Re: [Mailman-Users] dmarc_moderation_action isn't working

Thu, 29 May 2014 08:32:35 -0700 

On 05/29/2014 07:44 AM, Joel Uckelman wrote:
> 
> ;; ANSWER SECTION:
> _dmarc.yahoo.com. 1777  IN  TXT "v=DMARC1\; p=reject\; sp=none\; pct=100\; 
> rua=mailto:[email protected], mailto:[email protected]\;";
...
> It looks like I got a DMARC record back. Is that the expected result?


Yes.


> The script prints:
> 
> "v=DMARC1; p=reject; sp=none; pct=100; 
> rua=mailto:[email protected], mailto:[email protected];";


OK. So if you look up the DMARC record for yahoo.com, you find p=reject.

Try the attached patch or similar to see what's going on.

-- 
Mark Sapiro <[email protected]>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

--- /var/MM/2.1/Mailman/Utils.py        2014-05-02 20:26:19.166274000 -0700
+++ /var/MM/21/Mailman/Utils.py 2014-05-29 08:26:17.545491833 -0700
@@ -1070,9 +1070,14 @@
 # or possibly quarantine.
 def IsDMARCProhibited(mlist, email):
     if not dns_resolver:
-         return False
+        # This is a problem; log it.
+        syslog('error',
+            'DNS lookup for dmarc_moderation_action for list %s not available',
+            mlist)
+        return False
 
     email = email.lower()
+    syslog('error', 'DMARC email = %s', email)
     at_sign = email.find('@')
     if at_sign < 1:
         return False
@@ -1084,6 +1089,7 @@
         resolver.lifetime = float(mm_cfg.DMARC_RESOLVER_LIFETIME)
         txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT)
     except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
+        syslog('error', 'DMARC DNS non exist domain or no answer')
         return False
     except DNSException, e:
         syslog('error',
@@ -1091,6 +1097,8 @@
               email, dmarc_domain, e.__class__)
         return False
     else:
+        for x in txt_recs:
+            syslog('error', 'DMARC DNS got %s', x)
 # people are already being dumb, don't trust them to provide honest DNS
 # where the answer section only contains what was asked for, nor to include
 # CNAMEs before the values they point to.

------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to