Re: [Mailman-Users] DMARC issues
On 11/04/14 03:19, Mark Sapiro wrote: I'm not sure why you can't upgrade if you can patch the code, but in any case, I can't point you at a single patch to do it my way because there are several. You could do it by applying all of the following patches in order. Thank you very much, Mark! -- Pozdrav / Regards, Siniša Burina -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
(my apologies to anyone who reads NANOG, this is mostly a repeat of what I said there) On Thu, Apr 10, 2014 at 11:36:16AM -0400, Barry Warsaw wrote: It *is* a shame that these anti-spam defenses knowingly break mailing lists. It's a shame that this is being pushed as an anti-spam defense when in fact (a) it has little-to-no anti-spam value and (b) measures that have much higher anti-spam value with few adverse effects are not being used. Nearly all (at least 99% and likely quite a bit more) of the spam [as observed by my numerous spamtraps] that purports to originate from Yahoo really *does* originate from Yahoo. All that I have to do to verify that is to look at the originating host -- that is, it's not necessary to check DMARC or anything else. There are several reasons for this. First, Yahoo has done an absolutely miserable job of outbound abuse control. For over a decade. Second, they've done a correspondingly miserable job of handling abuse reports, so even when one of their victims is kind and generous enough to do their work for them and tell them that they have a problem...they don't pay attention and they don't take any action. (Or they fire back a clueless boilerplate denial that it was their user on their host on their network...even though it was all three.) Also for over a decade. Third, why would any spammer forge a @yahoo.com address when it's easy enough to buy hijacked accounts by the bucketful -- or to use any of the usual exploits to go get some? Fourth, at least some spammers seem to have caught on that Yahoo isn't *worth* forging: it's a toxic cesspool because the people running it have allowed it to be become one. So let's not pretend that this has anything to do with stopping spam. If Yahoo actually wanted to do something about spam, they could have done that years and years ago simply by *paying attention* to what was going on inside their own operation. This is just (a) propaganda, so that they claim to be doing something and (b) a clumsy attempt to coerce people into using *their* mailing lists, which are just as horribly run as the rest of their mail system. ---rsk -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Mail Lists open space at Pycon
On 04/10/2014 05:30 PM, Mark Sapiro wrote: I have tentatively scheduled an open space for Friday, 11 April at 18:00 in room 523B at Pycon to talk about DMARC and mail lists. All available interested parties are invited. If the time doesn't work, we can reschedule. I will need to reschedule this. Check the open space board. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Mail Lists open space at Pycon
On April 11, 2014 7:21:49 AM EDT, Mark Sapiro m...@msapiro.net wrote: On 04/10/2014 05:30 PM, Mark Sapiro wrote: I have tentatively scheduled an open space for Friday, 11 April at 18:00 in room 523B at Pycon to talk about DMARC and mail lists. All available interested parties are invited. If the time doesn't work, we can reschedule. I will need to reschedule this. Check the open space board. Tentatively rescheduled to 17:00 EDT (21:00 GMT) on Friday, 11 Apr in room 525. I will attempt to post realtime summaries on #mailman. -- Mark Sapiro m...@msapiro.net Sent from my Android phone with K-9 Mail. [Unpaid endorsement] -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Mail Lists open space at Pycon
On 04/11/2014 05:25 AM, Mark Sapiro wrote: Tentatively rescheduled to 17:00 EDT (21:00 GMT) on Friday, 11 Apr in room 525. I will attempt to post realtime summaries on #mailman. Due to various scheduling issues, this will be rescheduled for Saturday evening (Montreal time). Details to follow. Please email me if you're thinking of attending. So far I know it's me, Florian Fuchs, and Barry Warsaw, but we need DMARC folks too. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] handler to auto detach attachment and link it to a website?
Hi, Le 28/03/2014 16:58, Mark Sapiro a écrit : As it says in that post, scrub_nondigest is an all or nothing feature. I may code the behavior I've described for my need : Detaching attachment, storing, linking back into the original mail. 4.67. How do I implement a custom handler in Mailman http://wiki.list.org/pages/viewpage.action?pageId=4030615 Following instruction here, I've started to develop my custom handler, as Scrubber is scrubbing too strong for my purpose. Development question, is there a way to test the handler against a mail content, outside of the full mailman context? Something like: $ python -some-useful-switch-here MyHandler.py mymail_withheader.txt Is it more appropriate to post such question to mailman-developers list? I've found: http://pythonhosted.org/mailman/src/mailman/docs/DEVELOP.html Regards, Sylvain. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] handler to auto detach attachment and link it to a website?
On 04/11/2014 08:54 AM, Sylvain Viart wrote: 4.67. How do I implement a custom handler in Mailman http://wiki.list.org/pages/viewpage.action?pageId=4030615 Following instruction here, I've started to develop my custom handler, as Scrubber is scrubbing too strong for my purpose. Development question, is there a way to test the handler against a mail content, outside of the full mailman context? Something like: $ python -some-useful-switch-here MyHandler.py mymail_withheader.txt withlist is the tool for this. When I get a chance, I will update the above FAQ with a skeleton framework, but in short you need a withlist script that imports your handler, reads your message and builds a Mailman.Message.Message object and calls your handler's process function. Is it more appropriate to post such question to mailman-developers list? Either is OK. I've found: http://pythonhosted.org/mailman/src/mailman/docs/DEVELOP.html That's for Mailman 3 and isn't relevant to Mailman 2.1.x. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] handler to auto detach attachment and link it to a website?
Sylvain Viart writes: Development question, is there a way to test the handler against a mail content, outside of the full mailman context? I forget the exact incantation, but I have a test list, and just test for the test list at the top of the Handler, and return success immediately. Something like: $ python -some-useful-switch-here MyHandler.py mymail_withheader.txt It's not going to be that easy because the handlers receive both the message itself and a message information object, and creation of the object is non-trivial. For hints I'd look at the testing code. Is it more appropriate to post such question to mailman-developers list? Not as far as I'm concerned, create a custom Handler is commonly offered as a solution here, so we should be willing to support it here. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
I hadn't heard of this till now. Could somebody please confirm if my understanding of the issue is correct? This is what I'm thinking will happen, please correct where I'm wrong: - A list member sends an email to the list from a yahoo address - The list sends that email out to all the list members - The recipients' mail servers will (might?) check with yahoo what to do with the email, and will be advised to reject it - The list will receive a bounce for every email address whose mail server follows that advice - Those recipients whose mail server follows the advice will not receive the message - The list will increment the bounce score for all those affected receipients, but only once per day - The increment will be 1 because this is a hard bounce - If the score reaches the bounce_score_threshold before the bounce_info_stale_after number of days has passed since the most recent bounce, then the member's subscription is disabled. If that's correct then my understanding is that: - If a list has at least one active yahoo member then pretty soon everyone's subscription will be disabled (not unsubscribed?). - If a list receives vey few messages from yahoo addresses then the only effect will be that their messages don't get through, and that they might still get through to some people. I'm a moderator for a cpanel list, but don't have access to any of the settings. Can someone tell me what the default settings are for bounce_score_threshold and bounce_info_stale_after? I'm assuming ours might still be whatever the defaults are. Am I right in thinking that if we make these values high enough, we'll see no accounts disabled, and the only side effects will be more bounces and yahoo mail won't get through? Would this be an acceptable solution for a list with only 1000 members and low traffic, assuming we warn the yahoo members to use a different address? Peter Shute Siniša Burina wrote: I believe there's no need to elaborate on the problems recently introduced by Yahoo, changing their DMARC DNS record and rendering many mailman lists unusable for Yahoo mail users. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
On 04/11/2014 06:28 PM, Peter Shute wrote: I hadn't heard of this till now. Could somebody please confirm if my understanding of the issue is correct? This is what I'm thinking will happen, please correct where I'm wrong: - A list member sends an email to the list from a yahoo address - The list sends that email out to all the list members - The recipients' mail servers will (might?) check with yahoo what to do with the email, and will be advised to reject it - The list will receive a bounce for every email address whose mail server follows that advice - Those recipients whose mail server follows the advice will not receive the message - The list will increment the bounce score for all those affected receipients, but only once per day - The increment will be 1 because this is a hard bounce - If the score reaches the bounce_score_threshold before the bounce_info_stale_after number of days has passed since the most recent bounce, then the member's subscription is disabled. Correct. If that's correct then my understanding is that: - If a list has at least one active yahoo member then pretty soon everyone's subscription will be disabled (not unsubscribed?). Everyone whose ISP honors Yahoo's DMARC reject policy. And they will eventually be unsubscribed after (bounce_you_are_disabled_warnings) * (bounce_you_are_disabled_warnings_interval) days. - If a list receives vey few messages from yahoo addresses then the only effect will be that their messages don't get through, and that they might still get through to some people. Maybe. Yahoo requests and receives reports of rejected mail. This is only speculation, but if Yahoo sees that your server is sending what it considers to be bogus mail purporting to be From: its domain, it could decide to reject all mail from your server. I'm a moderator for a cpanel list, but don't have access to any of the settings. Can someone tell me what the default settings are for bounce_score_threshold and bounce_info_stale_after? I'm assuming ours might still be whatever the defaults are. The list admin can see these values on the list's web admin Bounce processing page, but defaults are: bounce_score_threshold = 5.0 bounce_info_stale_after = 7 bounce_you_are_disabled_warnings = 3 = 7 Am I right in thinking that if we make these values high enough, we'll see no accounts disabled, and the only side effects will be more bounces and yahoo mail won't get through? Would this be an acceptable solution for a list with only 1000 members and low traffic, assuming we warn the yahoo members to use a different address? Just turn off bounce processing for the list. See the FAQ at http://wiki.list.org/x/ggARAQ. Also consider what I speculate above in the paragraph starting with Maybe. Additional reading at http://www.dmarc.org/faq.html#s_3, http://blog.threadable.com/how-threadable-solved-the-dmarc-problem and http://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html and other articles linked from those. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC issues
Our observation here has been that only Yahoo addresses, and those of other services which also uses the DMARC algorithm generate bounces. Because the From: address contains yahoo.com, and the IP address of the list server does not reverse resolve to a yahoo.com server, the list email is refused by Yahoo. The list of refusing servers includes Yahoo, Comcast, ATT, Hotmail and a number of others. Lindsay Haisley (512) 259-1190 (land line) (512) 496-7118 (mobile) Sent from my iPhone On Apr 11, 2014, at 8:28 PM, Peter Shute psh...@nuw.org.au wrote: I hadn't heard of this till now. Could somebody please confirm if my understanding of the issue is correct? This is what I'm thinking will happen, please correct where I'm wrong: - A list member sends an email to the list from a yahoo address - The list sends that email out to all the list members - The recipients' mail servers will (might?) check with yahoo what to do with the email, and will be advised to reject it - The list will receive a bounce for every email address whose mail server follows that advice - Those recipients whose mail server follows the advice will not receive the message - The list will increment the bounce score for all those affected receipients, but only once per day - The increment will be 1 because this is a hard bounce - If the score reaches the bounce_score_threshold before the bounce_info_stale_after number of days has passed since the most recent bounce, then the member's subscription is disabled. If that's correct then my understanding is that: - If a list has at least one active yahoo member then pretty soon everyone's subscription will be disabled (not unsubscribed?). - If a list receives vey few messages from yahoo addresses then the only effect will be that their messages don't get through, and that they might still get through to some people. I'm a moderator for a cpanel list, but don't have access to any of the settings. Can someone tell me what the default settings are for bounce_score_threshold and bounce_info_stale_after? I'm assuming ours might still be whatever the defaults are. Am I right in thinking that if we make these values high enough, we'll see no accounts disabled, and the only side effects will be more bounces and yahoo mail won't get through? Would this be an acceptable solution for a list with only 1000 members and low traffic, assuming we warn the yahoo members to use a different address? Peter Shute Siniša Burina wrote: I believe there's no need to elaborate on the problems recently introduced by Yahoo, changing their DMARC DNS record and rendering many mailman lists unusable for Yahoo mail users. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/fmouse%40fmp.com -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org