- Original Message -
> From: "Stephen J. Turnbull"
> To: "Franck Martin"
> Cc: "Barry Warsaw" , "mailman-developers"
>
> Sent: Monday, August 22, 2016 9:06:31 PM
> Subject: Re: [Mailman-Developers] Remediation for fake member
- Original Message -
> From: "Barry Warsaw"
> To: "mailman-developers"
> Sent: Monday, August 22, 2016 2:43:06 PM
> Subject: Re: [Mailman-Developers] Remediation for fake member creation
> On Aug 22, 2016, at 01:03 PM, Franck Martin wrote:
>
&
I'm not sure if you have seen the following blog posts:
https://wordtothewise.com/2016/08/subscription-bombing-esps-spamhaus/
https://wordtothewise.com/2016/08/spamhaus-comments-on-subscription-attack/
https://wordtothewise.com/2016/08/ongoing-subscription-attack/
While mailman does double op
You can also apply this patch:
http://bazaar.launchpad.net/~mlm-author/mailman/2.1-author/revision/1341?remember=1338&compare_revid=1338
Rather than injecting an invalid domain in the From: and weakening more the
security of email...
___
Mailman-Deve
You are really mixing everything...
Toute connaissance est une réponse à une question.
> On May 16, 2014, at 20:09, "John Levine" wrote:
>
> In article <1856298671.144791.1400292991012.javamail.zim...@peachymango.org>
> you write:
>> The trouble with .invalid is that it is a domain that do not
Upgrade to 2.1.18
Toute connaissance est une réponse à une question.
> On May 16, 2014, at 20:43, "Bob Puff" wrote:
>
> So guys... Is there a simple little hack we can do within MM 2.1 to try to
> mitigate this issue, by adding .invalid or some other extension? I've got a
> few lists that are
The trouble with .invalid is that it is a domain that do not accept emails.
Therefore why should you accept emails from a domain that does not allow you to
reply to it?
It is bound in the future to create issues when people move to more
serious/ubiquitous domain reputation schemes.
- Original Message -
> From: "Jim Popovitch"
> To: "Franck Martin"
> Cc: Mailman-Developers@python.org
> Sent: Thursday, November 7, 2013 4:59:38 PM
> Subject: Re: [Mailman-Developers] Mailman DMARC Support (it's not what you
> think!)
- Original Message -
> From: "Jim Popovitch"
> To: Mailman-Developers@python.org
> Sent: Thursday, November 7, 2013 11:49:30 AM
> Subject: Re: [Mailman-Developers] Mailman DMARC Support (it's not what you
> think!)
>
> On Thu, Nov 7, 2013 at 1:27
Yes this is one of the other options to do. The last one is to do Original
Authentication Header, but transitive trust on email is complicated.
To be noted, the procedure, in this patch, to find the policy record in the
DNS, is not in line with the best current practice specified in the DMARC sp
- Original Message -
> From: "Andreas Schulze"
> To: mailman-developers@python.org
> Sent: Wednesday, November 6, 2013 11:28:42 PM
> Subject: Re: [Mailman-Developers] Mailman DMARC Support (it's not what you
> think!)
>
>
> Zitat von Jim Popovitch :
>
> > ... that mailing lists, li
On Sep 17, 2013, at 10:36 PM, Mark Sapiro wrote:
> On 09/17/2013 10:04 PM, Franck Martin wrote:
>>
>> 1) If you keep the From: header as it is then, we will still have the same
>> problems
>
>
> Perhaps I wasn't clear. The From: of the outer message wo
On Sep 17, 2013, at 6:21 PM, Mark Sapiro wrote:
> On 09/17/2013 05:28 PM, Barry Warsaw wrote:
>> On Sep 15, 2013, at 08:24 AM, Mark Sapiro wrote:
>>
>>> Because the issue remains controversial, I will soon release 2.1.16
>>> final with the feature disabled by default, and will consider the
>>>
in a mime rfc822. This
seems an interesting and good alternative. I'd like to see it in practice so we
can compare data.
On Sep 14, 2013, at 1:27 AM, Stephen J. Turnbull wrote:
> Franck Martin writes:
>
>> One may argue that since the list is modifying the message, it is
>
On Sep 14, 2013, at 5:16 PM, Stephen J. Turnbull wrote:
> Franck Martin writes:
>
>> Unfortunately z= and especially l= are not used practically by
>> senders because they create a risk. One could add an attachment
>> containing malware to the message for instance.
On Sep 13, 2013, at 7:48 PM, Mark Sapiro wrote:
> On 09/13/2013 12:18 PM, Franck Martin wrote:
>>
>> Mailman breaks DKIM as soon as you add a footer or tag in the subject line,
>> which a lot of lists do (including this one).
>
>
> Not necessarily. It depends
admin consent and action.
On Sep 13, 2013, at 12:13 PM, Stephen J. Turnbull wrote:
> Franck Martin writes:
>
>> In the upcoming mailman 2.1.16 there has been the introduction of
>> the optional feature author_is_list
>>
>> "Replace the sender
>
> Bef
- Original Message -
> From: "Mark Sapiro"
> To: mailman-developers@python.org
> Sent: Friday, September 13, 2013 11:31:44 AM
> Subject: Re: [Mailman-Developers] Author_is_list option in upcoming mailman
> 2.1.16
>
> On 09/13/2013 08:06 AM, Barry Warsaw wrote:
> >
> > I will leave it t
On Sep 12, 2013, at 11:30 PM, SM wrote:
> Hi Franck,
> At 22:44 12-09-2013, Franck Martin wrote:
>> In the upcoming mailman 2.1.16 there has been the introduction of the
>> optional feature author_is_list
>>
>> "Replace the sender with the list address
In the upcoming mailman 2.1.16 there has been the introduction of the optional
feature author_is_list
"Replace the sender with the list address to conform with policies like ADSP
and DMARC. It replaces the poster's address in the From: header with the list
address and adds the poster to the Rep
We are not asking mailman to do the work of DMARC here. There is openDMARC for
that.
On Jul 10, 2013, at 11:23 AM, Stephen J. Turnbull wrote:
> Barry Warsaw writes:
>
>> For #1 you would have a rule that can answer the question of DMARC
>> disposition. Rules output binary results,
>
> This i
On Jul 9, 2013, at 8:19 PM, Barry Warsaw wrote:
> On Jul 06, 2013, at 11:02 PM, Murray S. Kucherawy wrote:
>
>>
>> (a) the second bullet above is a significant departure from current use (as
>> I understand it), and fails the test of least surprise if we were going to
>> suddenly see that MM3
On Jul 9, 2013, at 8:15 PM, Barry Warsaw wrote:
> On Jul 02, 2013, at 12:44 AM, Patrick Ben Koetter wrote:
>
>> Before we take out to write code, I would like to ask mailman-developers how
>> it should be done to fit best into Mailman's architecture. Here are the DMARC
>> features that should g
- Original Message -
> From: "Mark Sapiro"
> To: "Franck Martin"
> Sent: Monday, July 8, 2013 10:37:01 AM
> Subject: Re: [Mailman-Developers] Adding DMARC support for Mailman 3
>
> On 07/08/2013 08:34 AM, Franck Martin wrote:
> >
> &g
- Original Message -
> From: "Murray S. Kucherawy"
> To: "Franck Martin"
> Cc: "Stephen J. Turnbull" , "Mailman Developers"
>
> Sent: Monday, July 8, 2013 6:57:03 AM
> Subject: Re: [Mailman-Developers] Adding DMARC support for M
- Original Message -
> From: "Stephen J. Turnbull"
> To: "Franck Martin"
> Cc: "Mailman Developers"
> Sent: Monday, July 8, 2013 2:01:43 AM
> Subject: Re: [Mailman-Developers] Adding DMARC support for Mailman 3
>
> Franck Marti
Yes, these are options and they should be off. It is important when you
introduce options, you do not change past behavior automatically.
1) may not be necessary, if mailman recognizes the bounce message as in section
http://tools.ietf.org/html/draft-kucherawy-dmarc-base-00#section-15.8
eg "550
much excitement in email for a long time.
Franck Martin
https://www.linkedin.com/in/franckmartin
- Original Message -
From: "Patrick Ben Koetter"
To: "Mailman Developers"
Sent: Monday, July 1, 2013 3:44:15 PM
Subject: [Mailman-Developers] Adding DMARC support for Mai
Unfortunately, I did not have time to look at porting the optional authorship
settings from the branch I did on mailman 2.1 to 3.0. I suppose this is too
late to make the 3.0 deadline, but from what I saw of the 3.0 code, this does
not seem a complicated change.
How can I register a bug, so tha
f you start implementing DMARC
> relevant features into MM3 code. If you get Murray Kucherawy, I don't know if
> he's still on the list, to contribute/share ideas on DMARC you will very
> likely get a bulletproof implementation - he's one of the driving forces
> behind DM
base in a view to
submit a similar patch.
Thanks.
- Original Message -
From: "Franck Martin"
To: "mailman-developers"
Sent: Tuesday, July 10, 2012 9:45:28 PM
Subject: [Mailman-Developers] mailing list to work with ADSP and DMARC
I did a branch on the 2.1 series to tes
I did a branch on the 2.1 series to test rewriting the From: header to be able
to make emails to comply with DMARC and ADSP
You can find the branch here:
https://code.launchpad.net/~mlm-author/mailman/2.1-author
and the diff with mailman main branch here:
http://bazaar.launchpad.net/~mlm-au
32 matches
Mail list logo
