[Mailman-Users] Re: DMARC mitigation failing on one list
On 2021-01-25 23:52:53 (+0800), Mark Sapiro wrote: On 1/24/21 10:02 PM, Philip Paeps wrote: Thanks for the tip! This list does have a `pipeline` attribute. [...] It seems to have both SpamDetect and CookHeaders. Our other mailing lists do not have a pipeline attribute defined though. Suspiciously, this pipeline is missing the WrapMessage stage present in the GLOBAL_PIPELINE. I wonder if that could be the problem? Yes, the absence of WrapMessage is the problem. I forgot that WrapMessage also is the piece that actually replaces the original From:. SpamDetect is where we determine that the message needs DMARC mitigation, and CookHeaders is where we figure what the munged From: should look like, but CookHeaders only puts in in the messages metadata and WrapMessage actually does the replacement. Thanks for the extra context. I'm beginning to understand how this works now. If you were to add WrapMessge, the only difference between this and GLOBAL_PIPELINE is this one added DeDuper at the beginning. Since I don't know what that does, I don't know if it's important or not, but if it is, you could restore the list's pipeline with the addition of WrapMessage. The DeDuper is a local addition we have (and it exists in our GLOBAL_PIPELINE). It keeps a cache of recently seen message-ids on the list and discards duplicates. This is in place because our lists can be addressed both as freebsd-curr...@freebsd.org and curr...@freebsd.org. When someone does reply-all to a message with an original To: header of curr...@freebsd.org, two copies of the message arrive at the list. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: DMARC mitigation failing on one list
On 2021-01-25 18:39:15 (+0800), Onyeibo wrote: On Sun, 24 Jan 2021 21:48:38 -0800 Mark Sapiro wrote: On 1/24/21 7:46 PM, Philip Paeps wrote: On 2021-01-24 14:08:28 (+0800), Philip Paeps wrote: We have DMARC "munge from" configured on all mailing lists on lists.freebsd.org. This week, I learned that one of our lists is not actually munging though. ... Another data point: to experiment, I added ^.*@yahoo\.com$ to dmarc_moderation_addresses for this list. It still doesn't munge. Every other list on our system "just works". This one is refusing to cooperate. I suspect this list has a pipeline attribute defined[1] and the list's pipeline does not include SpamDetect or possibly CookHeaders. What does bin/dumpdb lists/LISTNAME/config | grep -A24 pipeline show? [1] See https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/Mailman/Queue/IncomingRunner.py#L127 through line 144. Good Morning, I couldn't help noticing this thread since I am dealing with DMARC issues at the moment. May I use this forum to ask: Which approach is better in any given scenario between "Munge From" and "Wrap Message" (i.e. a little insight on when one is a better choice over the other)? In my experience, "wrap message" has the same downside as digests ... people will reply to the wrapper rather than the wrapped message (as they would reply to the digest rather than to an individual message within) and break the thread for everyone else. Very few mail clients seem to support replying to nested messsages. Munging appears to strike the right balance between frustration and functionality. At the end of the day, DMARC still breaks the mailing list experience. We can only try to mitigate the damage. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: DMARC mitigation failing on one list
On 2021-01-25 14:02:55 (+0800), Philip Paeps wrote: On 2021-01-25 13:48:38 (+0800), Mark Sapiro wrote: On 1/24/21 7:46 PM, Philip Paeps wrote: On 2021-01-24 14:08:28 (+0800), Philip Paeps wrote: We have DMARC "munge from" configured on all mailing lists on lists.freebsd.org. This week, I learned that one of our lists is not actually munging though. ... Another data point: to experiment, I added ^.*@yahoo\.com$ to dmarc_moderation_addresses for this list. It still doesn't munge. Every other list on our system "just works". This one is refusing to cooperate. I suspect this list has a pipeline attribute defined[1] and the list's pipeline does not include SpamDetect or possibly CookHeaders. What does bin/dumpdb lists/LISTNAME/config | grep -A24 pipeline show? Thanks for the tip! This list does have a `pipeline` attribute. [...] It seems to have both SpamDetect and CookHeaders. Our other mailing lists do not have a pipeline attribute defined though. Suspiciously, this pipeline is missing the WrapMessage stage present in the GLOBAL_PIPELINE. I wonder if that could be the problem? I'll try to remove the pipeline attribute and see if that works. Many thanks for the pointer. That did work. Thank you! This had me stumped for a couple of days. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: DMARC mitigation failing on one list
On 2021-01-25 13:48:38 (+0800), Mark Sapiro wrote: On 1/24/21 7:46 PM, Philip Paeps wrote: On 2021-01-24 14:08:28 (+0800), Philip Paeps wrote: We have DMARC "munge from" configured on all mailing lists on lists.freebsd.org. This week, I learned that one of our lists is not actually munging though. ... Another data point: to experiment, I added ^.*@yahoo\.com$ to dmarc_moderation_addresses for this list. It still doesn't munge. Every other list on our system "just works". This one is refusing to cooperate. I suspect this list has a pipeline attribute defined[1] and the list's pipeline does not include SpamDetect or possibly CookHeaders. What does bin/dumpdb lists/LISTNAME/config | grep -A24 pipeline show? Thanks for the tip! This list does have a `pipeline` attribute. ``` 'pipeline': [ 'DeDuper', 'SpamDetect', 'Approve', 'Replybot', 'Moderate', 'Hold', 'MimeDel', 'Scrubber', 'Emergency', 'Tagger', 'CalcRecips', 'AvoidDuplicates', 'Cleanse', 'CleanseDKIM', 'CookHeaders', 'ToDigest', 'ToArchive', 'ToUsenet', 'AfterDelivery', 'Acknowledge', 'ToOutgoing'], ``` It seems to have both SpamDetect and CookHeaders. Our other mailing lists do not have a pipeline attribute defined though. Suspiciously, this pipeline is missing the WrapMessage stage present in the GLOBAL_PIPELINE. I wonder if that could be the problem? I'll try to remove the pipeline attribute and see if that works. Many thanks for the pointer. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: DMARC mitigation failing on one list
On 2021-01-24 14:08:28 (+0800), Philip Paeps wrote: We have DMARC "munge from" configured on all mailing lists on lists.freebsd.org. This week, I learned that one of our lists is not actually munging though. I've done a `config_list -o` and compared the output to a list that does munge correctly and I'm not seeing anything that would explain the problem. When a poster from a DMARC-crippled domain tries to post to this list, I see a line in vette that the DMARC policy has been found. There are no messages in the error log. Any idea what could explain this? And how I could go about fixing it? Another data point: to experiment, I added ^.*@yahoo\.com$ to dmarc_moderation_addresses for this list. It still doesn't munge. Every other list on our system "just works". This one is refusing to cooperate. Unfortunately, this is a live list with several thousand subscribers with various combinations of options and passwords configured so I can't simply blow the list away and create it again. Can anyone think of something I may be overlooking? Many thanks. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] DMARC mitigation failing on one list
We have DMARC "munge from" configured on all mailing lists on lists.freebsd.org. This week, I learned that one of our lists is not actually munging though. I've done a `config_list -o` and compared the output to a list that does munge correctly and I'm not seeing anything that would explain the problem. When a poster from a DMARC-crippled domain tries to post to this list, I see a line in vette that the DMARC policy has been found. There are no messages in the error log. Any idea what could explain this? And how I could go about fixing it? Many thanks. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: mailman v2.x
On 2020-08-26 21:28:30 (+0800), Jim Popovitch via Mailman-Users wrote: So, I have volunteered to spearhead an effort to add one or two more people to the Mailman Coders group[2] in order to vet and approve new features that continue the long tradition of providing value to Mailman 2.x. Who's with me on this? This is another long thread with many interesting points of view. I agree that new installations should probably use Mailman 3.x and trivial installations should migrate from Mailman 2.x to 3.x sooner rather than later. On the other hand, I don't believe that there is currently a burning need for large, complicated Mailman 2.x installations to hurry up and migrate to 3.x already. The FreeBSD Project runs an awful lot of very active mailing lists on Mailman 2.x. It's probably inevitable that we will eventually upgrade to Mailman 3.x. Given how active our mailing lists are and what Big Scary Daemons we have in our mailflow, this will likely be disruptive no matter what. In an effort to keep the disruption to a minimum, we're letting others exercise the upgrade paths before us. Hopefully by the time we find that we are forced to upgrade (for whatever reason), we won't run into too many edge cases of migration others haven't tried before us. Meanwhile, we're very grateful for any efforts to keep Mailman 2.x at least slightly maintained. Count me in for helping out with that. Thank you! Philip [hat: postmas...@freebsd.org] -- Philip Paeps Senior Reality Engineer Alternative Enterprises -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/