Re: [mailop] mailop + DMARC + mailman = mung_from

[John Levine]

>I turn the old signature into an X-header, which strips it of its
>power as far as machine validation goes, but leaves it available for
>human debugging if desired.

An X-Header and a broken DKIM signature have exactly the same
validation power: none.  It doesn't hurt much (give or take Steve's
note about debugging) but it also accomplishes nothing.

>I really dislike leaving a no-longer-valid DKIM signature in place...

You've made that clear, but that's not much of an argument about why
it would be a good idea.

Personally, I really dislike looking at DMARC policy on mail that
doesn't already score as pretty spammy.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop + DMARC + mailman = mung_from

[Steve Atkins]

> On Feb 22, 2016, at 12:48 PM, Jim Popovitch  wrote:
> 
> On Mon, Feb 22, 2016 at 1:46 PM, John Levine  wrote:
 IMHO, Mailman should strip the existing DKIM header and Mailop.org should 
 sign anew.
>>> 
>>> Yes!  That is the perfect and proper way, despite some rants by less
>>> experienced mailinglist operators.
>> 
>> Hi.  I've been running mailing lists since the late 1970s and having
>> actually read the DKIM specs and written a fair amount of DKIM code, I
>> know that stripping signatures makes no difference unless someone's
>> mail filters are breathtakingly broken.
> 
> But leaving the DKIM signatures provides what actual value with modern
> MLMs (i.e. not .forward files, etc.)  ?

The same value as most of the other trace headers - debugging problems
after the fact. "This mail was apparently DKIM signed when sent by the
original author" (probably) isn't terribly useful to automation, but it is for
human debugging.

Cheers,
  Steve


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop + DMARC + mailman = mung_from

[Al Iverson]

On Mon, Feb 22, 2016 at 2:48 PM, Jim Popovitch  wrote:
> On Mon, Feb 22, 2016 at 1:46 PM, John Levine  wrote:
 IMHO, Mailman should strip the existing DKIM header and Mailop.org should 
 sign anew.
>>>
>>>Yes!  That is the perfect and proper way, despite some rants by less
>>>experienced mailinglist operators.
>>
>> Hi.  I've been running mailing lists since the late 1970s and having
>> actually read the DKIM specs and written a fair amount of DKIM code, I
>> know that stripping signatures makes no difference unless someone's
>> mail filters are breathtakingly broken.
>
> But leaving the DKIM signatures provides what actual value with modern
> MLMs (i.e. not .forward files, etc.)  ?

I'm going to say it's an irrelevant question, because even just the
headers that I excerpted in the thread are enough to suggest that John
and Google might disagree on what constitutes broken.

Regards,
Al

--
Al Iverson
www.aliverson.com
(312)725-0130

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop + DMARC + mailman = mung_from

[Jim Popovitch]

On Mon, Feb 22, 2016 at 1:46 PM, John Levine  wrote:
>>> IMHO, Mailman should strip the existing DKIM header and Mailop.org should 
>>> sign anew.
>>
>>Yes!  That is the perfect and proper way, despite some rants by less
>>experienced mailinglist operators.
>
> Hi.  I've been running mailing lists since the late 1970s and having
> actually read the DKIM specs and written a fair amount of DKIM code, I
> know that stripping signatures makes no difference unless someone's
> mail filters are breathtakingly broken.

But leaving the DKIM signatures provides what actual value with modern
MLMs (i.e. not .forward files, etc.)  ?

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop + DMARC + mailman = mung_from

[John Levine]

>> IMHO, Mailman should strip the existing DKIM header and Mailop.org should 
>> sign anew.
>
>Yes!  That is the perfect and proper way, despite some rants by less
>experienced mailinglist operators.

Hi.  I've been running mailing lists since the late 1970s and having
actually read the DKIM specs and written a fair amount of DKIM code, I
know that stripping signatures makes no difference unless someone's
mail filters are breathtakingly broken.

I realize that such brokenness exists here and there, but we really
should know better than to pander to it.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how does one get off the spamhaus CBL?!

[Miles Fidelman]

Yup.  Not sure how many times, and how many ways to say it - CBL SAYS it 
has a delist tool, but it's simply not there (checked with two different 
browsers, too).  Anyway, they delisted it in response to an email, so 
the situation is resolved.  Thanks all!


On 2/22/16 11:51 AM, Al Iverson wrote:

Are you sure you mean CBL, and not CSS?
CBL has a self-delist tool on www.abuseat.org.
CSS does not work the same way.



--
Al Iverson
www.aliverson.com
(312)725-0130


On Mon, Feb 22, 2016 at 9:24 AM, Miles Fidelman
 wrote:

Nope.  There was no delist link or tool.

On the other hand, we were apparently delisted about half an hour ago.  Just
got an email from someone at Spamhaus.

Miles




On 2/22/16 9:40 AM, Michael Wise wrote:

The CBL is different.
Sounds like you've tried to delist yourself a few times without
understanding the root cause

Aloha,
Michael.
--
Sent from my Windows Phone

From: Miles Fidelman
Sent: ‎2/‎22/‎2016 6:17 AM
Cc: mailop@mailop.org
Subject: Re: [mailop] how does one get off the spamhaus CBL?!

To folks who've provided a link:
- the CBL page provides a lookup tool, and the line "delisting inhibited,
see instructions above to delist" - there are no instructions
- the FAQ says to use the automated delisting tool - but that tool is
nowhere to be found
- they also list an email address to contact, but there's been no response
- their lookup tool indicates that they haven't seen any negative IP from
our IP in 4 days - we have not been infected

for reference, we run a bunch of opt-in lists for some school and church
groups - every once in a while a subscriber account gets compromised or
something gets past our own filters, or somebody repeatedly confused their
"spam button" for their delete key, and we have to go through this rigmarole
with some ISP or blacklist operator.  Usually, there's no problem - this
one, on the other hand.

Hence my query to the list.

Alexander - I'll contact you privately.

Miles

On 2/22/16 8:54 AM, TR Shaw wrote:

See http://www.abuseat.org/. There is a self removal option.

However, CBL normally lists high volume mail spew from botnets so you might
want to check your box.

Tom


On Feb 22, 2016, at 8:43 AM, Miles Fidelman 
wrote:

Hi Folks,

Anyone have a contact at spamhaus, or any advice.  Our mail/list server
seems to have made its way to the spamhaus CBL (interestingly, the FAQ
claims that it never lists mail servers). Their web sites says to use their
automatic delisting tool - but there doesn't actually seem to be one.

Anybody have any suggestions - we're currently having our mail blocked from
all the microsoft owned networks, comcast, a few other places.  Kind of
problematic, in that we support a bunch of opt-in lists for school and
church groups that are screaming about not getting announcements and such to
their members.

Thanks,

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] VERP generating syntactically invalid return-path?

[Jethro R Binks]

On Mon, 22 Feb 2016, Ian Eiloart wrote:

> > On 16 Feb 2016, at 11:24, Rich Kulawiec  wrote:
> > 
> > On Wed, Feb 03, 2016 at 10:52:43AM -0800, Brandon Long wrote:
> >> We rolled out a RFC 5321 compliant parser to smtp in Aug/Sept of last year,
> >> to much gnashing of teeth for a small set of users with some crappy
> >> software.  We rolled it back for MSA (just silently replace with the
> >> auth-user), because apparently virtually all embedded devices (security
> >> cameras, mostly) send garbage at MAIL FROM.
> > 
> > As you know, I'm not a big fan of Gmail, but I fully support your
> > rollout of this and encourage you to enforce it for MSA as well.
> 
> I’d love to see that, but it’s so, so hard. Apple can’t get this right, 
> for example. Apparently, they can’t spell "undisclosed recipients:;" 
> when sending email to groups. They’ve always insisted on saying 
> something like this: "undisclosed recipients:<>;", which isn’t valid.

Quite.  Here's what my config says now, about my use of Exim's 
"header_syntax" verification check:

  ## header syntax error
  ## We begrudgingly make some exceptions to this for some common cases:
  ## + some Microsoft client generates: 
  ## + Apple Mail (2.1084 at least) generates: Undisclosed-recipients: <>;
  ## We are also very forgiving for some hosts.
  ##
  ## Mar2013: very regrettably, I have decided to remove this check.  It
  ## has served us well for many years, but these days the false positives
  ## are just too much work for me to keep dealing with.  It will be
  ## interesting to see how much spam increases as a result of this; my
  ## feeling is it will turn out not to be too significant (spammers are
  ## more wise to the requirement to properly format mail, and less spam
  ## email now comes from 'spam engines', and more from compromised
  ## accounts/systems.
  ## It still feels wrong to be wilfully accepting so-called 'messages'
  ## that are not formatted according to the standards that define for the
  ## format of Internet messages, and hence are not, by definition, 
  ## Internet messages, but in this regard most of the end users do not
  ## agree that this should be the case, so I have now capitualated.
  ## The tone of this note should be enough to make it clear about my
  ## unhappiness with this decision, but resources are what they are, and
  ## I don't have enough of them (or indeed the will) to keep arguing the
  ## point.
  #deny
  # !condition  = ${if eq{$h_to:}{}}
  # !condition  = ${if eq{$h_to:}{Undisclosed-recipients: <>;}}
  #   hosts = !lsearch;HOSTSSYNTAXCHECKEXCEPTIONS
  #  !verify= header_syntax
  #   message   = Syntax error in the headers of your message.\n\
  #   $acl_verify_message\n\
  #   REFUSENOTICE
  # log_message = MSGTAG_HEADERSYNTAX: \
  #   $acl_verify_message


.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how does one get off the spamhaus CBL?!

[Al Iverson]

Are you sure you mean CBL, and not CSS?
CBL has a self-delist tool on www.abuseat.org.
CSS does not work the same way.



--
Al Iverson
www.aliverson.com
(312)725-0130


On Mon, Feb 22, 2016 at 9:24 AM, Miles Fidelman
 wrote:
> Nope.  There was no delist link or tool.
>
> On the other hand, we were apparently delisted about half an hour ago.  Just
> got an email from someone at Spamhaus.
>
> Miles
>
>
>
>
> On 2/22/16 9:40 AM, Michael Wise wrote:
>
> The CBL is different.
> Sounds like you've tried to delist yourself a few times without
> understanding the root cause
>
> Aloha,
> Michael.
> --
> Sent from my Windows Phone
> 
> From: Miles Fidelman
> Sent: ‎2/‎22/‎2016 6:17 AM
> Cc: mailop@mailop.org
> Subject: Re: [mailop] how does one get off the spamhaus CBL?!
>
> To folks who've provided a link:
> - the CBL page provides a lookup tool, and the line "delisting inhibited,
> see instructions above to delist" - there are no instructions
> - the FAQ says to use the automated delisting tool - but that tool is
> nowhere to be found
> - they also list an email address to contact, but there's been no response
> - their lookup tool indicates that they haven't seen any negative IP from
> our IP in 4 days - we have not been infected
>
> for reference, we run a bunch of opt-in lists for some school and church
> groups - every once in a while a subscriber account gets compromised or
> something gets past our own filters, or somebody repeatedly confused their
> "spam button" for their delete key, and we have to go through this rigmarole
> with some ISP or blacklist operator.  Usually, there's no problem - this
> one, on the other hand.
>
> Hence my query to the list.
>
> Alexander - I'll contact you privately.
>
> Miles
>
> On 2/22/16 8:54 AM, TR Shaw wrote:
>
> See http://www.abuseat.org/. There is a self removal option.
>
> However, CBL normally lists high volume mail spew from botnets so you might
> want to check your box.
>
> Tom
>
>
> On Feb 22, 2016, at 8:43 AM, Miles Fidelman 
> wrote:
>
> Hi Folks,
>
> Anyone have a contact at spamhaus, or any advice.  Our mail/list server
> seems to have made its way to the spamhaus CBL (interestingly, the FAQ
> claims that it never lists mail servers). Their web sites says to use their
> automatic delisting tool - but there doesn't actually seem to be one.
>
> Anybody have any suggestions - we're currently having our mail blocked from
> all the microsoft owned networks, comcast, a few other places.  Kind of
> problematic, in that we support a bunch of opt-in lists for school and
> church groups that are screaming about not getting announcements and such to
> their members.
>
> Thanks,
>
> Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how does one get off the spamhaus CBL?!

[Miles Fidelman]

Nope.  There was no delist link or tool.

On the other hand, we were apparently delisted about half an hour ago.  
Just got an email from someone at Spamhaus.


Miles



On 2/22/16 9:40 AM, Michael Wise wrote:

The CBL is different.
Sounds like you've tried to delist yourself a few times without 
understanding the root cause


Aloha,
Michael.
--
Sent from my Windows Phone

From: Miles Fidelman 
Sent: ‎2/‎22/‎2016 6:17 AM
Cc: mailop@mailop.org 
Subject: Re: [mailop] how does one get off the spamhaus CBL?!

To folks who've provided a link:
- the CBL page provides a lookup tool, and the line "delisting 
inhibited, see instructions above to delist" - there are no instructions
- the FAQ says to use the automated delisting tool - but that tool is 
nowhere to be found

- they also list an email address to contact, but there's been no response
- their lookup tool indicates that they haven't seen any negative IP 
from our IP in 4 days - we have not been infected


for reference, we run a bunch of opt-in lists for some school and 
church groups - every once in a while a subscriber account gets 
compromised or something gets past our own filters, or somebody 
repeatedly confused their "spam button" for their delete key, and we 
have to go through this rigmarole with some ISP or blacklist 
operator.  Usually, there's no problem - this one, on the other hand.


Hence my query to the list.

Alexander - I'll contact you privately.

Miles

On 2/22/16 8:54 AM, TR Shaw wrote:
See http://www.abuseat.org/ 
. 
There is a self removal option.


However, CBL normally lists high volume mail spew from botnets so you 
might want to check your box.


Tom


On Feb 22, 2016, at 8:43 AM, Miles Fidelman 
> wrote:


Hi Folks,

Anyone have a contact at spamhaus, or any advice.  Our mail/list 
server seems to have made its way to the spamhaus CBL 
(interestingly, the FAQ claims that it never lists mail servers). 
Their web sites says to use their automatic delisting tool - but 
there doesn't actually seem to be one.


Anybody have any suggestions - we're currently having our mail 
blocked from all the microsoft owned networks, comcast, a few other 
places.  Kind of problematic, in that we support a bunch of opt-in 
lists for school and church groups that are screaming about not 
getting announcements and such to their members.


Thanks,

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org 
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how does one get off the spamhaus CBL?!

[Michael Wise]

The CBL is different.
Sounds like you've tried to delist yourself a few times without understanding 
the root cause

Aloha,
Michael.
--
Sent from my Windows Phone

From: Miles Fidelman
Sent: ‎2/‎22/‎2016 6:17 AM
Cc: mailop@mailop.org
Subject: Re: [mailop] how does one get off the spamhaus CBL?!

To folks who've provided a link:
- the CBL page provides a lookup tool, and the line "delisting inhibited, see 
instructions above to delist" - there are no instructions
- the FAQ says to use the automated delisting tool - but that tool is nowhere 
to be found
- they also list an email address to contact, but there's been no response
- their lookup tool indicates that they haven't seen any negative IP from our 
IP in 4 days - we have not been infected

for reference, we run a bunch of opt-in lists for some school and church groups 
- every once in a while a subscriber account gets compromised or something gets 
past our own filters, or somebody repeatedly confused their "spam button" for 
their delete key, and we have to go through this rigmarole with some ISP or 
blacklist operator.  Usually, there's no problem - this one, on the other 
hand.

Hence my query to the list.

Alexander - I'll contact you privately.

Miles

On 2/22/16 8:54 AM, TR Shaw wrote:
See 
http://www.abuseat.org/.
 There is a self removal option.

However, CBL normally lists high volume mail spew from botnets so you might 
want to check your box.

Tom


On Feb 22, 2016, at 8:43 AM, Miles Fidelman 
> wrote:

Hi Folks,

Anyone have a contact at spamhaus, or any advice.  Our mail/list server seems 
to have made its way to the spamhaus CBL (interestingly, the FAQ claims that it 
never lists mail servers). Their web sites says to use their automatic 
delisting tool - but there doesn't actually seem to be one.

Anybody have any suggestions - we're currently having our mail blocked from all 
the microsoft owned networks, comcast, a few other places.  Kind of 
problematic, in that we support a bunch of opt-in lists for school and church 
groups that are screaming about not getting announcements and such to their 
members.

Thanks,

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how does one get off the spamhaus CBL?!

[Miles Fidelman]

To folks who've provided a link:
- the CBL page provides a lookup tool, and the line "delisting 
inhibited, see instructions above to delist" - there are no instructions
- the FAQ says to use the automated delisting tool - but that tool is 
nowhere to be found

- they also list an email address to contact, but there's been no response
- their lookup tool indicates that they haven't seen any negative IP 
from our IP in 4 days - we have not been infected


for reference, we run a bunch of opt-in lists for some school and church 
groups - every once in a while a subscriber account gets compromised or 
something gets past our own filters, or somebody repeatedly confused 
their "spam button" for their delete key, and we have to go through this 
rigmarole with some ISP or blacklist operator.  Usually, there's no 
problem - this one, on the other hand.


Hence my query to the list.

Alexander - I'll contact you privately.

Miles

On 2/22/16 8:54 AM, TR Shaw wrote:

See http://www.abuseat.org/. There is a self removal option.

However, CBL normally lists high volume mail spew from botnets so you 
might want to check your box.


Tom


On Feb 22, 2016, at 8:43 AM, Miles Fidelman 
> wrote:


Hi Folks,

Anyone have a contact at spamhaus, or any advice.  Our mail/list 
server seems to have made its way to the spamhaus CBL (interestingly, 
the FAQ claims that it never lists mail servers). Their web sites 
says to use their automatic delisting tool - but there doesn't 
actually seem to be one.


Anybody have any suggestions - we're currently having our mail 
blocked from all the microsoft owned networks, comcast, a few other 
places.  Kind of problematic, in that we support a bunch of opt-in 
lists for school and church groups that are screaming about not 
getting announcements and such to their members.


Thanks,

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra


___
mailop mailing list
mailop@mailop.org 
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how does one get off the spamhaus CBL?!

[Alexander Schaefer]

Hi Miles,

usually you'll find a link at the end of the details page or an
explanation how long it takes to be able to delist.

If you contact me off-list (please tell the IP) I'd also provide a
contact if necessary.

Kind regards,
Alexander


Am 22.02.16 um 14:43 schrieb Miles Fidelman:
> Hi Folks,
> 
> Anyone have a contact at spamhaus, or any advice.  Our mail/list server
> seems to have made its way to the spamhaus CBL (interestingly, the FAQ
> claims that it never lists mail servers). Their web sites says to use
> their automatic delisting tool - but there doesn't actually seem to be one.
> 
> Anybody have any suggestions - we're currently having our mail blocked
> from all the microsoft owned networks, comcast, a few other places. 
> Kind of problematic, in that we support a bunch of opt-in lists for
> school and church groups that are screaming about not getting
> announcements and such to their members.
> 
> Thanks,
> 
> Miles Fidelman
> 


Regards,
Alexander Schaefer

-- 
Alexander Schaefer
Group Head of Abuse Management

Host Europe GmbH is a company of HEG

Email: alexander.schae...@heg.com
Office: Hansestrasse 79, 51149 Cologne

---
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer: Dr. Claus Boyens, Tobias Mohr

(*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus
den dt. Mobilfunknetzen

Regards,
Alexander Schaefer

-- 
Alexander Schaefer
Group Head of Abuse Management

Host Europe GmbH is a company of HEG

Email: alexander.schae...@heg.com
Office: Hansestrasse 79, 51149 Cologne

---
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer: Dr. Claus Boyens, Tobias Mohr

(*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus
den dt. Mobilfunknetzen

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop + DMARC + mailman = mung_from

[Ian Eiloart]

> On 22 Feb 2016, at 09:14, Renaud Allard via mailop  wrote:
> 
> Hi,
> 
> I am not sure it does the trick, …
...
> In the headers, I have:
> Return-path: 
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mailplus2015-12; 
> d=mailplus.nl;
> From: David Hofstee 
> 
> So it seems the From: header has not been changed.

That’s because the domain doesn’t publish dmarc records. The header is only 
munged for domains that do publish dmarc records. In this thread, the email 
from Franck Martin has this header:

From: Franck Martin via mailop 

And yours has this From header:

From: Renaud Allard via mailop 

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop + DMARC + mailman = mung_from

[Renaud Allard via mailop]

Hi,

I am not sure it does the trick, at least for me, or maybe you disabled 
it afterwards. Here is an excerpt from my logs.


2016-02-22 10:03:22 [7439] H=chilli.nosignal.org 
[2001:41c8:51:83:feff:ff:fe00:a0b]:50689 I=[2001:bc8:3186:100::a1fa]:25 
Warning: CSA status: unknown
2016-02-22 10:03:22 [7439] 1aXmOo-0001vz-1d DKIM: d=mailplus.nl 
s=mailplus2015-12 c=relaxed/relaxed a=rsa-sha256 [verification failed - 
signature did not verify (headers probably modified in transit)]


In the headers, I have:
Return-path: 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mailplus2015-12; 
d=mailplus.nl;

From: David Hofstee 

So it seems the From: header has not been changed.

Regards

On 02/09/2016 09:41 AM, Simon Lyall wrote:


I was away last week [1] so just caught up on the DMARC discussion.

As an experiment I've changed the mailman settings[2] for DMARC'd emails
to "Munge From"[3] which should change their from address to the list's.

We'll see how that goes.

Simon.
Mailop co-mod

[1] - at Linux.conf.au , great conference, highly recommended

[2] - Last time I looked I'd swear the option wasn't there so possibly
mailman was upgraded by Andy recently

[3] - http://wiki.list.org/DEV/DMARC






smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop