Re: [Mailman-Users] DMARC issues

[Mitra IMAP]

Our observation here has been that only Yahoo addresses, and those of other 
services which also uses the DMARC algorithm generate bounces. Because the 
From: address contains yahoo.com, and the IP address of the list server does 
not reverse resolve to a yahoo.com server, the list email is refused by Yahoo. 
The list of refusing servers includes Yahoo, Comcast, AT&T, Hotmail and a 
number of others.

Lindsay Haisley
(512) 259-1190 (land line)
(512) 496-7118 (mobile)
Sent from my iPhone

On Apr 11, 2014, at 8:28 PM, Peter Shute  wrote:

> I hadn't heard of this till now. Could somebody please confirm if my 
> understanding of the issue is correct?
> 
> This is what I'm thinking will happen, please correct where I'm wrong:
> - A list member sends an email to the list from a yahoo address
> - The list sends that email out to all the list members
> - The recipients' mail servers will (might?) check with yahoo what to do with 
> the email, and will be advised to reject it
> - The list will receive a bounce for every email address whose mail server 
> follows that advice
> - Those recipients whose mail server follows the advice will not receive the 
> message
> - The list will increment the bounce score for all those affected 
> receipients, but only once per day
> - The increment will be 1 because this is a hard bounce
> - If the score reaches the bounce_score_threshold before the 
> bounce_info_stale_after number of days has passed since the most recent 
> bounce, then the member's subscription is disabled.
> 
> If that's correct then my understanding is that:
> - If a list has at least one active yahoo member then pretty soon everyone's 
> subscription will be disabled (not unsubscribed?).
> - If a list receives vey few messages from yahoo addresses then the only 
> effect will be that their messages don't get through, and that they might 
> still get through to some people.
> 
> I'm a moderator for a cpanel list, but don't have access to any of the 
> settings. Can someone tell me what the default settings are for 
> bounce_score_threshold  and bounce_info_stale_after? I'm assuming ours might 
> still be whatever the defaults are.
> 
> Am I right in thinking that if we make these values high enough, we'll see no 
> accounts disabled, and the only side effects will be more bounces and yahoo 
> mail won't get through? Would this be an acceptable solution for a list with 
> only 1000 members and low traffic, assuming we warn the yahoo members to use 
> a different address?
> 
> Peter Shute
> 
> Siniša Burina wrote:
> I believe there's no need to elaborate on the problems recently introduced by 
> Yahoo, changing their
> DMARC DNS record and rendering many mailman lists unusable for Yahoo mail 
> users.
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-users/fmouse%40fmp.com
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC issues

[Mark Sapiro]

On 04/11/2014 06:28 PM, Peter Shute wrote:
> I hadn't heard of this till now. Could somebody please confirm if my 
> understanding of the issue is correct?
> 
> This is what I'm thinking will happen, please correct where I'm wrong:
> - A list member sends an email to the list from a yahoo address
> - The list sends that email out to all the list members
> - The recipients' mail servers will (might?) check with yahoo what to do with 
> the email, and will be advised to reject it
> - The list will receive a bounce for every email address whose mail server 
> follows that advice
> - Those recipients whose mail server follows the advice will not receive the 
> message
> - The list will increment the bounce score for all those affected 
> receipients, but only once per day
> - The increment will be 1 because this is a hard bounce
> - If the score reaches the bounce_score_threshold before the 
> bounce_info_stale_after number of days has passed since the most recent 
> bounce, then the member's subscription is disabled.


Correct.


> If that's correct then my understanding is that:
> - If a list has at least one active yahoo member then pretty soon everyone's 
> subscription will be disabled (not unsubscribed?).


Everyone whose ISP honors Yahoo's DMARC reject policy. And they will
eventually be unsubscribed after (bounce_you_are_disabled_warnings) *
(bounce_you_are_disabled_warnings_interval) days.


> - If a list receives vey few messages from yahoo addresses then the only 
> effect will be that their messages don't get through, and that they might 
> still get through to some people.


Maybe. Yahoo requests and receives reports of rejected mail. This is
only speculation, but if Yahoo sees that your server is sending what it
considers to be bogus mail purporting to be From: its domain, it could
decide to reject all mail from your server.


> I'm a moderator for a cpanel list, but don't have access to any of the 
> settings. Can someone tell me what the default settings are for 
> bounce_score_threshold  and bounce_info_stale_after? I'm assuming ours might 
> still be whatever the defaults are.


The list admin can see these values on the list's web admin Bounce
processing page, but defaults are:

bounce_score_threshold = 5.0
bounce_info_stale_after = 7
bounce_you_are_disabled_warnings = 3 = 7


> Am I right in thinking that if we make these values high enough, we'll see no 
> accounts disabled, and the only side effects will be more bounces and yahoo 
> mail won't get through? Would this be an acceptable solution for a list with 
> only 1000 members and low traffic, assuming we warn the yahoo members to use 
> a different address?


Just turn off bounce processing for the list. See the FAQ at
.

Also consider what I speculate above in the paragraph starting with "Maybe."

Additional reading at ,
 and

and other articles linked from those.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC issues

[Peter Shute]

I hadn't heard of this till now. Could somebody please confirm if my 
understanding of the issue is correct?

This is what I'm thinking will happen, please correct where I'm wrong:
- A list member sends an email to the list from a yahoo address
- The list sends that email out to all the list members
- The recipients' mail servers will (might?) check with yahoo what to do with 
the email, and will be advised to reject it
- The list will receive a bounce for every email address whose mail server 
follows that advice
- Those recipients whose mail server follows the advice will not receive the 
message
- The list will increment the bounce score for all those affected receipients, 
but only once per day
- The increment will be 1 because this is a hard bounce
- If the score reaches the bounce_score_threshold before the 
bounce_info_stale_after number of days has passed since the most recent bounce, 
then the member's subscription is disabled.

If that's correct then my understanding is that:
- If a list has at least one active yahoo member then pretty soon everyone's 
subscription will be disabled (not unsubscribed?).
- If a list receives vey few messages from yahoo addresses then the only effect 
will be that their messages don't get through, and that they might still get 
through to some people.

I'm a moderator for a cpanel list, but don't have access to any of the 
settings. Can someone tell me what the default settings are for 
bounce_score_threshold  and bounce_info_stale_after? I'm assuming ours might 
still be whatever the defaults are.

Am I right in thinking that if we make these values high enough, we'll see no 
accounts disabled, and the only side effects will be more bounces and yahoo 
mail won't get through? Would this be an acceptable solution for a list with 
only 1000 members and low traffic, assuming we warn the yahoo members to use a 
different address?

Peter Shute

Siniša Burina wrote:
I believe there's no need to elaborate on the problems recently introduced by 
Yahoo, changing their
DMARC DNS record and rendering many mailman lists unusable for Yahoo mail users.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] handler to auto detach attachment and link it to a website?

[Stephen J. Turnbull]

Sylvain Viart writes:

 > Development question, is there a way to test the handler against a mail 
 > content, outside of the full mailman context?

I forget the exact incantation, but I have a test list, and just test
for the test list at the top of the Handler, and return success
immediately.

 > Something like:
 > 
 > $ python -some-useful-switch-here MyHandler.py < mymail_withheader.txt

It's not going to be that easy because the handlers receive both the
message itself and a message information object, and creation of the
object is non-trivial.  For hints I'd look at the testing code.

 > Is it more appropriate to post such question to mailman-developers list?

Not as far as I'm concerned, "create a custom Handler" is commonly
offered as a solution here, so we should be willing to support it
here.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] handler to auto detach attachment and link it to a website?

[Mark Sapiro]

On 04/11/2014 08:54 AM, Sylvain Viart wrote:
> 
> 4.67. How do I implement a custom handler in Mailman
> 
> 
> 
> Following instruction here, I've started to develop my custom handler,
> as Scrubber is scrubbing too "strong" for my purpose.
> 
> Development question, is there a way to test the handler against a mail
> content, outside of the full mailman context?
> 
> Something like:
> 
> $ python -some-useful-switch-here MyHandler.py < mymail_withheader.txt


withlist is the tool for this. When I get a chance, I will update the
above FAQ with a skeleton framework, but in short you need a withlist
script that imports your handler, reads your message and builds a
Mailman.Message.Message object and calls your handler's process function.


> Is it more appropriate to post such question to mailman-developers list?


Either is OK.


> I've found: http://pythonhosted.org/mailman/src/mailman/docs/DEVELOP.html


That's for Mailman 3 and isn't relevant to Mailman 2.1.x.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] handler to auto detach attachment and link it to a website?

[Sylvain Viart]

Hi,


Le 28/03/2014 16:58, Mark Sapiro a écrit :
> As it says in that post, scrub_nondigest is an all or nothing feature.

I may code the behavior I've described for my need :

Detaching attachment, storing, linking back into the original mail.


4.67. How do I implement a custom handler in Mailman 




Following instruction here, I've started to develop my custom handler, 
as Scrubber is scrubbing too "strong" for my purpose.


Development question, is there a way to test the handler against a mail 
content, outside of the full mailman context?


Something like:

$ python -some-useful-switch-here MyHandler.py < mymail_withheader.txt

Is it more appropriate to post such question to mailman-developers list?

I've found: http://pythonhosted.org/mailman/src/mailman/docs/DEVELOP.html


Regards,
Sylvain.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Mail Lists open space at Pycon

[Mark Sapiro]

On 04/11/2014 05:25 AM, Mark Sapiro wrote:
> 
> Tentatively rescheduled to 17:00 EDT (21:00 GMT) on Friday, 11 Apr in room 
> 525.
> 
> I will attempt to post realtime summaries on #mailman.


Due to various scheduling issues, this will be rescheduled for Saturday
evening (Montreal time). Details to follow.

Please email me if you're thinking of attending. So far I know it's me,
Florian Fuchs, and Barry Warsaw, but we need DMARC folks too.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Mail Lists open space at Pycon

[Mark Sapiro]

On April 11, 2014 7:21:49 AM EDT, Mark Sapiro  wrote:
>On 04/10/2014 05:30 PM, Mark Sapiro wrote:
>> I have tentatively scheduled an open space for Friday, 11 April at
>18:00
>> in room 523B at Pycon to talk about DMARC and mail lists. All
>available
>> interested parties are invited. If the time doesn't work, we can
>reschedule.
>
>
>I will need to reschedule this. Check the open space board.

Tentatively rescheduled to 17:00 EDT (21:00 GMT) on Friday, 11 Apr in room 525.

I will attempt to post realtime summaries on #mailman.


-- 
Mark Sapiro 
Sent from my Android phone with K-9 Mail. [Unpaid endorsement]
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC and Mail Lists open space at Pycon

[Mark Sapiro]

On 04/10/2014 05:30 PM, Mark Sapiro wrote:
> I have tentatively scheduled an open space for Friday, 11 April at 18:00
> in room 523B at Pycon to talk about DMARC and mail lists. All available
> interested parties are invited. If the time doesn't work, we can reschedule.


I will need to reschedule this. Check the open space board.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC issues

[Rich Kulawiec]

(my apologies to anyone who reads NANOG, this is mostly a repeat
of what I said there)

On Thu, Apr 10, 2014 at 11:36:16AM -0400, Barry Warsaw wrote:
> It *is* a shame that these anti-spam defenses knowingly break mailing lists.

It's a shame that this is being pushed as an anti-spam defense when in
fact (a) it has little-to-no anti-spam value and (b) measures that have
much higher anti-spam value with few adverse effects are not being used.

Nearly all (at least 99% and likely quite a bit more) of the spam [as
observed by my numerous spamtraps] that purports to originate from Yahoo
really *does* originate from Yahoo.  All that I have to do to verify that
is to look at the originating host -- that is, it's not necessary to
check DMARC or anything else.

There are several reasons for this.  First, Yahoo has done an absolutely
miserable job of outbound abuse control.  For over a decade.  Second,
they've done a correspondingly miserable job of handling abuse reports,
so even when one of their victims is kind and generous enough to do
their work for them and tell them that they have a problem...they don't
pay attention and they don't take any action.  (Or they fire back a
clueless boilerplate denial that it was their user on their host on
their network...even though it was all three.)  Also for over a decade.
Third, why would any spammer forge a @yahoo.com address when it's easy
enough to buy hijacked accounts by the bucketful -- or to use any of the
usual exploits to go get some?  Fourth, at least some spammers seem to have
caught on that Yahoo isn't *worth* forging: it's a toxic cesspool because
the people running it have allowed it to be become one.

So let's not pretend that this has anything to do with stopping spam.
If Yahoo actually wanted to do something about spam, they could have
done that years and years ago simply by *paying attention* to what was
going on inside their own operation.  This is just (a) propaganda,
so that they claim to be "doing something" and (b) a clumsy attempt
to coerce people into using *their* mailing lists, which are just
as horribly run as the rest of their mail system.

---rsk

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DMARC issues

[Siniša Burina]

On 11/04/14 03:19, Mark Sapiro wrote:

> I'm not sure why you can't upgrade if you can patch the code, but in any
> case, I can't point you at a single patch to do it my way because there
> are several. You could do it by applying all of the following patches in
> order.

Thank you very much, Mark!

-- 
Pozdrav / Regards,
Siniša Burina


--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org