Re: [Mailman-Users] binary instead of html

2019-06-17 Thread Mark Sapiro 
On 6/16/19 10:01 PM, Nina Macdonald wrote:
> I have one listserv subscriber, who is signed up for the regular (not
> digest) version.  He has been intermittently getting these odd versions
> of messages.  When he gets this format, he does not get the regular html
> version. Most of the messages come through just fine. I have a number of
> other ones he has sent me if you need to see them. I also have 9 other
> subscribers on me.com, whom I have not gotten complaints from.

See my comments inline below.


>  Forwarded Message 
> Subject: Fwd: yet another
> Date: Sun, 16 Jun 2019 14:50:37 -0700
> From: George Lang 
> To: webmas...@unihills.org
> 
> 
> 
> And no normal from Lisa Crummet
> 
> 
> Begin forwarded message:
> 
>> *From:* uhills-boun...@unihills.org 
>> *Date:* June 16, 2019 at 13:40:06 PDT
>> *To:* uhi...@unihills.org 


The 3 lines above are the user's MUA's description of the message.

The lines below here are some but not all of the message headers and
base64 encoded message body.

This is occurring because something in the delivery chain to the user,
presumably the MTA at the user's ISP as there are no Received: headers
below here, has added this Content analysis details: header and
presumably also inserted a blank line ahead of it. The blank line ends
the headers so the remainin headers and body all look like the message
body to the user's MUA.

Since the

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

headers are below, the base64 encoded message body is not decoded.

This appears to be an issue in whatever adds the Content analysis
details: header with the SpamAssassin report.

The only curious thing is why doesn't this happen with every message, or
perhaps it does, but some message bodies are not base64 encoded and are
thus readable.

This is an issue for the user's ISP. It is not a Mailman issue. The only
part of it that has anything to do with Mailman is Mailman will base64
encode the message body if the message character set is UTF-8, but not
if it is US-ASCII.


>> Content analysis details:   (-2.1 points, 3.0 required)
>>  pts rule name  description
>>  --
>> --
>> -1.9 BAYES_00   BODY: Bayes spam probability is 0 to 1%
>> [score: 0.]
>>  0.0 FREEMAIL_FROM  Sender email is commonly abused enduser mail
>> provider (lisacrummett[at]gmail.com
>> )
>> -0.0 SPF_PASS   SPF: sender matches SPF record
>> -0.1 DKIM_VALID_AU  Message has a valid DKIM or DK signature from
>> author's domain
>> -0.1 DKIM_VALID Message has at least one valid DKIM or DK
>> signature
>> -0.1 DKIM_VALID_EF  Message has a valid DKIM or DK signature from
>> envelope-from domain
>>  0.1 DKIM_SIGNED    Message has a DKIM or DK signature, not
>> necessarily
>> valid
>> X-Spam-Flag: NO
>> Subject: [Uhills] Free toys at 79 Murasaki
>> X-BeenThere: uhi...@unihills.org 
>> X-Mailman-Version: 2.1.27
>> Precedence: list
>> List-Id: UHills Community Announcements and Posts by Residents
>> http://uhills.unihills.org>>
>> List-Unsubscribe:
>> ,
>> 
>> List-Archive: 
>> List-Post: 
>> List-Help: 
>> List-Subscribe:
>> ,
>> 
>> From: Lisa Crummett via Uhills > >
>> Reply-To: Lisa Crummett > >
>> Content-Type: text/plain; charset="utf-8"
>> Content-Transfer-Encoding: base64
>> Errors-To: uhills-boun...@unihills.org
>> 
>> Sender: "Uhills" > >
>> X-OutGoing-Spam-Status: No, score=-0.4
>> X-AntiAbuse: This header was added to track abuse, please include it
>> with any abuse report
>> X-AntiAbuse: Primary Hostname - host3.pixelloom.net
>> 
>> X-AntiAbuse: Original Domain - me.com 
>> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
>> X-AntiAbuse: Sender Address Domain - unihills.org 
>> X-Get-Message-Sender-Via: host3.pixelloom.net
>> : acl_c_authenticated_local_user:
>> mailman/mailman
>> X-Authenticated-Sender: host3.pixelloom.net
>> : mail...@unihills.org
>> 
>> X-MANTSH:
>>

[Mailman-Users] Could Mailman apply "munge from" in less cases?

2019-06-17 Thread Mark Sapiro 
On 6/17/19 2:51 PM, Ian Kelling wrote:
> For example, "munge from" is applied only to messages from domains that
> publish a DMARC policy of 'reject' or 'quarantine'. However, if the
> message mailman is sending has a valid DKIM signature because there is
> no footer or subject prefix and no other edge cases, there is no reason
> to munge, because it will pass the DMARC check. It seems Mailman could
> do that.


It can. If your list makes no transformations that break DMARC, just set
dmarc_moderation_action to Accept.

There is still a potential issue if you do that if the sender's domain
doesn't DKIM sign the message and relies on SPF (which any forwarding
will break) to pass DMARC, but my experience is very few if any domains
that publish a DMARC policy do not DKIM sign their mail.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Could Mailman apply "munge from" in less cases?

2019-06-17 Thread Ian Kelling 
For example, "munge from" is applied only to messages from domains that
publish a DMARC policy of 'reject' or 'quarantine'. However, if the
message mailman is sending has a valid DKIM signature because there is
no footer or subject prefix and no other edge cases, there is no reason
to munge, because it will pass the DMARC check. It seems Mailman could
do that. Or, if not, could it seems the MTA could do this checking and
munging.

--
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] What to do about SPF rejection?

2019-06-17 Thread Jim Popovitch via Mailman-Users 
On Mon, 2019-06-17 at 12:47 -0400, John Levine wrote:
> In article  you write:
> > Dear all,
> > 
> > I today saw three bounces where the receiving mail server had said:
> > 
> > host mail.gfbv.de[185.199.217.16] said: 550 external MTA
> >sending our header From:    (in reply to
> >end of DATA command)
> > 
> > The SPF record for gfbv.de is
> > 
> > gfbv.de.86400   IN  TXT "v=spf1 mx 
> > a:epicmail1.newsaktuell.net ~all"
> > 
> > I am not sure, whether mailman 2 has any workaround for this like for
> > the DMARC issue
> > 
> > Can anyone spot, whether there is something wrong with the SPF record?
> > Whose fault is it?
> 
> Theirs.  That message says they apparently have a policy of rejecting
> any incoming mail with their domain on the From: line.  They can do
> that if they want, but it means that none of their users can
> participate in mailing lists.
> 
> I suppose you could further screw up your list and do DMARC rewrites
> even for domains without DMARC policies, but I'd suggest contacting
> whoever is subscribed there and encourage him or her to subscribe from
> an address that isn't gratuitiously hostile to mailing lists.

I've experienced similar before, some people work for large companies
that outsource email policies to others^widiots.  I wrote the patch
below, which was merged into v2.1.29, specifically to address for such
idiotic policies.

https://code.launchpad.net/~jimpop/mailman/dmarc-moderation-addresses/+merge/359963

-Jim P.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] What to do about SPF rejection?

2019-06-17 Thread John Levine 
In article  you write:
>Dear all,
>
>I today saw three bounces where the receiving mail server had said:
>
>host mail.gfbv.de[185.199.217.16] said: 550 external MTA
>sending our header From:    (in reply to
>end of DATA command)
>
>The SPF record for gfbv.de is
>
>gfbv.de.   86400   IN  TXT "v=spf1 mx 
>a:epicmail1.newsaktuell.net ~all"
>
>I am not sure, whether mailman 2 has any workaround for this like for
>the DMARC issue
>
>Can anyone spot, whether there is something wrong with the SPF record?
>Whose fault is it?

Theirs.  That message says they apparently have a policy of rejecting
any incoming mail with their domain on the From: line.  They can do
that if they want, but it means that none of their users can
participate in mailing lists.

I suppose you could further screw up your list and do DMARC rewrites
even for domains without DMARC policies, but I'd suggest contacting
whoever is subscribed there and encourage him or her to subscribe from
an address that isn't gratuitiously hostile to mailing lists.

Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] What to do about SPF rejection?

2019-06-17 Thread Johannes Rohr 
Dear all,

I today saw three bounces where the receiving mail server had said:

host mail.gfbv.de[185.199.217.16] said: 550 external MTA
sending our header From:    (in reply to
end of DATA command)

The SPF record for gfbv.de is

gfbv.de.86400   IN  TXT "v=spf1 mx 
a:epicmail1.newsaktuell.net ~all"

I am not sure, whether mailman 2 has any workaround for this like for
the DMARC issue

Can anyone spot, whether there is something wrong with the SPF record?
Whose fault is it?

My mailman instance has its own spf record:

lists.ilo169.de.    9531    IN    TXT    "v=spf1 mx a ip4:5.9.62.175 ~all"

I am not familiar with the spf syntax, so I can't tell whether it is our
fault or theirs.

At first glace, it would look to me as if the solution would be similar
to the DMARC workaround, that is to swap the original From: address with
the list address. But again, mailman offers this option only for DMARC
issues.

Does anyone have advice for me?

Thanks so much in advance,

Johannes






--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Web interfece doen't work correctly

2019-06-17 Thread Mark Sapiro 
On June 17, 2019 12:06:57 AM PDT, Peter  wrote:
>
>But the only that not can be done is authorization/reject emails that 
>are not belong to a list member.
>I do received the authorization email, click on the link and I got the 
>correct page.
>Select what to do and click submit all data.
>Then nothing happens :-(


See the article at https://wiki.list.org/x/4030602




-- 
Mark Sapiro 
Sent from my Not_an_iThing with standards compliant, open source software.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Web interfece doen't work correctly

2019-06-17 Thread Peter 

Hi there,


Mailman is working well here.
Received, send and archive emails as ik has to be.
Via web interface (Apache2.4) I can add/remove users

But the only that not can be done is authorization/reject emails that 
are not belong to a list member.
I do received the authorization email, click on the link and I got the 
correct page.

Select what to do and click submit all data.
Then nothing happens :-(

I'am using  version 2.1.23 on a Debian9 system

Peter
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] binary instead of html

2019-06-17 Thread Christian F Buser via Mailman-Users 
Hello Nina Macdonald. On Sun, 16 Jun 2019 22:01:39 -0700, you wrote: 

> I have one listserv subscriber, who is signed up for the regular (not 
> digest) version.  He has been intermittently getting these odd 
> versions of messages.  When he gets this format, he does not get the 
> regular html version. Most of the messages come through just fine. I 
> have a number of other ones he has sent me if you need to see them. I 
> also have 9 other subscribers on me.com, whom I have not gotten 
> complaints from.

I have no idea, when / why such binary message bodies are created. But it 
happens to me as well - not only in mailing lists, but also with "regular" 
messages. I do not think this is an issue of Mailman (or any other list 
software) since they usually just add some headers and forward them "as is". It 
either happens at the originator’s mail program, or in any server involved 
between the sender and the final recipient.

However, my mail clients all can display the message properly. I am using 
GyazMail and Postbox 5 on different machines (all Macs). 

Therefore my first suggestion to that user would be to try a different program 
for Mail. 

Christian 
-- 
Christian F. Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland)  
Hilfe fuer Strassenkinder in Ghana: http://www.chance-for-children.org
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org