subject:"Re\: \[Mailman\-Users\] AOL rejecting connections from mailman servers for DMARC Munging."

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Ted Hatfield



On Thu, 25 Aug 2016, Steve Wehr wrote:



-Original Message-
From: Mailman-Users
[mailto:mailman-users-bounces+steve=tunedinweb@python.org] On Behalf Of
Ted Hatfield
Sent: Tuesday, August 23, 2016 6:56 PM
To: mailman-users@python.org
Subject: [Mailman-Users] AOL rejecting connections from mailman servers for
DMARC Munging.


Hey all,

Recently my mailman server was flagged by AOL and my messages were rejected
with this error.

SMTP DATA-2 protocol error: 521 5.2.1 :  AOL will not accept delivery of
this message.


When I queried the AOL Postmaster about this issue this was my response.

Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of filters
as
Reply-to address is same as the TO address. This is caused as one of our
filters triggered these emails as spam. I have added protection for your IP.
As
a good mailing practice, please use a different email address for your
reply-to
address.


It seems to me that since dmarc munging adds the senders address to the
reply-to header, if a user receives a copy of their own postings this is the

result.

Can anyone else confirm that this has happened to them and if so what else
can
someone do except to wrap the message from senders that implement dmarc
rejection as in dmarc_moderation_action?


Is there a recommended policy regarding this issue?


Ted Hatfield






I recently have been fighting AOL over this exact same thing. To solve it I
contacted AOL via their postmaster page and opened a ticket. They got back
to me and said they "made some changes to their handling of mail from my IP
address."

I had been using mailman to send to AOL users for over a decade, so I didn't
change anything in mailman. After about 2-3 weeks AOL has now stopped
rejecting mailman emails.

In the interim, I used Mark Sapiro's script to reset the moderation bits on
all AOL users, encased in a little shell script I wrote:

#!/bin/bash

# This script resets the bounce bits for certain users in ALL lists.
#
# Run this script as ROOT
for listname in $(ls /var/lib/mailman/lists/);
do
  echo Resetting bounce bits in list $listname
  # Reset bounce bits for only AOL.COM members.
  /usr/lib/mailman/bin/withlist -r reset_bounce $listname -d aol.com
done;

Hope this is helpful.

_
Steve Wehr
Tunedin Web Design
845-246-9643



Steve,

Glad to see I'm not the only one.  This was also my solution. I just 
wanted to see if there was a better way to handle the issue but I don't 
see any recommended advice that would solve the issue in a technical way.



I'm considering setting dmarc_moderation_action to "Wrap Message" and 
setting from_is_list back to "No"


This will at least only affect the users who use email that enforces
DMARC p=quarantine and p=reject.


Ted Hatfield

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Mark Sapiro

On 08/25/2016 06:01 AM, Steve Wehr wrote:
> 
> In the interim, I used Mark Sapiro's script to reset the moderation bits on
> all AOL users, encased in a little shell script I wrote:
> 
> #!/bin/bash
> 
> # This script resets the bounce bits for certain users in ALL lists.
> #
> # Run this script as ROOT
> for listname in $(ls /var/lib/mailman/lists/);


A more robust way to do this is

for listname in $(/usr/lib/mailman/bin/list_lists -b);

because there may be files or non-list directories in
/var/lib/mailman/lists/

> do
>echo Resetting bounce bits in list $listname
># Reset bounce bits for only AOL.COM members.
>/usr/lib/mailman/bin/withlist -r reset_bounce $listname -d aol.com
> done;
> 
> Hope this is helpful.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Steve Wehr

I recently have been fighting AOL over this exact same thing. To solve it I
contacted AOL via their postmaster page and opened a ticket. They got back
to me and said they "made some changes to their handling of mail from my IP
address."

I had been using mailman to send to AOL users for over a decade, so I didn't
change anything in mailman. After about 2-3 weeks AOL has now stopped
rejecting mailman emails. 

In the interim, I used Mark Sapiro's script to reset the moderation bits on
all AOL users, encased in a little shell script I wrote:

#!/bin/bash

# This script resets the bounce bits for certain users in ALL lists.
#
# Run this script as ROOT
for listname in $(ls /var/lib/mailman/lists/);
do
   echo Resetting bounce bits in list $listname
   # Reset bounce bits for only AOL.COM members.
   /usr/lib/mailman/bin/withlist -r reset_bounce $listname -d aol.com
done;

Hope this is helpful.

_
Steve Wehr
Tunedin Web Design
845-246-9643


-Original Message-
From: Mailman-Users
[mailto:mailman-users-bounces+steve=tunedinweb@python.org] On Behalf Of
Ted Hatfield
Sent: Tuesday, August 23, 2016 6:56 PM
To: mailman-users@python.org
Subject: [Mailman-Users] AOL rejecting connections from mailman servers for
DMARC Munging.


Hey all,

Recently my mailman server was flagged by AOL and my messages were rejected
with this error.

SMTP DATA-2 protocol error: 521 5.2.1 :  AOL will not accept delivery of
this message.


When I queried the AOL Postmaster about this issue this was my response.

Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of filters
as 
Reply-to address is same as the TO address. This is caused as one of our 
filters triggered these emails as spam. I have added protection for your IP.
As 
a good mailing practice, please use a different email address for your
reply-to 
address.


It seems to me that since dmarc munging adds the senders address to the 
reply-to header, if a user receives a copy of their own postings this is the

result.

Can anyone else confirm that this has happened to them and if so what else
can 
someone do except to wrap the message from senders that implement dmarc 
rejection as in dmarc_moderation_action?


Is there a recommended policy regarding this issue?


Ted Hatfield

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/steve%40tunedinweb.com

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Stephen J. Turnbull

Robert Heller writes:

 > Cc: headers. Eg if the address in the From: is also in the To: OR
 > Cc: headers, AOL might reject the E-Mail. (This would be seriously
 > dumb and effectively make AOL an impossible E-Mail destination to
 > deliver any E-Mail to.)

Bcc

But yes, I agree.  The solution is to be a friend, and friends don't
let friends use AOL. ;-)  Yes, I know, you have to pry their AOL from
their cold dead fingers and all that.  The thing is, that with AOL
it's just one thing after another.  While it's definitely possible to
deliver some email to AOL, any given email might be refused for
reasons that you can't predict.  We can't protect our users from their
own service providers. :-(

BTW, the OP already said that his setting for reply-to is Poster, so
something we haven't figured out yet seems to be happening here. :-(

Steve
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-24 Thread Robert Heller

At Wed, 24 Aug 2016 14:24:32 -0500 (CDT) Ted Hatfield  wrote:

> 
> On Wed, 24 Aug 2016, Mark Sapiro wrote:
> 
> > On 08/23/2016 03:55 PM, Ted Hatfield wrote:
> >>
> >> Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of
> >> filters as Reply-to address is same as the TO address. This is caused as
> >> one of our filters triggered these emails as spam. I have added
> >> protection for your IP. As a good mailing practice, please use a
> >> different email address for your reply-to address.
> >
> >
> > Don't munge Reply-To: ;)
> >
> >
> >> It seems to me that since dmarc munging adds the senders address to the
> >> reply-to header, if a user receives a copy of their own postings this is
> >> the result.
> >
> >
> > No. Based on AOL's reply above, this has nothing to do with DMARC. If
> > you set reply_goes_to_list to This list (note that Poster is the
> > /strongly/ recommended setting) both the To: and Reply-To: headers of
> > outgoing messages will contain the list address.
> >
> > However, it seems that this means AOL will not accept mail from any list
> > with reply_goes_to_list = This list, and since this is a common,
> > although not recommended, configuration, if this is the case, it seems
> > there should be much more reports of this issue, and I haven't seen that.
> >
> >
> >> Can anyone else confirm that this has happened to them and if so what
> >> else can someone do except to wrap the message from senders that
> >> implement dmarc rejection as in dmarc_moderation_action?
> >
> >
> > Even if this is a DMARC issue, Wrap message won't change it because the
> > headers in the wrapper will be the same as those in a Munge from message.
> >
> >
> >> Is there a recommended policy regarding this issue?
> >
> >
> > Set reply_goes_to_list to Poster
> >
> > --
> 
> I'm running mailman version 2.1.22.
> 
> reply_goes_to_list is set to poster
> 
> from_is_list is set to "Munge From".
> 
> Documentation describes "Munge From" to be
> 
> "This action replaces the poster's address in the From: header with the 
> list's posting address and adds the poster's address to the addresses in 
> the original Reply-To: header."
> 
> 
> This means that messages with a munged From: header should pass dmarc 
> checks but the senders address will be added to the reply-to header.  Does 
> this not mean that the Reply-To: and the To: address will be the same for 
> some users?

The Reply-To: and To: would be the same if those users send the post to
themselves and CC it to the list. This is *probably* unlikely, but possible I
guess.  *Normally* a user posts *To* the list (To: list address), and CC's to 
themselves (Cc: the poster).  Mailman sets the Reply-To: field to the poster's 
address and replaces the From: header to be from the list:

   To: list
   Reply-To: poster
   Cc: poster
   From: list

> 
> Ted Hatfield
> 
> 
> 
> 
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
hel...@deepsoft.com   -- Webhosting Services
 
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-24 Thread Mark Sapiro

On 08/24/2016 12:24 PM, Ted Hatfield wrote:
> 
> I'm running mailman version 2.1.22.
> 
> reply_goes_to_list is set to poster
> 
> from_is_list is set to "Munge From".
> 
> Documentation describes "Munge From" to be
> 
> "This action replaces the poster's address in the From: header with the
> list's posting address and adds the poster's address to the addresses in
> the original Reply-To: header."
> 
> 
> This means that messages with a munged From: header should pass dmarc
> checks but the senders address will be added to the reply-to header. 
> Does this not mean that the Reply-To: and the To: address will be the
> same for some users?


Well, depending on how the user crafts the post, many things are
possible, but with from_is_list = Munge from[1] and the usual situation,
the post is

From: Joe Sender 
To: A list 

and after munging the delivered post is

From: Joe Sender on behalf of a A list 
Reply-To: Joe Sender 
To: A list 

Reply-To: is the sender's address  and To: is the
list address . These are not the same.

[1] It is recommended to set from_is_list to No and
dmarc_moderation_action to Munge from. The resultant munging will be the
same but will only be applied to messages From: a domain publishing a
DMARC policy of reject (or quarantine if
dmarc_quarantine_moderation_action is Yes).

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-24 Thread Ted Hatfield


On Wed, 24 Aug 2016, Mark Sapiro wrote:


On 08/23/2016 03:55 PM, Ted Hatfield wrote:


Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of
filters as Reply-to address is same as the TO address. This is caused as
one of our filters triggered these emails as spam. I have added
protection for your IP. As a good mailing practice, please use a
different email address for your reply-to address.



Don't munge Reply-To: ;)



It seems to me that since dmarc munging adds the senders address to the
reply-to header, if a user receives a copy of their own postings this is
the result.



No. Based on AOL's reply above, this has nothing to do with DMARC. If
you set reply_goes_to_list to This list (note that Poster is the
/strongly/ recommended setting) both the To: and Reply-To: headers of
outgoing messages will contain the list address.

However, it seems that this means AOL will not accept mail from any list
with reply_goes_to_list = This list, and since this is a common,
although not recommended, configuration, if this is the case, it seems
there should be much more reports of this issue, and I haven't seen that.



Can anyone else confirm that this has happened to them and if so what
else can someone do except to wrap the message from senders that
implement dmarc rejection as in dmarc_moderation_action?



Even if this is a DMARC issue, Wrap message won't change it because the
headers in the wrapper will be the same as those in a Munge from message.



Is there a recommended policy regarding this issue?



Set reply_goes_to_list to Poster

--


I'm running mailman version 2.1.22.

reply_goes_to_list is set to poster

from_is_list is set to "Munge From".

Documentation describes "Munge From" to be

"This action replaces the poster's address in the From: header with the 
list's posting address and adds the poster's address to the addresses in 
the original Reply-To: header."



This means that messages with a munged From: header should pass dmarc 
checks but the senders address will be added to the reply-to header.  Does 
this not mean that the Reply-To: and the To: address will be the same for 
some users?


Ted Hatfield




--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-24 Thread Robert Heller

At Wed, 24 Aug 2016 10:32:06 -0700 Mark Sapiro  wrote:

> 
> On 08/23/2016 03:55 PM, Ted Hatfield wrote:
> > 
> > Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of
> > filters as Reply-to address is same as the TO address. This is caused as
> > one of our filters triggered these emails as spam. I have added
> > protection for your IP. As a good mailing practice, please use a
> > different email address for your reply-to address.
> 
> 
> Don't munge Reply-To: ;)
> 
> 
> > It seems to me that since dmarc munging adds the senders address to the
> > reply-to header, if a user receives a copy of their own postings this is
> > the result.
> 
> 
> No. Based on AOL's reply above, this has nothing to do with DMARC. If
> you set reply_goes_to_list to This list (note that Poster is the
> /strongly/ recommended setting) both the To: and Reply-To: headers of
> outgoing messages will contain the list address.

And if reply_goes_to_list is set to Poster and the poster sent to himself and
CC's to the list, the To: and Reply-To: headers the outgoing message will
contain the poster's address :-(. (This legal, but generally is going to
require interesting finagling by the E-Mail client.) Note that this assumes
that AOL really means the To: header. It *could* mean the union of the To: and
Cc: headers. Eg if the address in the From: is also in the To: OR Cc: headers,
AOL might reject the E-Mail. (This would be seriously dumb and effectively
make AOL an impossible E-Mail destination to deliver any E-Mail to.)

It does relate to DMARC, in that in order for a Mailman list to allow Yahoo, 
et. al. users to post, you have to have Mailman munge the From: field and then 
to allow "reply to sender", Mailman needs to be configured to put the poster's 
address in a Reply-To: header.

> 
> However, it seems that this means AOL will not accept mail from any list
> with reply_goes_to_list = This list, and since this is a common,
> although not recommended, configuration, if this is the case, it seems
> there should be much more reports of this issue, and I haven't seen that.
> 
> 
> > Can anyone else confirm that this has happened to them and if so what
> > else can someone do except to wrap the message from senders that
> > implement dmarc rejection as in dmarc_moderation_action?
> 
> 
> Even if this is a DMARC issue, Wrap message won't change it because the
> headers in the wrapper will be the same as those in a Munge from message.
> 
> 
> > Is there a recommended policy regarding this issue?
> 
> 
> Set reply_goes_to_list to Poster

+1

> 

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
hel...@deepsoft.com   -- Webhosting Services
 
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-24 Thread Mark Sapiro

On 08/23/2016 03:55 PM, Ted Hatfield wrote:
> 
> Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of
> filters as Reply-to address is same as the TO address. This is caused as
> one of our filters triggered these emails as spam. I have added
> protection for your IP. As a good mailing practice, please use a
> different email address for your reply-to address.

Don't munge Reply-To: ;)

> It seems to me that since dmarc munging adds the senders address to the
> reply-to header, if a user receives a copy of their own postings this is
> the result.

No. Based on AOL's reply above, this has nothing to do with DMARC. If
you set reply_goes_to_list to This list (note that Poster is the
/strongly/ recommended setting) both the To: and Reply-To: headers of
outgoing messages will contain the list address.

However, it seems that this means AOL will not accept mail from any list
with reply_goes_to_list = This list, and since this is a common,
although not recommended, configuration, if this is the case, it seems
there should be much more reports of this issue, and I haven't seen that.

> Can anyone else confirm that this has happened to them and if so what
> else can someone do except to wrap the message from senders that
> implement dmarc rejection as in dmarc_moderation_action?

Even if this is a DMARC issue, Wrap message won't change it because the
headers in the wrapper will be the same as those in a Munge from message.

> Is there a recommended policy regarding this issue?

Set reply_goes_to_list to Poster

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

9 matches

Site Navigation

Mail list logo

Footer information