not being delivered because they fail 
DMARC Evaluation, to the point that it's disrupting communications in the 
diocese.

Our listservs are hosted by MediaTemple which provides Mailman ver. 2.1.9. I 
understand that if I were to upgrade to the latest version there are new 
features that would solve this problem. I've found the upgrade instructions 
(http://wiki.list.org/DOC/4.80%20How%20do%20I%20upgrade%20from%20Mailman%202.1.x%20to%20a%20later%20Mailman%202.1.y%3F)
 but they are beyond my limited Unix skills. MediaTemple refuses to do the 
upgrade.

I'm desperately looking for some guidance on how to get this taken care of. I 
would be willing to pay someone to do this as a freelance project.

Any help is appreciated. Thank you.

Nina Nicholson
Director of Communications & Technology
The Episcopal Diocese of Newark
973-430-9907
http://dioceseofnewark.org
http://facebook.com/dionewark
http://twitter.com/dionewark
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] SPF best practices?

[Mark Sapiro]

On 08/23/2015 10:59 AM, Stephen J. Turnbull wrote:
> Mark Sapiro writes:
> 
>  > The scenario is your list member is u...@example.com.
>  > u...@example.com is set to forward all mail to example_u...@yahoo.com.
> 
> Heh.  This user is screwed if you use dmarc_moderation_action too.


I don't think so. The munged From: will be from the list's domain which
probably doesn't publish a DMARC policy, but even if it does, it
*should* also be DKIM signing the outgoing mail.

The forward shouldn't alter the message in ways that break the list
server's DKIM sig so at the ultimate receiving end the message has a
valid DKIM sig that aligns with the From: domain.


> Bottom line: Friends don't let friends use Yahoo! or AOL.


+1

As an aside, perhaps a more telling example of how SPF is broken is the
following. example.com publishes an SPF with '-all'. u...@example.com
sends a message to postmas...@python.org which is an alias for a few
people's addresses on other hosts. If all those end recipients check SPF
they may reject the message with envelope from u...@example.com because
it comes from a server at mail.python.org which isn't allowed to send
mail with envelope from the example.com domain.

You can never know if any of your intended recipient addresses pass
through such a relay, thus my opinion is if you're concerned about your
mail being delivered, you can't use SPF -all.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] SPF best practices?

[Stephen J. Turnbull]

Mark Sapiro writes:
 > On 08/23/2015 08:13 AM, Stephen J. Turnbull wrote:
 > > 
 > > Executive summary: if you're sure you've got all your hosts covered by
 > > the SPF record, use -all as Jim P says.
 > 
 > There is an issue with -all. SPF does not work with .forwards or other
 > relaying of that nature. If you can be certain that every recipient's
 > final MX is the one your server sends to, then -all is OK, but you
 > can't.

True enough.

Note: If I took that argument seriously, I'd use ?all, not ~all,
though.  According to RFC 4408, you shouldn't reject a message only
because of an SPF softfail, but it's not neutral, either.  Mail will
be lost if you use ~all, just not as much.

 > The scenario is your list member is u...@example.com.
 > u...@example.com is set to forward all mail to example_u...@yahoo.com.

Heh.  This user is screwed if you use dmarc_moderation_action too.

Bottom line: Friends don't let friends use Yahoo! or AOL.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Why do my posts to own mailman list disappear.

[Stephen J. Turnbull]

Paul Arenson/tokyoprogressive writes:

 > Actually I am not sure what PTR is…..but my reseller hosting is
 > just that, I pay for space from EZPZ and then can do as described
 > above.

Ah, sorry.  PTR is the pointer record from a numeric IP address to a
human-readable domain name.

 > I see. Not sure exactly what that means….but thanks...

If you don't know, and don't care, no problem.  If you want the long
story, just ask. :-)

 > > That said there are a few long shots you could try to diagnose it
 > > yourself.  One is a manual transaction with the mailserver and see if
 > > it's being rejected at the SMTP level.
 > 
 > What would I need to do?

Give me an existing address, which you already did.  :-)  I just sent
you a test message from st...@turnbull.sk.tsukuba.ac.jp, and it was
accepted "OK" by nangoku-jiyu-jin-net (which again identified itself
as dionysus).  So it's not a problem at the incoming SMTP level, mail
is going in to the host.

 > Nothing changed at all in my list.

No changes to the host configuration (general spam filters, etc) that
you know of, either, right?

 > It was working with no problems for 2 years.  Recently I have been
 > getting a lot of spam, so when a sufficient number had built up I
 > went in and got rid of it using BAN so-and-so, DISCARD, so and so…

You mean in the Mailman moderation interface for the list, right?
Theoretically you could have sent mail, it got spamtrapped but you
didn't notice the your post never appeared on the list, you banned the
author and didn't notice it was you, etc, etc.  Doesn't seem likely.

It would be much more likely if you entered patterns by hand in the
Privacy -> {Sender,Recipient,Spam} Filter screens.  (I don't know if
cPanel has those, that's what they are called in unmodified Mailman.)
But I guess you didn't do that?

 > Yes, both p...@nangoku-jiyu-jin.net
 >  and p...@turnlefthosting.org
 >  work when sent mail from another
 > address.
 > 
 > BUT it is going on 5 minutes that I sent mail FROM each of those
 > addresses to themselves and they did NOT arrive.

How do you do that?  By setting the From and To addresses in your
local mail client, and sending via smtp.comcast.net?  Or do you have
webmail running on nangoku-jiyu-jin.net, or ... ?

 > They show up in their respective SENT folders and I get no error
 > message.

Do you have a copy of an old message sent through your list, with all
headers intact (I want to look at the Received headers)?  I don't need
the content, just the headers, but if the content is innocuous, just
forward the whole message to me.

 > This sounds like NOT a MAILMAN problem…

I agree.

 > http://nangoku-jiyu-jin.net/mailman/listinfo/tokyoprogressive_nangoku-jiyu-jin.net

Everything looks good there.  Not that there's all that much, but it
looks like the admin addresses etc in the mailto links are right and
the archive link works, and the admin link works (although as expected
it's not very helpful since I can't log in).

 > > Are your lists archived?

Thanks, I found them.  Unfortunately, they don't have the trace
headers (Received) in them (and they wouldn't have the outgoing hops
anyway).  So they weren't much help.

 > You are in Japan by any chance? You know the term “kechi”.  There
 > is an historian on Japanese history with your name, but wait, there
 > is an academic at Tsukuba with the same name.  (I was there for two
 > years starting in 2009 or 10).

I'm the latter, in the Policy and Planning Sciences department.

 > I wonder….EZPZ is pretty big, but i guess that doesn’t necessarily
 > mean anything….Also, this is an installation from the Softaculous
 > package, so I doubt they even support it.

How do you install something unsupported if you don't have a shell
account?  I'm curious because maybe you do have a shell account but
don't know it. :-)

Steve
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] SPF best practices?

[Mark Sapiro]

On 08/23/2015 08:13 AM, Stephen J. Turnbull wrote:
> 
> Executive summary: if you're sure you've got all your hosts covered by
> the SPF record, use -all as Jim P says.


There is an issue with -all. SPF does not work with .forwards or other
relaying of that nature. If you can be certain that every recipient's
final MX is the one your server sends to, then -all is OK, but you can't.

The scenario is your list member is u...@example.com. u...@example.com
is set to forward all mail to example_u...@yahoo.com. Yahoo receives the
list post with envelope from listname-boun...@your.list.server (or
listname-bounces+user=example@your.list.server if VERPed) for
example_u...@yahoo.com from the server at example.com. The SPF for
your.list.server doesn't allow example.com as a relay, so SPF fails at
yahoo.com.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] SPF best practices?

[Stephen J. Turnbull]

Dennis Carr writes:

 > The a:smtp.comcast.net is necessary so I can send email remotely
 > through my ISP and clear out successfully. 

That does mean that anybody who can send through smtp.comcast.net can
send as a mailbox from your domain and pass DMARC, most likely.  I
don't see a way to profitably exploit that offhand, though (unless
you're a bank).

 > I'm a bit bothered by the '~all', however.  I really don't want to do
 > '-all' as I'm concerned that anybody who posts to the list would cause
 > anybody on Yahoo or the MSFT owned domains (hotmail, live, etc.) to
 > bounce again.

Executive summary: if you're sure you've got all your hosts covered by
the SPF record, use -all as Jim P says.

Explanation: If you've got the SPF right, you *do* know all of the
relevant hosts, and you've got them covered.  Anybody else is spoofing
your host at the transport level (*not* the From header), so deny
them.

OTOH, your SPF has nothing to do with authentication of list posts
from other domains.  If your MTA and Mailman are configured correctly,
both HELO and MAIL FROM defined by RFC 5321 will contain one of your
domains (bast.chez-vrolet.net or chez-vrolet.net), and the last hop
will be verified as coming from your domain using your SPF.  This is
regardless of the identity in From.

If the recipient participates in DMARC, and the message is From you,
it will also pass DMARC.  (Effectively; the details are nitpicky.)

If the recipient participates in the DMARC protocol, and you resend a
post from a third party, the recipient will *also* check the SPF for
the domain in the RFC 5322 From field, and it will fail.  There is no
change you can make to your SPF record that can change this; it's the
remote domain's SPF record that matters.

This is why DMARC specifies that a valid DKIM signature by the domain
in From is also a pass.  SPF is absolutely useless except for "direct
to recipient" messages (strictly speaking, sender's MX to recipient's
MX, it might bounce around a bit inside each domain).  Of course such
direct mail is a large fraction of mail on the Internet nowadays, so
it's a very useful exception in general.

Unfortunately, public discussion mailing lists can't take advantage of
that exception.

HTH,

Steve
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] SPF best practices?

[Jim Popovitch]

On Sun, Aug 23, 2015 at 2:42 AM, Dennis Carr
 wrote:
> After a rash of bounces that brought to my attention that my SPF
> record was not properly published, I rewrote my SPF record a bit.  What
> I'm looking for is some insight on best practices and a second set of
> eyes, as my list hosts for addresses all over the internet.
>
> The record is such:
>
> v=spf1 ip4:206.225.172.6 a:bast.chez-vrolet.net a:chez-vrolet.net
> a:smtp.comcast.net ~all
>
> This is published as a TXT record as per specification.
>
> The a:smtp.comcast.net is necessary so I can send email remotely
> through my ISP and clear out successfully.


Try this:

   "v=spf1 mx a:comcast.net -all"

Or this:

"v=spf1 ip4:206.225.172.6 a:comcast.net -all"

The first one is flexible over time, the 2nd one is more strict.

> I'm a bit bothered by the '~all', however.  I really don't want to do
> '-all' as I'm concerned that anybody who posts to the list would cause
> anybody on Yahoo or the MSFT owned domains (hotmail, live, etc.) to
> bounce again.

You do want -all, as Mailman sends from $list-boun...@domain.tld, not
u...@gmail.com

-Jim P.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] SPF best practices?

[Dennis Carr]

After a rash of bounces that brought to my attention that my SPF
record was not properly published, I rewrote my SPF record a bit.  What
I'm looking for is some insight on best practices and a second set of
eyes, as my list hosts for addresses all over the internet. 

The record is such:

v=spf1 ip4:206.225.172.6 a:bast.chez-vrolet.net a:chez-vrolet.net
a:smtp.comcast.net ~all

This is published as a TXT record as per specification.

The a:smtp.comcast.net is necessary so I can send email remotely
through my ISP and clear out successfully. 

I'm a bit bothered by the '~all', however.  I really don't want to do
'-all' as I'm concerned that anybody who posts to the list would cause
anybody on Yahoo or the MSFT owned domains (hotmail, live, etc.) to
bounce again.  

Anybody have any suggestions on how to make this happen *correctly*, or
if there are any revisions I should make to my record?

-Dennis Carr
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org