Rob Lingelbach writes:
Is it possible the ‘personalize’ option moved elsewhere in
2.1.18-1? I’ve just updated to that version and don’t see it on
the Nondigest Options page.
Sorry, I haven't updated to 2.1.18-1 yet, I'm reading source and
missed a crucial qualification at the top of the
Glenn Sieb writes:
What my list owners want out of my lists, and what rules they
decide on for their lists, is not my business. By extension, it is
not yours.
If you just want to vent, please say so. I thought you were asking
for help.
If you want help, then the questions I asked are
Jim Popovitch writes:
On Wed, May 7, 2014 at 6:47 PM, Mark Sapiro m...@msapiro.net wrote:
We are trying to talk with DMARC proponents,
You won't be successful until those people themselves figure out what
they are doing
That's true, but those folks (or, more accurately, their bosses)
Peter Shute writes:
So does this mean that any solution is going to be a choice between
ease of replying to the list and ease of accidental replying to the
list?
Yes, and that's an unsolvable problem. Some replies should be public,
some should be private, and only the user can know which
Peter Shute writes:
If it means that Reply vs Reply All work differently for list
messages from different domains,
It does.
will it only lead to users becoming hopelessly confused? Is there
anyone who's already using this who could report on the reactions
from users?
Good question.
Joseph Brennan writes:
Stephen J. Turnbull step...@xemacs.org wrote:
Honestly, they (one of the principal DMARC spec authors works for
Yahoo) ignored their own advice, imagine how well that would go
over in some other industries.
I didn't write that, and I dissent from
Glenn Sieb writes:
Then please work on your phrasing.
That times time and effort, which I will start saving right now.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ:
sherwin writes:
mid...@lists.ibiblio.org: Command died with status 2:
/usr/lib/mailman/mail/mailman post midfex. Command output: Group
mismatch
error. Mailman expected the mail wrapper script to be executed as group
mailman, but the system's mail server executed the
Lindsay Haisley writes:
What goes into an address comment is, or should be, purely
informational on a human level, and ignored on a computational
level.
Unfortunately, we can't depend on that:
There are a few possible mechanisms that attempt mitigation of
[display name] attacks,
Mark Sapiro writes:
They probably aren't using the subscribe form on the listinfo page but
rather posting the data directly to the subscribe CGI. Try moving
mailman's cgi-bin/subscribe aside to totally disable web subscribe.
Yeah, this seems like a different attack from the last one I
Lindsay Haisley writes:
A nice fix, albeit probably total pie-in-the-sky, would be the
establishment of a MIME Content-Type: multipart/list-post, a variation
on (or extension of) mulpart/mixed. MUAs SHOULD (in the RFC 2119 sense)
effectively hide the outermost enclosing MIME envelope
Mark Sapiro writes:
I finally got around to testing this.
Thanks, Mark!
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy:
Richard Damon writes:
On 5/9/14, 10:13 PM, John Levine wrote:
The correct response is either for senders to stop publishing DMARC
policies that don't match the way their users use mail (fat chance),
or for recipient systems to skip the DMARC checks on mail from sources
that are
Mark Sapiro writes:
On 05/12/2014 01:25 AM, Stephen J. Turnbull wrote:
How about multipart/alternative:
message header
multipart/alternative
part header
message/rfc822# original message in all its glory
part header
Hi all,
I just discovered that the spam-checker for a non-Mailman list I
subscribe to (I suspect SpamAssassin but I can't confirm yet, the MLM
is ListServ) is introducing 8-bit characters into the header.
What appears to be happening is that the original post uses a
Content-Transfer-Encoding of
Gary Algier writes:
I have been following the discussion of the DMARC issues and Mailman's
attempts to live with it. I was wondering if anyone has an Executive
Summary of the DMARC issue in a general sense.
How about the following:
DMARC is a set of protocols for Internet mail that are
Barry S. Finkel writes:
Is this also true?
Users from DMARC-reject domains send mail to mailing lists, and the
resulting mail from the mailing list is rejected. Enough
rejections can cause the mailing list possibly to be blacklisted
for sending lots of spam mail.
The rejections
Peter Shute writes:
When MS365 forwards the mails sent to the distribution list, should
that make the DMARC authentication fail? I thought that only
happened if you made changes like adding a prefix to the subject
line like Mailman does.
If it forwards verbatim *and* the sending domain
Conrad G T Yoder writes:
Has anyone had to deal with bounces due to rate limiting from
Roadrunner/Time Warner?
Are these true bounces (ie, permanent delivery failures) or just the
temporary failures due to rate limiting, causing delays of many hours
or days in delivery?
Sascha Rissel writes:
Hello there,
I am running a vServer on Debian6.
Via apt-get install mailman I installed and set up Mailman 2.1.13, which
is running fine with 5 mailing lists on my server.
Motivated by all those discussions about Yahoo's DMARC on this list, I
wondered
Conrad G T Yoder writes:
Are these true bounces (ie, permanent delivery failures) or just the
temporary failures due to rate limiting, causing delays of many hours
or days in delivery?
It is a true bounce - mail is being rejected. The error message is
phrased as a temporary
Gary Algier writes:
I ran some tests this morning. I created an Exchange distribution list here
and added myself five ways on the list:
1. On our Exchange server (how I receive internal emails)
2. On a local Linux server running sendmail and dovecot (how I receive real
mail)
3. A
Conrad G T Yoder writes:
On May 15, 2014, at 8:48 PM, Stephen J. Turnbull step...@xemacs.org wrote:
The log you display is not a true bounce.
Gotcha. I guess someone thought it was a true bounce and
configured their servers appropriately. :^)
Could be.
The other possibility
Peter Shute writes:
Thanks, found it. I didn't realise there were sub menus for that stuff.
That's not good. Is there something we could do to help make it
obvious that (many) more settings are accessible?
--
Mailman-Users mailing list
Peter Shute writes:
Why isn't this the default setting? Is there some disadvantage to
it?
Until now, you only needed it when one of your peers was seriously
broken. DMARC p=reject now means that AOL and Yahoo! are breaking
other hosts en masse.
Disadvantage, yes. It requires resources
Mark Rousell writes:
Can Mailman include the web archive URL for a message in the message
header itself?
Mailman 2 can't. Mailman 3 is able to do it, but I'm not sure what
the state of the art on implementing this conveniently for list owers
is.
As far as I can see, Mailman should have
Sergio Durigan Junior writes:
As you can see, the first two Received: headers got messed up somehow,
I don't understand what you mean by messed up. They looked
perfectly readable and RFC-conforming to me.
and the lines are not being prefix by \t but by one single space
char.
This is the
Natu writes:
One difference between my method and yours is that my mail logs
will show that somebody actually replied to that address where as
with yours the reply would stop at the senders SMTP server. Not
that significant, but it might be useful to know if users are using
those
Natu writes:
If there is a dkim signature and it fails google will treat it as
spam
Note that, taking your words literally, this is against the DKIM RFCs
-- a failed signature is supposed to be treated the same as a lack of
a signature.
That doesn't mean that Google can't or doesn't use it.
Allan Hansen writes:
I just realized that setting the digest option could be a temporary
solution for my Yahoo and AOL subscribers
Just make sure you set it for *all* users, not just those using Yahoo!
and AOL. The important thing is that non-AOL/Yahoo! subscribers be
protected from the
Richard Damon writes:
From what I have seen, any version of Mailman before 2.1.16 (and
preferably 2.1.18) just isn't compatible with DMARC
Please, it's the other way around! ;-) DMARC is the interloper, and
some insiders fear that this mess will derail progress to RFC status
of the useful
Ron Guerin writes:
With great sadness, I'm trying to deal with the DMARC problem certain
providers have decided to create for everyone else, and for some reason,
even after turning the mung option on in the web interface, there's no
munging going on. (wrap doesn't wrap either)
I have
Richard Damon writes:
On 5/25/14, 11:30 AM, Mark Rousell wrote:
Whilst Yahoo and AOL are the ones who have chosen to
use/misuse/abuse DMARC in this way, it could also be said that
DMARC (and all its backers on its current form) are to blame
precisely because DMARC *allows*
John Levine writes:
This is one of the most annoying things about Yahoo and AOL's misuse
of DMARC -- they're practically forcing people to use hacks to show
unauthenticated fake From: lines.
Not only that, they're doing it themselves. :-(
John Levine writes:
My understanding is that DMARC WAS going through the standardization
process, and actually was to the state where experimental use was
justified (and in some sense actually required). ...
No, not at all. DMARC was designed and implemented by a small closed
group
Mark Rousell writes:
It seems to me that if a protocol so easily allows (or even
effectively encourages) usage that craps on existing legitimate
Internet usage then the protocol (and its designers) must be in
part to blame.
I don't see any real difference between ESP abuse of p=reject
Tanstaafl writes:
You can create multiple accounts for the same URL with passwordmaker, so
I think you just don';t understand totally how it works.
I have no clue what you're talking about. The OP shares a password
with several other users, and does not have the right to change it, or
to
Mark Sapiro writes:
If there are no 'DMARC' entries in Mailman's logs, it most likely means
the imports I show above didn't succeed in the python that Mailman is
using, in which case dmarc_moderaction_action will not be done at all.
If dmarc_moderation_action is not none (precisely
Odhiambo Washington writes:
I have read the FAQs so I don't believe I missed one, but it could be
possible. Is there a way, with full personalization, that I can include a
logo in posts on a list? A remote possibility...
Whose logo? The list's or the user's? Where do you want this logo
Odhiambo Washington writes:
An organization is 'sponsoring' a list and wanted to have their
logo included on all messages on the list. I understand that this
means the list has to somehow modify the message as it leaves going
to subscribers.
I would think so, yes.
I was thinking you
Tanstaafl writes:
Chill Stephen.
Chill yourself. You had two rounds to figure out what he was asking
for, and missed it twice. Then you tell him he doesn't understand
totally how it works. I really *was* puzzled as to how you could
think the system you described met his requirements.
Now I
Tanstaafl writes:
It *does*...
It does?? As you described it, he can let passwordmaker choose his
password. But he says he can't do that. Or he can specify the whole
password as the prefix, which is insecure. And AIUI that's not
acceptable to him either, as far as I can see he's very
Mark Sapiro writes:
The footer attached to non-digest messages is in the list's web admin
interface at Non-digest options - msg_footer and that attached to
digests is Digest options - digest_footer.
You can set these to anything you want or set them empty to not add
footers at all.
Russell Clemings writes:
At least the current release of v11.44, as of last week.
Well, good for them! That doesn't mean all their clients will
upgrade, of course, but it sure does make it a lot easier.
--
Mailman-Users mailing list
M Winther writes:
If I use any of my my Swedish email addresses (.se) my messages
keep bouncing on account of iajsdiscussionlist.org: DNS server
failure. Yahoo groups intermittently has the same
problem. However, in this case the messages just disappear. So I
must use my google email
Steve Matzura writes:
I am a site admin for a system built on Debian version 7 (Wheezy). The
current available mailman package distribution version is 2.1.15 but I
want to use 2.1.18-1, which means, unless I miss my guess, it's got to
be built from source. If this isn't so, I'd greatly
Perry E. Metzger writes:
BTW, I don't quite understand this. Why would splatting random
addresses at you help them? Why not just pick real addresses they
control? Successfully subscribing is easy, and generating seemingly
random addresses won't get them subscribed since the addresses will
Peter Shute writes:
It's now about 2 months since Yahoo introduced their DMARC reject
policy. I'm taking this as a sign that it's unlikely that they'll
ever reverse the decision
On the DMARC list at IETF, a senior Yahoo! sysadmin said that because
the attack based on stolen address book
Peter Shute writes:
I'm interested to know what's in store because our current tactic
is to reject new Yahoo and AOL subscribers, encourage existing ones
to get new addresses, and to forward their messages by hand. This
is obviously not going to work if other providers gradually start
Larry Finch writes:
DMARC helped briefly, but spammers and phishers have already found
ways to defeat it. I have seen a surge in AOL-based phishing this
week. They simply use the AOL screen name in the comment in the
FROM field with a non-AOL address. As most mail clients don't
display
Perry E. Metzger writes:
have been significant academic studies of the market, and they
indicate that your portrayal isn't accurate.
I was incautious; smart spammers go back at least to Canter and
Siegel. What I should have written was spammers are greedy, but many
aren't too smart.
I
Peter Shute writes:
It probably(?) can't hurt, but what's the point if each bounce
represents an undelivered message?
Each bounce is one bounce that takes a perfectly innocent user one
bounce closer to getting disabled or unsubscribed. We need to do
something about this. The easiest thing
Sparr writes:
Modifying the messages bothers me (and a lot of other people, as
indicated by the last dozen times similar conversations have been had,
about changing Reply-To and From and Subject and ...) and should be
the last resort.
Well, actually the point is that lists need to do
Conrad G T Yoder writes:
I have recently (last couple weeks?) started getting 4.3.0 mail
transport unavailable” bounces from roadrunner/TW addresses (the
rate-limiting issue is not currently rearing its head), and that is
causing Mailman (2.1.17) subscriptions to be disabled. Example
Peter Shute writes:
But from the member's perspective they're being asked to change
something they've possibly had for many years, for a reason they
don't fully understand, and which they may not even believe.
That kind of thing happens to me all the time (I now live in Japan).
Nothing new
Peter Knowles writes:
I'm attempting to re-create the Membership Management using PHP. More
specifically, I want to be able to view, and modify all column data
associated with each subscriber in the same way the default Mailman UI does
(ex. Name, Email, MOD, Hide, Nomail, Ack, Not Metoo,
Mark Sapiro writes:
While the idea of identifying a DMARC bounce and forwarding the
original post to the bounced recipient wrapped in some boilerplate about
the need to do so has some appeal, I think the implementation would be
too messy to contemplate. If you wish to try, the code is at
I thought I sent this but my MUA disagrees
A user (one among many) writes:
Mark,
Good straw to grasp at. I thought SElinux had already been disabled but it
hadn't. It seems to be working now.
Do we have better advice than just disable SELinux to offer?
I ask because solving the DMARC
willi uebelherr writes:
I think, Goggle use the mail-message-id. Is it possible in the mailman,
to change the message-id of the mail?
You don't want to do that. Modern mail clients determine
relationships (order of conversations) among messages which may have
similar subjects (or may not)
Peter Fraser writes:
The message I showed earlier was the postfix on the same box as
mailman. Mailman should detect those bounces. I was just thinking
based on what you said about some smtp servers getting the 5xx
status from downstream servers thatthose errors would not reach
mailman
Ron Guerin writes:
Jane Doe (j...@example.com) via listname l...@example.net
My question now is, is there any reason why re-writing it this way
would be a bad idea?
First, the DMARC proponents themselves say don't do that! (Mostly
for the reasons given below.)
Second, it
Bjoern Franke writes:
Am Sonntag, den 22.06.2014, 13:33 +1000 schrieb Peter Shute:
Yahoo Groups also add something like this in a footer:
Posted by: a real name a-n...@a-domain.co.uk
and a series of mailto links below that for replying to the original
sender or to the group.
willi uebelherr writes:
now i think, it is clear. The feature duplicate suppression is a fix
mechanism. I will wait for the answers of the people from the
mailman-users list, what the say about. But in Gmail with a user
configuration never i can resolve the problem.
That's right.
Ron Guerin writes:
I would really like to do, as someone said earlier, just say Friends
don't let Friends use Yahoo or AOL Mail. But count me in with those
expecting Gmail to be next. That's nearly half the subscribers of the
list I've been asking in regard to.
I think GMail would have
Richard Damon writes:
The internet protocols disagree on that minor modification create a new
email.
No, they don't. There's only one RFC that matters, and that's RFC
5322 (or whichever version of that standard that you prefer, but on
this they're basically in agreement). RFC 5322 says:
Mark Sapiro writes:
That is exactly what happened. header_filter_rules is processed by
SpamDetect which is the first handler in the pipeline.
I see why Barry created Chains of Rules for MM3. This is messy.
I think for this reason DMARC checking should come before spam
detection, or be done
Malcolm Austen writes:
I did (before I had 2.1.18-1 available) toy with setting it high (c.9 or
10) and setting bounce_info_stale_after down to 1 so that I could let
aol/yahoo posts out in a burst on one day and then hold them for a couple
of days to clear the bounce scores.
Of
Mark Rousell writes:
On 26/06/2014 09:22, Malcolm Austen wrote:
(I note that neither yahoo.co.uk nor aol.co.uk have published a DMARC
policy.)
As a relevant aside, AOL in the UK was sold to TalkTalk a couple of
years ago so is independent of AOL in the USA.
yahoo.com says the same
Robert Heller writes:
Comcast is bouncing with the message:
reason: 554 Transaction Failed Spam Message not queued.
Is this Comcast's way of 'hiding' the fact that the E-Mail address
is no longer valid? That is, does Comcast consider E-Mail to
unknown users spam?
How would
Mark Sapiro writes:
At 05:00 local time this morning my Mailman installation sent password
reminders to 65 comcast.net addresses. Of these, exactly 1 bounced with
550 5.1.1 u...@comcast.net Account not available (in reply to RCPT TO
command)
OK, so we know Comcast will admit that a
Robert Heller writes:
All three of the comcast bounces were @cable.comcast.com addresses.
Other comcast address (all @comcast.net) went through fine. The
@cable.comcast.com were working for sometime.
Well, comcast.net is participating in DMARC, while neither comcast.com
not
Mark Sapiro writes:
On 07/02/2014 03:58 AM, Henrik Rasmussen wrote:
I know this has been asked before, but I haven't found anything
about whether or not this will be a future change or how to work
around it.
You can always remove cron/mailpasswds from Mailman's crontab to avoid
Steven Owens writes:
Also, confusing the issue was the fact that my gmail account is
receiving other list messages, but not list messages from those users,
and there was no sign of a bounce from gmail. However, I did some
googling and apparently it's not unknown for gmail to silently
Barry S. Finkel writes:
On 7/14/2014 8:43 PM, Peter Shute wrote:
Would grey listing show up in the headers? We haven't installed
grey listing here, but who know what our anti spam does. If it's
using it then it certainly isn't using it consistently. I can't
see anything in the
Peter Shute writes:
No, it's all hosted via cpanel. Does this mail per hour limit seem
odd with that sort of setup?
To me it seems like a good way to chase away customers, but IIRC over
the years many people have posted to this list about such limitations
(usually under the subject of how do
Jimmy writes:
I found that the file /usr/lib/mailman/bin/postfix-to-mailman.py does not
exist on my system, postfix-to-mailman.py isn't anywhere on my system at
all, so that obviously presents a problem. Is that not normally in the RPM
installation?
That's right. IIRC,
Peter Shute writes:
Thanks, Dave. How are you coping with yahoo emails if you've only
got 2.1.17? I can't remember what changes it's got in it, but I
thought the latest dealt with it better.
IIRC the big difference between 2.1.17 and 2.1.18-1[1] is that in
2.1.17 the DMARC-mitigation
Chad Rebuck writes:
I'm not able to access the admin interface. I don't reach the page
where I can enter my admin password. The mailman error log doesn't
show anything.
I'm running mailman 2.1.18-1.
This message appears:
Gateway Timeout
The gateway did not receive a
Don:
I’m attempting to bring it up on a new box with a yum-supplied copy
of mailman rather than the old-fashioned hand install.
Some systems put the configs and so on in a different place from the
standard mailman install. I infer that you have the right place,
but please confirm. On my
Peter Shute writes:
That was my impression too. It sounds less disruptive, but I wonder
if the resulting variability of behaviour of Reply and Reply all
would just cause confusion.
Well, I can get away with a policy of Friends don't let friends use
Yahoo! and be ornery about it, so take my
Conrad G T Yoder writes:
[Using 2.1.17]
Is there a way to have their email addresses get into the archives
and still have the Mung From option turned on?
It looks to me (version 2.1.18, though) like the from corruption is
performed in the CookHeaders Handler. Perhaps you can move the
ML mail writes:
Thanks I will go for the REST API and sorry for bothering the
mailman users mailing list. I will use the developers one in the
future instead.
It's really not a question of bothering, it's a question of where
you will get the best answers.
Chad Rebuck writes:
Here is additional information. The log entries for lifetime has
expired started happening much more frequently after upgrading to
2.1.18-1.
Did you enable any of the features that require querying the DNS for
DMARC policy (eg, Privacy | Sender Filters |
Abdullah Maskari writes:
Jul 24 09:09:16 mailhost sm-mta[3309]: s6O89FAL003309:
ruleset=check_rcpt, arg1=target-addr...@external.domain2.com,
relay=mailhost.server.in-dmz.on.internal-domain.com [mailhost ip
address] (may be forged), reject=550 5.7.1
Abdullah AL-Maskari writes:
I will look at the spam filter configurations and my DNS but I dont see
how any of those systems could be broken if the original mailman server
is working fine.
It's not a question of whether something is broken; something is. The
fact that your own logs
Abdullah Maskari writes:
So it seems that my problem is that my mailman server attempts to
communicate with mailhost through mailhost's outward facing IP rather
than through its internal network IP,
Aha! I'll have to remember that, I wouldn't be surprised if it comes
up again.
I have
Kyle Vernon writes:
When I run the find_members script natively on the mailman box I get this
result:
root@mbox1:/opt/mailman/bin# ./find_member -w
k.ver...@ntta.commailto:k.ver...@ntta.com
Are you root when you ssh from the other box:
SCRIPT=op mailmanscripts
Sascha Rissel writes:
(N.B: All file permissions are set according to my previous server's, but I
also tried: chown -R list.list /var/lib/mailman/lists/
Try running the bin/check_perms script (or maybe it's checkperms).
The wrapper scripts may have a different idea from you about file
owners
Sascha Rissel writes:
Thanks, in fact I didn't think of that!
Meanwhile I created the list on the target server anew, using newlist
command.
Afterwards I exported members and config from the old server and imported
it into the new server's list:
list_members -o regular.lst -r list
Anthony (N2KI) writes:
That is what I am currently doing with IS Mail. In order for the messages
to be sent, IS Mail logs into my account and then sends the mail. I
believe the problem could be related but not limited to reverse DNS
authentication. My Ip resolves to my domain name via
Peter Knowles writes:
What is the best way to deal with feedback loop messages where the
provider has redacted the email address of the party who filed the
complaint?
What do you want to do with this information? Just unsubscribe that
user? I'd say pass the buck back to the provider.
Peter Shute writes:
We're now on a new list server, which is running v2.1.18-1. We've
set from_is_list to munged, and it's now sending list messages from
the list, and putting the original sender's address in Reply To as
expected.
On my iPad, Reply sends a message back to the
Peter Shute writes:
Further unwanted Reply All behaviour - a Lotus Notes user says when
he sends a reply with Reply All, the list bounce address is
Cc'd. It does include the list address too, which is good.
Can it cause any problems to Cc the list bounce address?
Mark is on vacation
Peter Shute writes:
If we set from_is_list to No, how does the list behave when
yahoo.com emails arrive?
That depends on the setting of dmarc_moderation_action. If it is set
to Accept, it just passes them through, and lets the destination
decide what to do. Almost certainly you will get
Lindsay Haisley writes:
If you grok MM internals a bit and understand withlist and python, and
don't mind importing the Python Crypto library I can send you the
information on this hack, but I'd rather turn it over to the MM people
for some sort of public posting so everyone can have a go
Will Yardley writes:
I think munging the headers is a sensible practice, as it makes it
a little harder to listwash; the main idea of the FBL as I understand it
is to give you an idea when there's some kind of gross abuse,
That's what they say, but in many cases that's not what they do.
Peter Shute writes:
So if we set fom_is_list to No and dmarc_moderation_action to Munge
From, non yahoo/aol emails will go through normally, and yahoo/aol
emails will get munged?
Yes, that's what will happen. (Modulo bugs, of course. This is a
very new feature, and only recently has it
Kevin Carpenter writes:
I have a somewhat large mailing list, about 1700 users, that is
generally working just fine. However, some users are seeing LONG delays
(like 4+ hours) on mail delivery while other users, in the same
organization, get sub-minute delivery.
By same organization,
Kevin Carpenter writes:
We have documented cases of two users at the same company having
dramatically different delivery times. e.g. for us...@abc.com and
us...@abc.com: user2 may get delivery in 5 seconds vs. user1 getting
the delivery in 4 hours, inconsistently. e.g. the next
Kevin Carpenter writes:
Agreed, but my understanding of my greylist software is that it does it
via mail address, and these are regular members of the list, not first
time posters. e.g. They shouldn't be greylisted anymore.
Most greylist software only whitelists for a specified period
801 - 900 of 1551 matches
Mail list logo
