Re: How to implement something close to, but not quite an "announcement-only" mailing list?

[Miles Fidelman]

On 4/15/17 3:53 PM, Phil Stracchino wrote:


On 04/15/17 15:40, James B. Byrne wrote:

On Sat, April 15, 2017 08:01, Kevin A. McGrail wrote:
The current version of Majordomo is 1.94.5, released 19 January 2000.[4]

[...]

Mailman is still under active development. It was updated to
accommodate the 2015 DMARC fiasco.  It also has a web based management
interface and built-in archiving tool. These features make Mailman
somewhat more convenient for list managers who may not themselves be
sysadmins.

Off topic though it is, I'd concur with this.  If you're starting out
from scratch, Mailman is the obvious choice.  Majordomo still works as
well as it ever did, but honestly that is almost damning it with faint
praise.  It's a 25-year-old piece of software that hasn't been updated
in 17 years, and during those 17 years the world it has to exist in has
changed enormously.  Majordomo doesn't support current standards and,
realistically, it is never likely to.  Save yourself the pain.

Also, Mailman comes with specific instructions for integrating it with
Postfix, out of the box.


If you're looking for a majordomo replacement, don't forget to look at 
Sympa - the other major open source list manager floating around.  It's 
supported by a consortium of French universities, and is aimed at larger 
organizations (universities) with lots of users and lots of lists.  It's 
had a DMARC patch since about 3 weeks after DMARC hit.  It's a bit 
trickier to configure & administer than Mailman, but also has more 
features - so it's a tradeoff.


Miles Fidelman



--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: More Email Sent than "status=sent" in MailLog

[Wietse Venema]

Greg Sims:
> Hi There,
> 
> We recently moved from RHEL 6/Postfix to CentOS 7/Postfix.  I see a change
> in the maillog that I need help understanding.
> 
> We are using mailman to manage three lists totaling 21K subscribers.  Each
> email is sent using VERP so that the Sender and Errors-to headers are
> unique  -- containing an encoded version of the email address that the
> email is being sent to.  This helps with bounce process and the like.  The
> >From header is the same for all of the emails sent and the To header is
> unique.
> 
> On the RHEL 6 system, when I count the number of "status=sent" strings in
> the maillog, the number is the same as the number of emails sent.  On the
> CentOS 7 system the number of "status=sent" is about 25% of the number of
> emails sent.
> 
> Can anyone help me understand this change in behavior?
> 
> Here is the command I am using to view the 4/15 emails in the maillog:
> 
> cat /var/log/maillog.processed /var/log/maillog | grep status=sent | grep
> 'Apr 15' | wc
>4783   85852 1221343
> 
> You can see 4,783 "status=sent" entries on Apr 15 with over 21K emails sent
> (and verified with DMARC aggregation).

Perhaps system-effing-d is throttling the logs? Reportedly, it does
throttles logs before handing things off to things like rsyslogd.

Wietse

More Email Sent than "status=sent" in MailLog

[Greg Sims]

Hi There,

We recently moved from RHEL 6/Postfix to CentOS 7/Postfix.  I see a change
in the maillog that I need help understanding.

We are using mailman to manage three lists totaling 21K subscribers.  Each
email is sent using VERP so that the Sender and Errors-to headers are
unique  -- containing an encoded version of the email address that the
email is being sent to.  This helps with bounce process and the like.  The
>From header is the same for all of the emails sent and the To header is
unique.

On the RHEL 6 system, when I count the number of "status=sent" strings in
the maillog, the number is the same as the number of emails sent.  On the
CentOS 7 system the number of "status=sent" is about 25% of the number of
emails sent.

Can anyone help me understand this change in behavior?

Here is the command I am using to view the 4/15 emails in the maillog:

cat /var/log/maillog.processed /var/log/maillog | grep status=sent | grep
'Apr 15' | wc
   4783   85852 1221343


You can see 4,783 "status=sent" entries on Apr 15 with over 21K emails sent
(and verified with DMARC aggregation).

Thanks, Greg

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

[Phil Stracchino]

On 04/15/17 15:40, James B. Byrne wrote:
> On Sat, April 15, 2017 08:01, Kevin A. McGrail wrote:
> The current version of Majordomo is 1.94.5, released 19 January 2000.[4]
[...]
> Mailman is still under active development. It was updated to
> accommodate the 2015 DMARC fiasco.  It also has a web based management
> interface and built-in archiving tool. These features make Mailman
> somewhat more convenient for list managers who may not themselves be
> sysadmins.

Off topic though it is, I'd concur with this.  If you're starting out
from scratch, Mailman is the obvious choice.  Majordomo still works as
well as it ever did, but honestly that is almost damning it with faint
praise.  It's a 25-year-old piece of software that hasn't been updated
in 17 years, and during those 17 years the world it has to exist in has
changed enormously.  Majordomo doesn't support current standards and,
realistically, it is never likely to.  Save yourself the pain.

Also, Mailman comes with specific instructions for integrating it with
Postfix, out of the box.


-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: 603.293.8485

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

[James B. Byrne]

On Sat, April 15, 2017 08:01, Kevin A. McGrail wrote:
> On 4/14/2017 10:19 PM, Ramon F Herrera wrote:
>> On 4/14/2017 8:41 PM, Kevin A. McGrail wrote:
>>> On 4/14/2017 9:35 PM, Ramon F Herrera wrote:

 I guess this would be more descriptive and succinct:

 A "members-only PLUS disguising of all e-mail addresses
 contained in the headers" mailing list.
>>> I didn't follow all your logic in the previous email but overall
>>> you'll likely need something like *mailman or majordomo* plus
>>> something like MIMEDefang in front of it to achieve your needs.
>>
>> This begs the question, to all the readers: Given those 2
>> requirements, and my lack of time to learn/compare Majordomo vs.
>> mailman, which one would you use?
. . .
> I use Mailman and it works.  Of course, I'm an advisor to Virtru along
> with John Viega, Mailman's original author. So in solidarity with him,
> I'm going to completely malign majordomo and say that it's horrible!
> :-)  More seriously, both are great, both work well and I use lists
> every day using both.  Lot comparing a Honda Civic to a Toyota Camry.
> They both just work and get you from point A to B with little grief or
> comfort.
>
> Regards,
> KAM
>

>From wikipedia:

The current version of Majordomo is 1.94.5, released 19 January 2000.[4]

The official website warns that it will not work with Perl versions
5.001 and 5.005_01 specifically. It recommends to use Perl 4.036 or
the latest version available. Support for Perl 4.036 may not be kept
for the future.[5]

>From me:

We ran many mailing lists from the mid 1990's to the mid 2000's with
Majordomo.  It worked well then and I infer from its continued
employment here that it still does.  However, it has not been worked
on in a considerable time and the world for which it was constructed
no longer exists.  Shortly before we switched to Mailman a Majordomo 2
project started up and this is still active.  You can find the source
for MJ2 at http://ftp.mj2.org/pub/mj2/snapshots/

For the few mailing lists that we still host we switched to Mailman
around 2005.  This was mainly due to the fact that at the time it
shipped with RHEL and RHEL was what we were using.  RHEL still
includes Mailman as far as I know.

Mailman is still under active development. It was updated to
accommodate the 2015 DMARC fiasco.  It also has a web based management
interface and built-in archiving tool. These features make Mailman
somewhat more convenient for list managers who may not themselves be
sysadmins.

Regards,

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

Do you know an FOSS email system for kids?

[Dedeco Balaco Baco]

Hello,

in the last months, I have been searching for an email system with some 
features to make it better for kids, even for younger ages, and also their 
parents. We need a few features to guarantee some security to free messaging 
among known friends, but some supervision for unknown addresses.

Last January, I started a thread in Linux Questions about this. No clear 
solution was given until now. Now I am thinking about making something, since 
there seems to be no ready to use FOSS system.  Maybe I can somehow setup 
Postfix to do this? Maybe I can use Postfix with some simple extra programs? 
You tell me, please! I never set up Postfix. Articles, books or any other 
material to read, if they can be useful, are very welcome. I already have the 
official Postfix book. Setting up this system with no root access in a Debian 
server (many more people use it) is welcome, although a few root actions just 
to set something up may not be a problem.

My first post in the thread I mentioned is:

==
I am trying to find an email system (that preferably work with any email 
account) for kids.

 The features I am looking for are (possibly):

 - messages can be sent to any email account

 - answers must only be read after the contact is added and the supervisor 
confirmed its safety

 - or each message from strange accounts can be marked as safe without adding 
the sender to the contact; process repeated for each message

 - messages from contacts are received faster, do not need to be previously 
read by supervisor account

 - a copy of all messages can be read by the supervisor account at anytime, 
even after they are erased within the safe account

 I found a few paid services with similar features (tocomail, zilladog, 
kidsafemail, zoobuh, emailforkids.org). But none have interfaces in other 
languages but English.

 Such a system (or program) is not that hard to develop. Do you know any FOSS 
(free and open-source software) such system? Or some practical alternative 
method to achieve this safety?
==

A few comments and thoughts were made in that thread. You may want to read 
that, but I won't copy everything here, it may not be necessary or may be 
offtopic to this list.

The thread "Do you know an FOSS email system for kids?" in Linux Questions is:

https://www.linuxquestions.org/questions/linux-server-73/do-you-know-an-foss-email-system-for-kids-4175597944/

I am waiting for your comments. Thank you (:

Re: exclude a host(s) and allow it without authentication

[Philip Paeps]

On 2017-04-15 13:29:37 (+0100), lejeczek  wrote:
I'm fiddling with settings but thought, someone already must know - how 
to achieve above, if possible at all?


Simply add it to $mynetworks and add ``permit_mynetworks`` to the 
relevant ``smtpd_{foo}_restrictions``?


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

exclude a host(s) and allow it without authentication

[lejeczek]

hi everyone

I'm fiddling with settings but thought, someone already must 
know - how to achieve above, if possible at all?


many thanks,
L.

Re: How to implement something close to, but not quite an "announcement-only" mailing list?

[Kevin A. McGrail]

On 4/14/2017 10:19 PM, Ramon F Herrera wrote:

On 4/14/2017 8:41 PM, Kevin A. McGrail wrote:

On 4/14/2017 9:35 PM, Ramon F Herrera wrote:


I guess this would be more descriptive and succinct:

A "members-only PLUS disguising of all e-mail addresses 
contained in the headers" mailing list.
I didn't follow all your logic in the previous email but overall 
you'll likely need something like *mailman or majordomo* plus 
something like MIMEDefang in front of it to achieve your needs.


This begs the question, to all the readers: Given those 2 
requirements, and my lack of time to learn/compare Majordomo vs. 
mailman, which one would you use?
Attached is the discussed scrap we use in MIMEDefang that we mangle 
emails before they get to our mailing list.  It maintains the same GPL 
the original MIMEDefang-filter is produced under.  I didn't include 
every sub, etc. as I expect it's not all relevant except to kick off 
your thinking.


I use MIMEDefang with Postfix and it's a very good solution.  I monitor 
the MD list as well if you have questions and use it.


I use Mailman and it works.  Of course, I'm an advisor to Virtru along 
with John Viega, Mailman's original author. So in solidarity with him, 
I'm going to completely malign majordomo and say that it's horrible!  
:-)  More seriously, both are great, both work well and I use lists 
every day using both.  Lot comparing a Honda Civic to a Toyota Camry.  
They both just work and get you from point A to B with little grief or 
comfort.


Regards,
KAM
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#***
#
# Copyright (C) 2017 PCCC
#***

#get domain name from an email address
sub get_domain_from_email {
  my ($domain) = @_;

  #REMOVE ANY LEADING/TRAILING <>'s
  $domain =~ s/(^<|>$)//g;
  #REMOVE ANY LEADING/TRAILING SPACE'S
  $domain =~ s/^ *//g;
  $domain =~ s/ *$//g;
  #REMOVE EVERYTHING UP TO THE @ SYMBOL
  $domain =~ s/.*\@//g;

  return $domain;
}

foreach $recip (@Recipients) {
  # BLOCK IF FROM YAHOO (AND OTHERS) BECAUSE THEY SET DMARC TOO STRICTLY
  # 
http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html
  # REWRITE THE FROM HEADER AND OTHER FIELDS PER RECOMMENDATION HERE: 
http://dmarc.org/faq.html#s_3

  # If Sender is set to DMARC reject and recipient is a mailing list - NOTE 
Yahoo.com and AOL.com reject as of 4/23
  if (($recip =~ m/\@mailman\./i or
   $recip =~ m/\@lists\./i)

  and

 # exclude the admnistrivia addresses like admin confirm, join, leave, 
etc.
 ($recip !~ 
/\-(admin|bounces|confirm|join|leave|owner|request|subscribe|unsubscribe)(\+.*)?\@/i)

 ) {

my ($container, $parser, $original, $report2, $dmarc_reject_notice, 
$daemon_sender, $dmarc_result, $sender_domain, $modification_subject, 
$pretty_sender);

# Automatically check DMARC DNS entry
$sender_domain = _domain_from_email($Sender);
# DNS test for DMARC entry with timeout of 5 seconds
$dmarc_result = _dmarc(domain=>$sender_domain, timeout=>5);

if ($dmarc_result =~ /p=(reject|quarantine)/i) {

  # NOTIFY SENDER AND REWRITE THE SENDER TO A DO-NOT-REPLY ADDRESS
  md_syslog('warning', "Modifying message to mailing list due to DMARC 
- $recip - $Sender - $Subject");
  $dmarc_reject_notice = "Your email to $recip was modified to prevent 
your email address on mailing lists from being incorrectly flagged as a forgery.

In order to permit your email through to the mailing list, we have rewritten 
the From address to a do-not-reply address.  Depending on the list 
configuration, you may not receive replies and will need to monitor the list.  
Additionally, this may delay your email as it will require manual intervention 
by the list moderator to approve.

We apologize for the inconvenience but the cause of the issue rests squarely 
with spammers who have forced email providers to implement anti-forgery 
technologies that impact mailing lists heavily.

Sincerely,

Kevin A. McGrail
President, PCCC";


  #CUSTOMIZE NOTIFICATION PARAMS
  $daemon_sender = 'do-not-re...@daemon.pccc.com';
  $modification_subject = _to_mime("Important Mailing List 
Notification re:[". _to_utf8($Subject) ."]");

  #SEND NOTIFICATION
  action_notify_sender_immediately(Sender=>$Sender, DaemonName=>'PCCC 
Raptor Notice', DaemonAddress=>$daemon_sender, 
NotifySenderSubject=>$modification_subject, body=>$dmarc_reject_notice);

  #TEMPORARILY REMOVE MAILING LIST
  #delete_recipient($recip); - NO LONGER NEEDED WITH REWRITE OF FROM

  #CHANGE SENDER ON ENVELOPE
  change_sender($daemon_sender);

  #CHANGE SENDER ON FROM