Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Ted Hatfield 


On Thu, 25 Aug 2016, Steve Wehr wrote:



-Original Message-
From: Mailman-Users
[mailto:mailman-users-bounces+steve=tunedinweb@python.org] On Behalf Of
Ted Hatfield
Sent: Tuesday, August 23, 2016 6:56 PM
To: mailman-users@python.org
Subject: [Mailman-Users] AOL rejecting connections from mailman servers for
DMARC Munging.


Hey all,

Recently my mailman server was flagged by AOL and my messages were rejected
with this error.

SMTP DATA-2 protocol error: 521 5.2.1 :  AOL will not accept delivery of
this message.


When I queried the AOL Postmaster about this issue this was my response.

Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of filters
as
Reply-to address is same as the TO address. This is caused as one of our
filters triggered these emails as spam. I have added protection for your IP.
As
a good mailing practice, please use a different email address for your
reply-to
address.


It seems to me that since dmarc munging adds the senders address to the
reply-to header, if a user receives a copy of their own postings this is the

result.

Can anyone else confirm that this has happened to them and if so what else
can
someone do except to wrap the message from senders that implement dmarc
rejection as in dmarc_moderation_action?


Is there a recommended policy regarding this issue?


Ted Hatfield






I recently have been fighting AOL over this exact same thing. To solve it I
contacted AOL via their postmaster page and opened a ticket. They got back
to me and said they "made some changes to their handling of mail from my IP
address."

I had been using mailman to send to AOL users for over a decade, so I didn't
change anything in mailman. After about 2-3 weeks AOL has now stopped
rejecting mailman emails.

In the interim, I used Mark Sapiro's script to reset the moderation bits on
all AOL users, encased in a little shell script I wrote:

#!/bin/bash

# This script resets the bounce bits for certain users in ALL lists.
#
# Run this script as ROOT
for listname in $(ls /var/lib/mailman/lists/);
do
  echo Resetting bounce bits in list $listname
  # Reset bounce bits for only AOL.COM members.
  /usr/lib/mailman/bin/withlist -r reset_bounce $listname -d aol.com
done;

Hope this is helpful.

_
Steve Wehr
Tunedin Web Design
845-246-9643



Steve,

Glad to see I'm not the only one.  This was also my solution. I just 
wanted to see if there was a better way to handle the issue but I don't 
see any recommended advice that would solve the issue in a technical way.



I'm considering setting dmarc_moderation_action to "Wrap Message" and 
setting from_is_list back to "No"


This will at least only affect the users who use email that enforces
DMARC p=quarantine and p=reject.


Ted Hatfield

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Update advisory (how to install?)

2016-08-25 Thread Carl Zwanzig 

On 8/25/2016 10:32 AM, Caesar Samsi wrote:

I recall there was an advisory to update Mailman due to something (security 
issue?).
When is this happening and where can I get the update and how to install it?


Mark's original email of 19-Aug-2016: "I plan to release Mailman 2.1.23 with 
this and other fixes on Saturday, Aug 27 and also to post at the same time 
the patch which can be applied stand-alone." (I'm sure it's in the list 
archive.)


In general, to upgrade you download the full package from the mailman site 
and follow the updating instructions there or in the tarball. Pretty simple.


Later,

z!

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Update advisory (how to install?)

2016-08-25 Thread Caesar Samsi 
Hi there,

I recall there was an advisory to update Mailman due to something (security 
issue?).

When is this happening and where can I get the update and how to install it?

Thanks, Caesar.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] unique Message-IDs

2016-08-25 Thread Beu, Ed (DOA) 
-Original Message-
From: Mailman-Users [mailto:mailman-users-bounces+ed.beu=alaska@python.org] 
On Behalf Of Mark Sapiro
Sent: Thursday, August 25, 2016 7:48 AM
To: mailman-users@python.org
Subject: Re: [Mailman-Users] unique Message-IDs

On 08/24/2016 11:20 AM, Beu, Ed (DOA) wrote:
> 
> We've run into a situation whereas our email archiving system is puking on 
> mail sent from large Mailman lists due to the Message-IDs all being the same 
> on each individual message.
> 
> I found the following article and tried it, without any success.
> 
> https://mail.python.org/pipermail/mailman-users/2011-November/072525.html


>>Did you try just deleting the Message-ID or replacing it with a Mailman
>>Generated one?

I tried both methods, both did not work.

>>If you are not VERPing or personalizing deliveries, replacing the
>>Message-ID will not be completely effective because the message with the
>>replaced Message-ID will still be sent to chunks with multiple
>>recipients. Whether deleting the Message-ID will be effective or not
>>will depend on when in its processing the MTA adds its own Message-ID.

With VERP turned on it presented issues with our Spam Filter, so not an option.

> Any other suggestions?


>>Enable verp by putting

>>VERP_DELIVERY_INTERVAL = 1

>>in mm_cfg.py and then replace the Message-ID with a Mailman generated
>>one per
>>


>>or maybe just fix your archiving system.

Plans are in the works for a replacement (O365)! 

>>Note that replacing the Message-ID in this way is a violation of mail
>>RFCs and I don't recommend it.

Understood!

>>What happens if a local user sends a message with multiple To:, Cc:
>>and/or Bcc: recipients. Doesn't that confuse your archiving system too?
>>What do you do about that?

I don't run the archiving system so not sure.  The archiving admin mentioned he 
was manually changing MSG-IDs the other day.

Thanks, Ed

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] unique Message-IDs

2016-08-25 Thread Mark Sapiro 
On 08/24/2016 11:20 AM, Beu, Ed (DOA) wrote:
> 
> We've run into a situation whereas our email archiving system is puking on 
> mail sent from large Mailman lists due to the Message-IDs all being the same 
> on each individual message.
> 
> I found the following article and tried it, without any success.
> 
> https://mail.python.org/pipermail/mailman-users/2011-November/072525.html


Did you try just deleting the Message-ID or replacing it with a Mailman
Generated one?

If you are not VERPing or personalizing deliveries, replacing the
Message-ID will not be completely effective because the message with the
replaced Message-ID will still be sent to chunks with multiple
recipients. Whether deleting the Message-ID will be effective or not
will depend on when in its processing the MTA adds its own Message-ID.


> Any other suggestions?


Enable verp by putting

VERP_DELIVERY_INTERVAL = 1

in mm_cfg.py and then replace the Message-ID with a Mailman generated
one per

or maybe just fix your archiving system.

Note that replacing the Message-ID in this way is a violation of mail
RFCs and I don't recommend it.

What happens if a local user sends a message with multiple To:, Cc:
and/or Bcc: recipients. Doesn't that confuse your archiving system too?
What do you do about that?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Mark Sapiro 
On 08/25/2016 06:01 AM, Steve Wehr wrote:
> 
> In the interim, I used Mark Sapiro's script to reset the moderation bits on
> all AOL users, encased in a little shell script I wrote:
> 
> #!/bin/bash
> 
> # This script resets the bounce bits for certain users in ALL lists.
> #
> # Run this script as ROOT
> for listname in $(ls /var/lib/mailman/lists/);


A more robust way to do this is

for listname in $(/usr/lib/mailman/bin/list_lists -b);

because there may be files or non-list directories in
/var/lib/mailman/lists/

> do
>echo Resetting bounce bits in list $listname
># Reset bounce bits for only AOL.COM members.
>/usr/lib/mailman/bin/withlist -r reset_bounce $listname -d aol.com
> done;
> 
> Hope this is helpful.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] unique Message-IDs

2016-08-25 Thread Beu, Ed (DOA) 
Hello Mark,

We've run into a situation whereas our email archiving system is puking on mail 
sent from large Mailman lists due to the Message-IDs all being the same on each 
individual message.

I found the following article and tried it, without any success.

https://mail.python.org/pipermail/mailman-users/2011-November/072525.html

We're running Mailman v2.1.12 on Centos 6.7 and using Postfix 2.6.6..

Any other suggestions?

Thx, Ed


Ed Beu , Systems Programmer
Enterprise Technology Services
Department of Administration
619 E Shipcreek Ave., Ste 232
Anchorage, AK 99501-1677
[ETSLogo]
*Desk:(907)269-6790
?Fax: (907)269-6719
* ed@alaska.gov
" http://www.doa.alaska.gov/ets/





--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Steve Wehr 
I recently have been fighting AOL over this exact same thing. To solve it I
contacted AOL via their postmaster page and opened a ticket. They got back
to me and said they "made some changes to their handling of mail from my IP
address."

I had been using mailman to send to AOL users for over a decade, so I didn't
change anything in mailman. After about 2-3 weeks AOL has now stopped
rejecting mailman emails. 

In the interim, I used Mark Sapiro's script to reset the moderation bits on
all AOL users, encased in a little shell script I wrote:

#!/bin/bash

# This script resets the bounce bits for certain users in ALL lists.
#
# Run this script as ROOT
for listname in $(ls /var/lib/mailman/lists/);
do
   echo Resetting bounce bits in list $listname
   # Reset bounce bits for only AOL.COM members.
   /usr/lib/mailman/bin/withlist -r reset_bounce $listname -d aol.com
done;

Hope this is helpful.

_
Steve Wehr
Tunedin Web Design
845-246-9643


-Original Message-
From: Mailman-Users
[mailto:mailman-users-bounces+steve=tunedinweb@python.org] On Behalf Of
Ted Hatfield
Sent: Tuesday, August 23, 2016 6:56 PM
To: mailman-users@python.org
Subject: [Mailman-Users] AOL rejecting connections from mailman servers for
DMARC Munging.


Hey all,

Recently my mailman server was flagged by AOL and my messages were rejected
with this error.

SMTP DATA-2 protocol error: 521 5.2.1 :  AOL will not accept delivery of
this message.


When I queried the AOL Postmaster about this issue this was my response.

Few mails from IP xxx.xxx.xxx.xx were getting rejected from one of filters
as 
Reply-to address is same as the TO address. This is caused as one of our 
filters triggered these emails as spam. I have added protection for your IP.
As 
a good mailing practice, please use a different email address for your
reply-to 
address.


It seems to me that since dmarc munging adds the senders address to the 
reply-to header, if a user receives a copy of their own postings this is the

result.

Can anyone else confirm that this has happened to them and if so what else
can 
someone do except to wrap the message from senders that implement dmarc 
rejection as in dmarc_moderation_action?


Is there a recommended policy regarding this issue?


Ted Hatfield

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/steve%40tunedinweb.com

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] AOL rejecting connections from mailman servers for DMARC Munging.

2016-08-25 Thread Stephen J. Turnbull 
Robert Heller writes:

 > Cc: headers. Eg if the address in the From: is also in the To: OR
 > Cc: headers, AOL might reject the E-Mail. (This would be seriously
 > dumb and effectively make AOL an impossible E-Mail destination to
 > deliver any E-Mail to.)

Bcc

But yes, I agree.  The solution is to be a friend, and friends don't
let friends use AOL. ;-)  Yes, I know, you have to pry their AOL from
their cold dead fingers and all that.  The thing is, that with AOL
it's just one thing after another.  While it's definitely possible to
deliver some email to AOL, any given email might be refused for
reasons that you can't predict.  We can't protect our users from their
own service providers. :-(

BTW, the OP already said that his setting for reply-to is Poster, so
something we haven't figured out yet seems to be happening here. :-(

Steve
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org