Re: [Mailman-Developers] Anyone tried the DMARC mail address translucent forwarder hack?

2014-05-17 Thread Stephen J. Turnbull
John Levine writes: > You just need one DNS entry, for *.remail.lists.org. Believe it or > not, that's legal, valid, standard, etc. Legal, valid, and useful, yes. However, it's generally considered a poor practice because it means that all of those domains exist, which makes it hard to debug

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Stephen J. Turnbull
Bob Puff writes: > So guys... Is there a simple little hack we can do within MM 2.1 to > try to mitigate this issue, by adding .invalid or some other > extension? I've got a few lists that are getting to the point > where MM sends the probe email, and then figures it is not a > bouncing addr

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Stephen J. Turnbull
Franck Martin writes: > You can also apply this patch: > > http://bazaar.launchpad.net/~mlm-author/mailman/2.1-author/revision/1341?remember=1338&compare_revid=1338 > > Rather than injecting an invalid domain in the From: and weakening > more the security of email... If your *primary* con

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Andreas Schulze
Bob Puff: > So guys... Is there a simple little hack we can do within MM 2.1 to try to > mitigate this issue, by adding .invalid or some other extension? I've got a > few lists that are getting to the point where MM sends the probe email, and > then figures it is not a bouncing address, but a lot

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread John Levine
>Exactly how to patch this depends on what Mailman version you're >starting with, but you basically want some code like this. > >name, addrs = parseaddr(msg.get('from')) >addrs += '.invalid' >del msg['from'] >msg['From'] = formataddr((name, addrs)) > >If you put it in Mailman/Handle

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Stephen J. Turnbull
Quoth Mark Sapiro: > >Exactly how to patch this depends on what Mailman version you're > >starting with, but you basically want some code like this. snip John Levine writes: > How do you limit it to just addresses with DMARC problems? There's no > benefit to doing it to everyone. Probably

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Lindsay Haisley
On Sat, 2014-05-17 at 14:12 +, John Levine wrote: > How do you limit it to just addresses with DMARC problems? There's no > benefit to doing it to everyone. > Because a DMARC record is published in DNS, Mailman must use a Python module capable of querying DNS. MM 2.1.18 uses the dnspython

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread John R Levine
> How do you limit it to just addresses with DMARC problems? There's no > benefit to doing it to everyone. Probably a hard-coded regexp (or list thereof) matching against the address in "From". The OP has a special situation where he's got lots of local mods to Mailman, so it's not convenient t

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Mark Sapiro
On 05/16/2014 10:56 PM, Bob Puff wrote: > >> name, addrs = parseaddr(msg.get('from')) >> addrs += '.invalid' >> del msg['from'] >> msg['From'] = formataddr((name, addrs)) >> >> If you put it in Mailman/Handlers/Cleanse.py or >> Mailman/Handlers/CookHeaders.py, parseaddr and formata

Re: [Mailman-Developers] [GSoC 2014] Mailman CLI Project

2014-05-17 Thread Rajeev S
On Tuesday 13 May 2014 07:12 PM, Barry Warsaw wrote: On May 13, 2014, at 03:27 PM, Rajeev S wrote: Would --list be implied by seeing a `--listname=l...@example.com`? E.g. would this be just as useful, and a little shorter: mmclient show --listname=l...@example.com --domain=example.org ? In

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread John Levine
>> How do you limit it to just addresses with DMARC problems? There's no >> benefit to doing it to everyone. >> >Because a DMARC record is published in DNS, Mailman must use a Python >module capable of querying DNS. MM 2.1.18 uses the dnspython > package for this. I b

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Mark Sapiro
On 05/17/2014 10:33 AM, John Levine wrote: > > Well, yes, obviously. Since DNS checks can be slow, it would be nice > to reuse the answers that Mailman probably already has. Where are > they stored? They aren't stored anywhere in Mailman, but they are likely cached in a local name server. --

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Lindsay Haisley
On Sun, 2014-05-18 at 01:37 +0900, Stephen J. Turnbull wrote: > > How do you limit it to just addresses with DMARC problems? There's no > > benefit to doing it to everyone. > > Probably a hard-coded regexp (or list thereof) matching against the > address in "From". The OP has a special situati

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Stephen J. Turnbull
John R Levine writes: > Isn't there code in 2.18 to check for DMARC problems to catch messages on > the way in? I'd think you could adapt that. I'm not sure what "on the way in" means, but 2.1.18 does have code to catch a p=reject record and handle it just once per post. The OP can't use 2.1

Re: [Mailman-Developers] Fixing DMARC problems with .invalid munge

2014-05-17 Thread Stephen J. Turnbull
Lindsay Haisley writes: > I have a lot of mods to Mailman too. Patching is easy using the gnu.org > diff and patch tools and can easily be scripted, I'm sure the OP knows that, and may even have a bzr (or git) repo. However, any change can require resolving conflicts, and some require changing