Re: [Mailman-Users] Handling Munged From Addresses

[Mark Sapiro]

On 2/27/20 11:54 AM, Dennis Putnam wrote:
> 
> I didn't realize that there were OS dependencies in the DMARC
> mitigation. I thought it was all within the mailman code.


It's not an OS dependency. It's a downstream package dependency. If I
look at , The
newest RHEL/Centos RPM is 2.1.15-26.el7_4.1. Any DMARC mitigations in
this package were backported by RedHat as there were no DMARC
mitigations upstream before 2.1.16.

There does appear to be an EL-8 rpm at
.
You might consider trying that.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Dennis Putnam]

On 2/27/2020 1:38 PM, Mark Sapiro wrote:
> On 2/27/20 10:17 AM, Dennis Putnam wrote:
>> Thanks for the reply. I am not seeing that. The From: looks like this:
>>
>> From: Rushtalk Discussion List via Rushtalk 
>
> That must be a RedHat thing having to do with their backport of DMARC
> mitigations. If you don't like it, install from source.
>
>
>> In "General Options" for that list I set the item "Replace the From:
>> header address with the list's posting address to mitigate issues
>> stemming from the original From: domain's DMARC or similar policies."
>> with "Munge From." Did I set the wrong thing?

>
> That will apply From: munging to all posts. I have no idea what the
> RedHat package does, but if in Privacy options... -> Sender filters you
> have dmarc_moderation_action and dmarc_quarantine_moderation_action set
> General Options -> from_is_list to No and set dmarc_moderation_action to
> Munge From and dmarc_quarantine_moderation_action to Yes and if you have
> it, dmarc_none_moderation_action to No.
>
> This will apply From: munging only to those messages From: a domain that
> publishes DMARC policy = reject or quarantine.
>
>
Hi Mark,

I didn't realize that there were OS dependencies in the DMARC
mitigation. I thought it was all within the mailman code.

In any case I'll look through those options and see what they do in
RHEL. Thanks.



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Mark Sapiro]

On 2/27/20 10:27 AM, Dennis Putnam wrote:
> 
> From: Jane Doe (jane.doe at domain.tld) via Listname
> 

On 2/27/20 10:27 AM, Jim Popovitch via Mailman-Users wrote:
>
> Sorry, I meant this:
> 
> From: Jane Doe (jane.doe#domain.tld) via Listname 

Both of those still have the domain which is also considered problematic

We could consider

From: Jane Doe (jane.doe at domain dot tld) via Listname


for Mailman 3, but that seems unduly kludgy. There won't be any change
in Mailman 2.1 which is only waiting for i18n updates for the final
2.1.30 release which will be the last release from the GNU Mailman project.

The point is that we (apparently not RedHat's backport, but upstream)
already include the sender's display name and we try very hard to ensure
that compliant MUAs produce the same result for 'reply', 'reply-all' and
'reply-list' whether or not the From: is munged. I think that should be
sufficient.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Mark Sapiro]

On 2/27/20 10:17 AM, Dennis Putnam wrote:
> 
> Thanks for the reply. I am not seeing that. The From: looks like this:
> 
> From: Rushtalk Discussion List via Rushtalk 


That must be a RedHat thing having to do with their backport of DMARC
mitigations. If you don't like it, install from source.


> In "General Options" for that list I set the item "Replace the From:
> header address with the list's posting address to mitigate issues
> stemming from the original From: domain's DMARC or similar policies."
> with "Munge From." Did I set the wrong thing?


That will apply From: munging to all posts. I have no idea what the
RedHat package does, but if in Privacy options... -> Sender filters you
have dmarc_moderation_action and dmarc_quarantine_moderation_action set
General Options -> from_is_list to No and set dmarc_moderation_action to
Munge From and dmarc_quarantine_moderation_action to Yes and if you have
it, dmarc_none_moderation_action to No.

This will apply From: munging only to those messages From: a domain that
publishes DMARC policy = reject or quarantine.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Dennis Putnam]

On 2/27/2020 1:23 PM, Mark Sapiro wrote:
> On 2/27/20 10:05 AM, Jim Popovitch via Mailman-Users wrote:
>> I've been wondering if we should change that to something like this:
>>
>>  From: Jane Doe (jane@domain.tld) via Listname
>> 
>
> We specifically do not do that because it is said that multiple email
> addresses in From: trigger spam filters.
>

From: Jane Doe (jane.doe at domain.tld) via Listname





signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Jim Popovitch via Mailman-Users]

On Thu, 2020-02-27 at 10:23 -0800, Mark Sapiro wrote:
> On 2/27/20 10:05 AM, Jim Popovitch via Mailman-Users wrote:
> > I've been wondering if we should change that to something like this:
> > 
> >  From: Jane Doe (jane@domain.tld) via Listname
> > 
> 
> We specifically do not do that because it is said that multiple email
> addresses in From: trigger spam filters.
> 

Sorry, I meant this:

From: Jane Doe (jane.doe#domain.tld) via Listname 
 


-Jim P.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Mark Sapiro]

On 2/27/20 10:05 AM, Jim Popovitch via Mailman-Users wrote:
> 
> I've been wondering if we should change that to something like this:
> 
>  From: Jane Doe (jane@domain.tld) via Listname
> 


We specifically do not do that because it is said that multiple email
addresses in From: trigger spam filters.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Dennis Putnam]

On 2/27/2020 12:58 PM, Mark Sapiro wrote:
> On 2/27/20 7:22 AM, Dennis Putnam wrote:
>> I think this may have been addressed but I can't find it. Now that I am
>> munging the from address to mitigate DMARC, recipients can no longer
>> tell who the message is from. What are other folks doing to handle that?
>> Other than having list members add their own signature? Thanks.
>
> The From: header in the munged message contains the sender's display
> name as in
>
> From: Jane Doe via ListName 
>
> and depending on list settings the original From: is in either Reply-To:
> or Cc:.
>
> If this is not sufficient, perhaps the recipients can use smarter email
> clients ;)
>
> Also, if you are Munging the From: on all messages via the from_is_list
> setting, it is better to use dmarc_moderation_action for this so only
> those From: headers that need it are munged. The only reason to use
> from_is_list is if those users whose domains publish DMARC reject or
> quarantine policy feel they are singled out and treated as second class
> users.
>
>
Hi Mark,

Thanks for the reply. I am not seeing that. The From: looks like this:

From: Rushtalk Discussion List via Rushtalk 

In "General Options" for that list I set the item "Replace the From:
header address with the list's posting address to mitigate issues
stemming from the original From: domain's DMARC or similar policies."
with "Munge From." Did I set the wrong thing?


signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Jim Popovitch via Mailman-Users]

On Thu, 2020-02-27 at 09:58 -0800, Mark Sapiro wrote:
> On 2/27/20 7:22 AM, Dennis Putnam wrote:
> > I think this may have been addressed but I can't find it. Now that I am
> > munging the from address to mitigate DMARC, recipients can no longer
> > tell who the message is from. What are other folks doing to handle that?
> > Other than having list members add their own signature? Thanks.
> 
> The From: header in the munged message contains the sender's display
> name as in
> 
> From: Jane Doe via ListName 


I've been wondering if we should change that to something like this:

 From: Jane Doe (jane@domain.tld) via Listname



This would be better for mobile email clients which can't/don't easily
display reply-to or other headers.

-Jim P.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Handling Munged From Addresses

[Mark Sapiro]

On 2/27/20 7:22 AM, Dennis Putnam wrote:
> I think this may have been addressed but I can't find it. Now that I am
> munging the from address to mitigate DMARC, recipients can no longer
> tell who the message is from. What are other folks doing to handle that?
> Other than having list members add their own signature? Thanks.


The From: header in the munged message contains the sender's display
name as in

From: Jane Doe via ListName 

and depending on list settings the original From: is in either Reply-To:
or Cc:.

If this is not sufficient, perhaps the recipients can use smarter email
clients ;)

Also, if you are Munging the From: on all messages via the from_is_list
setting, it is better to use dmarc_moderation_action for this so only
those From: headers that need it are munged. The only reason to use
from_is_list is if those users whose domains publish DMARC reject or
quarantine policy feel they are singled out and treated as second class
users.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Handling Munged From Addresses

[Dennis Putnam]

I think this may have been addressed but I can't find it. Now that I am
munging the from address to mitigate DMARC, recipients can no longer
tell who the message is from. What are other folks doing to handle that?
Other than having list members add their own signature? Thanks.



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org