[Mailman-Users] Re: SPF trouble

[Mark Sapiro]

On 3/7/21 8:28 AM, Markus Grunwald via Mailman-Users wrote:
> 
> Now, virtual-mailman looks like this (just an extract):
> 
> 
> 
> # STANZA START: ankuendigungen
> # CREATED: Sun Mar  7 16:59:58 2021
> ankuendigun...@maennerchor-kirchseeon.de 
> ankuendigun...@maennerchor-kirchseeon.de
> ankuendigungen-ad...@maennerchor-kirchseeon.de 
> ankuendigungen-ad...@maennerchor-kirchseeon.de
> 


You can't do that. maennerchor-kirchseeon.de is a virtual domain so mail
to say ankuendigun...@maennerchor-kirchseeon.de gets looked up in
hash:/var/lib/mailman/data/virtual-mailman  which says send it to
ankuendigun...@maennerchor-kirchseeon.de which is the same virtual
domain so you have a loop. Whatever you set for
VIRTUAL_MAILMAN_LOCAL_DOMAIN must be a local domain, not a virtual domain.


-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: SPF trouble

[Markus Grunwald via Mailman-Users]

Am Samstag den 06. März 2021 um 20:53:12 schrieb Mark Sapiro:


On 3/5/21 7:46 AM, Markus Grunwald via Mailman-Users wrote:
I have the test mail attached to this mail. There's something 
else strange:


X-Original-To: ankuendigun...@maennerchor-kirchseeon.de
Delivered-To: ankuendigun...@the-grue.de

Where does the "@the-grue.de" come from?



Postfix delivery.

This is the generated file 
/var/lib/mailman/data/virtual-mailman

...

# STANZA START: ankuendigungen
# CREATED: Thu Feb 18 14:28:43 2021
ankuendigun...@maennerchor-kirchseeon.de ankuendigungen



The above virtual mapping says deliver mail to
ankuendigun...@maennerchor-kirchseeon.de to the local address
ankuendigungen and postfix appends the local domain.


I see... I tried to fix that:

- rmlist ankuendigungen
- add VIRTUAL_MAILMAN_LOCAL_DOMAIN = 'maennerchor-kirchseeon.de' 
 to mm_cfg.py

- newlist ankuendigungen
- restore settings with config_list

Now, virtual-mailman looks like this (just an extract):


# STANZA START: ankuendigungen
# CREATED: Sun Mar  7 16:59:58 2021
ankuendigun...@maennerchor-kirchseeon.de 
ankuendigun...@maennerchor-kirchseeon.de
ankuendigungen-ad...@maennerchor-kirchseeon.de 
ankuendigungen-ad...@maennerchor-kirchseeon.de



I subscribed to the list, got the confirmation mail and replied to 
that. But now, the user is not known any more:


: user unknown

I didn't add that user, but I didn't have to add it when 
VIRTUAL_MAILMAN_LOCAL_DOMAIN wasn't set and it worked... What am I 
missing now?


That's my postfix config:

% sudo postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
compatibility_level = 2
default_transport = smtp
dovecot-sa_destination_recipient_limit = 1
dovecot_destination_recipient_limit = 1
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
mailbox_size_limit = 5120
mailbox_transport = dovecot-sa
message_size_limit = 2048
milter_default_action = accept
milter_protocol = 2
mydestination = localhost, $mydomain
mydomain = the-grue.de
myhostname = the-grue.de
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = $mydomain
non_smtpd_milters = unix:/run/opendkim/opendkim.sock
readme_directory = no
recipient_delimiter = +
relay_transport = smtp
relayhost =
sender_dependent_default_transport_maps = 
hash:/etc/postfix/sender_transport
smtp_tls_session_cache_database = 
btree:${data_directory}/smtp_scache

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = check_sender_access 
hash:/etc/postfix/sender_access, permit_mynetworks, 
permit_sasl_authenticated, reject_invalid_hostname, 
reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org

smtpd_milters = unix:/run/opendkim/opendkim.sock
smtpd_recipient_limit = 250
smtpd_recipient_restrictions = check_sender_access 
hash:/etc/postfix/sender_access, permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, 
reject_unknown_address, reject_unknown_sender_domain, 
reject_non_fqdn_sender

smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = 
btree:${data_directory}/smtpd_scache

smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/virtual_alias, 
hash:/var/lib/mailman/data/virtual-mailman

virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_transport = dovecot-sa
virtual_uid_maps = static:5000


Have a nice Sunday evening
--
Markus Grunwald
https://www.the-grue.de/~markus/markus_grunwald.gpg


signature.asc
Description: PGP signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: SPF trouble

[Mark Sapiro]

On 3/5/21 7:46 AM, Markus Grunwald via Mailman-Users wrote:
> Hello,
> 
> I set up an announcement mailing list for my men's choir. It went quite
> smoothly and seems to work fine.
> 
> The server the-grue.de runs a multi domain postfix setup. The main
> domain is the-grue.de, my private domain. I host mails for
> maennerchor-kirchseeon.de, too and that's the domain that mailman should
> use.
> 
> 
> Now I wanted to check if there are any problems regarding spam with
> mx-tools, so I added p...@tools.mxtoolbox.com to the list and sent a
> mail to it using the same E-Mail address that I'm using in this mail.
> You can see the result here:
> 
> https://mxtoolbox.com/deliverability/5215ac61-ae11-46b6-90bf-14d71be76ef5
> 
> Email Deliverability:
> Testing 'the-grue.de' against '95.129.55.232'
> 
> So the domain of my e-mail adress is checked against the ip of the
> mailing list server which fails, of course.


And what it's is testing is not only if SPF passes (which it does), but
also if the domain of the sending server `aligns` with the domain of the
From: address. This is a DMARC check and will fail in this case.


> I have the test mail attached to this mail. There's something else strange:
> 
> X-Original-To: ankuendigun...@maennerchor-kirchseeon.de
> Delivered-To: ankuendigun...@the-grue.de
> 
> Where does the "@the-grue.de" come from?


Postfix delivery.

> This is the generated file /var/lib/mailman/data/virtual-mailman 
...
> # STANZA START: ankuendigungen
> # CREATED: Thu Feb 18 14:28:43 2021
> ankuendigun...@maennerchor-kirchseeon.de ankuendigungen


The above virtual mapping says deliver mail to
ankuendigun...@maennerchor-kirchseeon.de to the local address
ankuendigungen and postfix appends the local domain.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/