[Mailman-Users] Re: Need help diagnosing an intermittent DMARC mung failure
On 4/20/24 18:32, Jim P. via Mailman-Users wrote: On Sat, 2024-04-20 at 20:08 -0500, Grant Taylor via Mailman-Users wrote: Are there any log entries, or debugging, that could be enabled / turned up to help diagnose this? The vette log should have info about the dmarc lookups or lack of dmarc for a domain. In addition, Mailman's `error` log will have entries when there are DNS exceptions in looking up DMARC policy, but all these result in mitigations being applied as though the policy was `reject`. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: Need help diagnosing an intermittent DMARC mung failure
On Sat, 2024-04-20 at 20:08 -0500, Grant Taylor via Mailman-Users wrote: > > Are there any log entries, or debugging, that could be enabled / > turned up to help diagnose this? The vette log should have info about the dmarc lookups or lack of dmarc for a domain. -Jim P. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: Need help diagnosing an intermittent DMARC mung failure
On 4/20/24 08:21, Jim P. via Mailman-Users wrote: Does the sender have an internationalized domain name (IDN)? Nope. My domain is one of them. Yahoo is another. The 3rd, which I don't remember at the moment, is a .net or .com. Are you able to reliably dig the sender's DMARC record over and over in a loop to test the reliability of the sender's DNS, perhaps even testing each of their nameservers independently? I've not tested this specifically. But I've not seen this symptom for my domain on any of the other hundreds of mailing lists that I'm on. Nor have I seen it for Yahoo anywhere else. I see folks all the time that have DNS servers out of sync. I think that's a fair question to ask. I'm fairly certain that's not the problem here. That being said, I can't guarantee that the DNS server(s) on the host in question isn't / aren't having problems. I'll do some testing therefrom. Are there any log entries, or debugging, that could be enabled / turned up to help diagnose this? -- Grant. . . . smime.p7s Description: S/MIME Cryptographic Signature -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
[Mailman-Users] Re: Need help diagnosing an intermittent DMARC mung failure
On Fri, 2024-04-19 at 22:55 -0500, Grant Taylor via Mailman-Users wrote: > Hi, > > I'd like some help diagnosing an intermittent DMARC mung failure on > Mailman 2.1.29. > > Some of the time DMARC munging works perfectly fine, and then seemingly > with no configuration changes, DMARC munging stops working. Then after > restarting Mailman it may start working again. -- We don't have hard > consistent data yet. > > But we do have a sender that some of the time their system their > messages come through with "First Last via List" > and then other times their messages come > through with "First Last" . > > No changes on the senders side / infrastructure and no changes on the > mailing list config / infrastructure. > > Does anyone have any recommendations on how to start troubleshooting this? Does the sender have an internationalized domain name (IDN)? The Utils.py logic that determines the domain to query for DMARC is based on this code which I've always wondered how that would work with IDNs. email = email.lower() # Scan from the right in case quoted local part has an '@'. at_sign = email.rfind('@') if at_sign < 1: return False Are you able to reliably dig the sender's DMARC record over and over in a loop to test the reliability of the sender's DNS, perhaps even testing each of their nameservers independently? I see folks all the time that have DNS servers out of sync. -Jim P. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org