Re: [Mailman-Users] Mailman 2.1.18 final release
On 05/03/2014 11:30 AM, Mark Sapiro wrote: I'm pleased to announce the final release for Mailman 2.1.18. It appears that the from_is_list and dmarc_moderation_actions Wrap Message actions may run afoul of this issue http://bugs.python.org/issue7970 in the Python email library in versions older than 2.6.x where x is some number 5. I.e. I know the bug is fixed in Python 2.7 and 2.6.5 and not in any 2.5.x or older. I'm not sure about 2.6.1 - 2.6.4. I have attached a patch to Mailman/Message.py which I think will fix this issue if you have it. You will know if you do because all outgoing mail will be shunted with the exception TypeError: Expected list, got type 'str' when SMTPDirect.py invokes the as_string() method on the message object. I think this will only occur with those older Pythons and when a Wrap Message action is applied. As soon as I get confirmation from the original reporter that the patch solves the problem, I will release a fixed version. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan --- /var/MM/2.1/Mailman/Message.py 2014-04-26 21:29:42.282766984 -0700 +++ /var/MM/21/Mailman/Message.py 2014-05-05 22:40:32.412348756 -0700 @@ -59,6 +59,25 @@ return self.__class__(fp, self._mangle_from_, self.__children_maxheaderlen, self.__children_maxheaderlen) +# This is the _handle_message method with the fix for bug 7970. +def _handle_message(self, msg): +s = StringIO() +g = self.clone(s) +# The payload of a message/rfc822 part should be a multipart sequence +# of length 1. The zeroth element of the list should be the Message +# object for the subpart. Extract that object, stringify it, and +# write it out. +# Except, it turns out, when it's a string instead, which happens when +# and only when HeaderParser is used on a message of mime type +# message/rfc822. Such messages are generated by, for example, +# Groupwise when forwarding unadorned messages. (Issue 7970.) So +# in that case we just emit the string body. +payload = msg.get_payload() +if isinstance(payload, list): +g.flatten(msg.get_payload(0), unixfrom=False) +payload = s.getvalue() +self._fp.write(payload) + class Message(email.Message.Message): signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] inn gateway
Le 06/05/2014 01:42, Mark Sapiro a écrit : The test list's high watermark for the newsgroup is 31. This means no posts prior to #32 in the newsgroup will be gated to the list. ok. I suspected some sort of thing like this Use bin/withlist and do the following $ bin/withlist -l test Loading list test (locked) The variable `m' is the test MailList instance m.usenet_watermark = None m.Save() - Cntrl-D to exit Unlocking (but not saving) list: test Finalizing $ ouch. I wouldn't have find this myself, great thanks, I will save this for future use also jdd -- http://www.dodin.org -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] inn gateway
Le 06/05/2014 01:42, Mark Sapiro a écrit : $ bin/withlist -l test well...I'm cursed :-( this worked with the test list, but not with the main list! same symptoms: list is linux-31 linux-31 newsgroup works linux-31 mailman list works post to the list go to the newsgroup but posts to the newsgroup do not reach the list fromusenet logs May 06 08:43:47 2014 (27035) linux-31: [1..12] May 06 08:43:47 2014 (27035) gating linux-31 articles [12..12] May 06 08:43:47 2014 (27035) posted to list linux-31: 12 May 06 08:43:47 2014 (27035) linux-31 watermark: 12 but /usr/lib/mailman/bin/withlist -l linux-31 do not fix the problem sorry :-( jdd -- http://www.dodin.org -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Changes to archive templates have no effect
I am running Mailman version 2.1.12. When I change my templates in /usr/lib/mailman/templates/site/da/ (like admlogin.html) I see the changes taking effect (immediately, even though I didn't restart Mailman), but any changes I make to the Archive templates located in the same directory doesn't seem to have any effect. According to /usr/lib/mailman/Mailman/Archiver/HyperArch.py line 799 Mailman uses archtoc.html in case of a Private list or archtocnombox.html in case of a public list. The changes doesn't take effect regardless of whether the list is private or public. But I'm not sure if this the decision is made from the default (PUBLIC_MBOX) variable in the mm_cfg.py or Default.py files since the HyperArch.py file refers to the mm_cfg. To debug, I tried make a change in the default /usr/lib/mailman/templates/da/ archtoc.html file, but this does not have any effect either. Changing the archliststart.html, archlistend.html, archtocentry.html, archidxfoot.html, archidxhead.html have no effect either. I did remember to restart Mailman both (just in case) using service mailman restart and mailmanctl restart. Henrik Rasmussen h...@adm.ku.dk -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
I understand now, fake warnings for phishing. As for not being taken in, I haven't yet, but I'm sure it would be possible to create one that I would assume to be genuine. Peter Shute Sent from my iPad On 6 May 2014, at 3:15 pm, Stephen J. Turnbull step...@xemacs.org wrote: Peter Shute writes: On 5 May 2014, at 4:59 pm, Stephen J. Turnbull step...@xemacs.org wrote: them. But when you (FVO you susceptible to phishing in the first Sorry, what does FVO stand for? Ah, excuse my abbreviations. FVO = for values of; the intended implication is that the you reading my post isn't the kind of you who gets taken in by phishing emails. All of our mail to you have come back to us due to DMARC rejects, so we need to use this unusual address. Please confirm your blah-blah-blah by clicking here and logging in to our secure site. 2% of AOL customers will respond by clicking, at last report. :-( They get a warning? I thought it just bounced, and the intended recipient never knew. No, the point is that a phishing mail with From: Chase Bank Customer Service serv...@chase.com.invalid will sail right past DMARC, as currently set up. In the message, the complaint about the DMARC rejects was written by the phisherman, and the strange address is explained by that preamble. Thus reassured, the victim then clicks. Don't ask me to explain why they do that, I don't really understand (I'm almost tempted to quote Niven and Pournelle, think of it as evolution in action), but it's an empirical fact that real people lose real money to these scams (2% of AOLers click, according to AOL). Now, it's *possible* that .invalid will trigger the latent common sense in the 2%. But I think that pretty unlikely to be completely effective, and I suspect it won't be effective at all in the presence of a disclaimer about the unusual address. If .invalid can't get by the victim's common sense, .REMOVE-THIS etc probably will. The thing is that a bit of common sense will save you from any of these scams. But that's not enough to create good policies, because it's very hard is to think of all the ways to abuse a very naive victim, or a very young one, or an elderly one who's lost a step mentally -- it takes a devious mind just to think of one! Regards, -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] best way to reconfirm a list
That is correct. The lists are current news announcements so only the list owner posts to the list. The sample headers I got look legit as far as I can tell. They redacted all the email/destination information that would id the receiving system/email. The original lists are old enough to not have been confirmed. The goal would be to send a confirmation email to everyone on the list and unsubscribe anyone who does not re-confirm within a reasonable time, say 1 week. On 5/6/2014 12:59 AM, Peter Shute wrote: Keith Bierman wrote: But since the OP said . New subscribers are asked to subscribe to a yahoo group instead. I assumed it was really Yahoo (perhaps under a mask as mail provider for some other named service, ala comcast ;) who was doing the blacklisting... who else would be recommending yahoo groups as an alternative? I took that to mean that these lists are no longer accepting new members, and that prospective members are being advised to join some particular yahoo groups instead. I.e. they're gradually migrating to yahoo groups. Peter Shute -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/guest2%40sgeinc.com -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote: No, the point is that a phishing mail with From: Chase Bank Customer Service serv...@chase.com.invalid will sail right past DMARC, as currently set up. So too will serv...@chase.com.ru without Mailman ever getting involved, and I bet that will be just as effective at phishing as .invalid. Cheers, -Barry -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] inn gateway
On 05/05/2014 11:52 PM, jdd wrote: but posts to the newsgroup do not reach the list fromusenet logs May 06 08:43:47 2014 (27035) linux-31: [1..12] May 06 08:43:47 2014 (27035) gating linux-31 articles [12..12] May 06 08:43:47 2014 (27035) posted to list linux-31: 12 May 06 08:43:47 2014 (27035) linux-31 watermark: 12 but /usr/lib/mailman/bin/withlist -l linux-31 do not fix the problem There is no problem with gate_news. gate_news says it delivered all 12 messages from the news group to the list. What's in Mailman's other logs? Were these posts to news that didn't come from the list in the first place? -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] best way to reconfirm a list
On 05/06/2014 06:06 AM, Richard Shetron wrote: The original lists are old enough to not have been confirmed. The goal would be to send a confirmation email to everyone on the list and unsubscribe anyone who does not re-confirm within a reasonable time, say 1 week. You would have to do that manually. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
Stephen J. Turnbull step...@xemacs.org wrote: No, the point is that a phishing mail with From: Chase Bank Customer Service serv...@chase.com.invalid will sail right past DMARC, as currently set up It will sail past people using modern mail clients, too, by which I include web mail and Outlook, since those people will see some variation on this-- From: Chase Bank Customer Service --so that it hardly matters what address is in the From line. This rewrite-- From: Chase Bank Customer Service serv...@chase.com serv...@chase.com.invalid --would produce a more informative result, and just about honor RFC 5322 where it says the mailbox of the author of the message should be in the From: field. But this is the Mailman discussion list. Joseph Brennan Columbia University Information Technology -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Mailman 2.1.18 final release
A critical incompatibility between the Mailman 2.1.18 final release and Python versions older than 2.6.5 or thereabouts affecting the DMARC Wrap Message action was discovered and fixed. This incompatibility also existed in the 2.1.16 and 2.1.17 releases. Thus, I have released Mailman 2.1.18-1 with a fix for this incompatibility. Please use 2.1.18-1 and not 2.1.18. These releases have new features to help with mitigation of the impacts of DMARC on mailing lists as well as fixing several bugs. Python 2.4 is the minimum supported, but Python 2.7 is recommended. There are significant new i18n strings associated with the DMARC mitigation features. If you are interested in helping with the translations of these strings, see http://wiki.list.org/x/MQ. There is also a new dependency associated with these features. Namely, the new Privacy options - Sender filters - dmarc_moderation_action feature requires that the dnspython http://www.dnspython.org/ package be available in Python. See the attached README for more details. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, please see: http://www.list.org http://www.gnu.org/software/mailman http://mailman.sourceforge.net/ Mailman 2.1.18-1 can be downloaded from https://launchpad.net/mailman/2.1/ http://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/ -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan 2.1.18-1 (06-May-2014) Bug fixes and other patches - A critical incompatibility between the DMARC Wrap Message action and Python versions older than 2.6.x for some x = 5 existed and caused Wrapped message to be shunted. This is fixed. (LP: #1316682) - Sender: headers are no longer removed in from_is_list Munge From actions. (LP: #1315970) 2.1.18 (03-May-2014) Acknowledgements - Thanks to Jim Popovitch and Phil Pennock for the branch that formed the basis of the dmarc_moderation_action feature. - Thanks to Franck Martin et al for the branch that formed the basis of the from_is_list feature. Dependencies - There is a new dependency associated with the new Privacy options - Sender filters - dmarc_moderation_action feature discussed below. This requires that the dnspython http://www.dnspython.org/ package be available in Python. This package can be downloaded from the above site or from the CheeseShop https://pypi.python.org/pypi/dnspython/ or installed with pip. New Features - The from_is_list feature introduced in 2.1.16 is now unconditionally available to list owners. There is also, a new Privacy options - Sender filters - dmarc_moderation_action feature which applies to list messages where the From: address is in a domain which publishes a DMARC policy of reject or possibly quarantine. This is a list setting with values of Accept, Wrap Message, Munge From, Reject or Discard. There is a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the default for this, and the list admin UI is not able to set an action which is 'less' than the default. The prior ALLOW_FROM_IS_LIST setting has been removed and is effectively always Yes. There is a new dmarc_quarantine_moderation_action list setting with default set by a new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting which in turn defaults to Yes. The list setting can be set to No to exclude domains with DMARC policy of quarantine from dmarc_moderation_action. dmarc_moderation_action and from_is_list interact in the following way. If the message is From: a domain to which dmarc_moderation_action applies and if dmarc_moderation_action is other than Accept, dmarc_moderation_action applies to that message. Otherwise the from_is_list action applies. Also associated with dmarc_moderation_action are configuration settings DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described in more detail in Defaults.py. There are also new vette log entries written when dmarc_moderation_action is found to apply to a post. i18n - Added missing mm-digest-question-start tag to French listinfo template. (LP: #1275964) Bug Fixes and other patches - Removed HTML tags from the title of a couple of rmlist.py pages because browsers don't render tags in the title. (LP: #265848) - Most Mailman generated notices to list owners and moderators are now sent as Precedence: list instead of bulk. (LP: #1313146) - The Reply-To: munging options weren't honored if there was no from_is_list action. (LP: #1313010) - Changed from_is_list actions
Re: [Mailman-Users] inn gateway
Le 06/05/2014 17:10, Mark Sapiro a écrit : There is no problem with gate_news. gate_news says it delivered all 12 messages from the news group to the list. well... where are them? What's in Mailman's other logs? Were these posts to news that didn't come from the list in the first place? I post on news group and expect posts to show on list. works for test, not for linux-31 jdd -- http://www.dodin.org -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Changes to archive templates have no effect
On 05/06/2014 02:04 AM, Henrik Rasmussen wrote: When I change my templates in /usr/lib/mailman/templates/site/da/ (like admlogin.html) I see the changes taking effect (immediately, even though I didn't restart Mailman), but any changes I make to the Archive templates located in the same directory doesn't seem to have any effect. The archives are static HTML pages built using the templates that were in effect when they were built. The table of contents and the current index pages will be rebuilt when a new message is archived, but the older index pages and the archived message pages will never be rebuilt. If you want to update the entire archive to use your new templates, you have to rebuild it with bin/arch --wipe for each list. You may also be interested in the script at http://www.msapiro.net/scripts/update_archive_mtime -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] inn gateway
On 05/06/2014 10:58 AM, jdd wrote: Le 06/05/2014 17:10, Mark Sapiro a écrit : There is no problem with gate_news. gate_news says it delivered all 12 messages from the news group to the list. well... where are them? Actually, I was mistaken. The log messages you posted say only that it delivered message #12. Have you looked at Mailman's vette, error and qrunner logs for clues as to what may have happened to it? Note that the log message May 06 08:43:47 2014 (27035) posted to list linux-31: 12 was written immediately after that message was queued by gate_news in Mailman's incoming queue, so it was delivered to the list. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] [Mailman-Developers] Mailman 2.1.18 final release
On Tue, May 6, 2014 at 1:37 PM, Mark Sapiro m...@msapiro.net wrote: A critical incompatibility between the Mailman 2.1.18 final release and Python versions older than 2.6.5 or thereabouts affecting the DMARC Wrap Message action was discovered and fixed. This incompatibility also existed in the 2.1.16 and 2.1.17 releases. Thus, I have released Mailman 2.1.18-1 with a fix for this incompatibility. Please use 2.1.18-1 and not 2.1.18. Thank you Mark, and thank you for the huge effort in getting the Mailman 2.18.x release out the door. I know everyone thinks this, I just felt it needed to be stated. -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
Greetings... So I run a bunch of mailing lists, with a bunch of people who are not technically adept whatsoever. (I am not getting list posts! That's because you set yourself to no mail What's no mail? It means you set yourself to be a member of the list, but not to get any email from it. Oh that's good. So we're good then? But why am I not getting any emails from the list? *headdesk*--yes this was an actual conversation with a user.) People are, of course, bitching about the from_is_list setting removing the email addresses of people who are sending email to the lists. (And people aren't quite understanding that it's helpful to sign one's emails, etc. So I updated to 2.1.18-1 today. Now we have a Reply-To that has the poster's email and the list's email address. A few of the lists I run block emails with more than one recipient, so now this is going to be an adventure. (Ok, more like a nightmare, as right now it appears my choices are make reply-to only the list (anonymous_list) or make reply-to the poster and the list.) I wonder if this solution might be more helpful here--something like what Google Groups is doing. Changing the From line to this: 'First Last firstl...@domain.com' via List Title list-addr...@googlegroups.com This still shows the poster's email address (as the Real Name), which makes it easier for people to reply privately if they choose, and still addresses the DMARC issue. Thoughts? Ideas? Best, --Glenn -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On 05/06/2014 12:47 PM, Glenn Sieb wrote: So I updated to 2.1.18-1 today. Now we have a Reply-To that has the poster's email and the list's email address. A few of the lists I run block emails with more than one recipient, Do you mean Privacy options... - Recipient filters - max_num_recipients = 2 If so, ouch, but what do you do now when people reply-all to posts. Don't those replies get held? I wonder if this solution might be more helpful here--something like what Google Groups is doing. Changing the From line to this: 'First Last firstl...@domain.com' via List Title list-addr...@googlegroups.com This is specifically advised against by the DMARC community. See the NOTE: in the Requirements: section at http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On 5/6/14, 4:29 PM, Mark Sapiro wrote: Do you mean Privacy options... - Recipient filters - max_num_recipients = 2 If so, ouch, but what do you do now when people reply-all to posts. Don't those replies get held? Indeed. They get rejected. Policy on a couple particular lists. No cc's, no using the address on web-forms (i.e. greeting card sites) etc. This is specifically advised against by the DMARC community. See the NOTE: in the Requirements: section at http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html. Fair enough. So, basically I'm fsck'd. Set the lists to be anonymous_list or set an explicit reply-to to be the lists and hope that strips out the extraneous reply-to entry. Or, as you said above, ouch and having to deal with a metric crapton of ID-10t users not cleaning up the To: line when they reply and dealing with clearing the moderation queue since we can't edit posts held for moderation easily. Best, --G. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On 05/06/2014 02:17 PM, Glenn Sieb wrote: Fair enough. So, basically I'm fsck'd. Set the lists to be anonymous_list or set an explicit reply-to to be the lists and hope that strips out the extraneous reply-to entry. I went back and forth with this. Initially, if first_strip_reply_to was Yes and reply_goes_to_list was This list or Explicit address, I didn't put the poster's address in Reply-To: I finally decided it was of overriding importance to expose the posters address to enable off list (or non-list member) replies, and this warranted breaking the previous Reply-To: header munging options semantics. I am willing to consider changing this, either to treat Reply-To: differently for Wrap Message since the original headers are in the wrapped message in that case, or to just go back to not adding the poster's address to Reply-To: as in my initial paragraph above. However, I need more feedback from the community before making changes. I could always add yet another setting, but I hate that idea for multiple reasons. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On 5/6/14, 5:31 PM, Mark Sapiro wrote: I went back and forth with this. Initially, if first_strip_reply_to was Yes and reply_goes_to_list was This list or Explicit address, I didn't put the poster's address in Reply-To: I finally decided it was of overriding importance to expose the posters address to enable off list (or non-list member) replies, and this warranted breaking the previous Reply-To: header munging options semantics. I am willing to consider changing this, either to treat Reply-To: differently for Wrap Message since the original headers are in the wrapped message in that case, or to just go back to not adding the poster's address to Reply-To: as in my initial paragraph above. However, I need more feedback from the community before making changes. I could always add yet another setting, but I hate that idea for multiple reasons. Can there be an option somewhere in between anonymous_list and reply_goes_to_list? One where it can strip the poster's email from the reply-to, but leave the other headers alone? Best, --Glenn -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On Tue, 2014-05-06 at 14:31 -0700, Mark Sapiro wrote: I am willing to consider changing this, either to treat Reply-To: differently for Wrap Message since the original headers are in the wrapped message in that case, or to just go back to not adding the poster's address to Reply-To: as in my initial paragraph above. However, I need more feedback from the community before making changes. I could always add yet another setting, but I hate that idea for multiple reasons. It's ugly, but having yet another switch seems to me to be the only way to handle this. Having the poster's address in Reply-To: is the only way to address the information loss implied by the necessary change to the From: header, especially for MUAs that expose only the address comment and not the actual address, and especially for subscribers who are not technically inclined and wish to simply hit reply and get a reply to the original author. This _should_ be a matter of choice for list admins, even if it seems that they're already overloaded with choices pursuant to addressing the DMARC issue. Until something better comes along, we're just going to have to deal with it. -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On 05/06/2014 02:36 PM, Glenn Sieb wrote: On 5/6/14, 5:31 PM, Mark Sapiro wrote: I could always add yet another setting, but I hate that idea for multiple reasons. Can there be an option somewhere in between anonymous_list and reply_goes_to_list? One where it can strip the poster's email from the reply-to, but leave the other headers alone? That's covered in my sentence above. Anyway, that's a decision for the next release, which hopefully isn't 'imminent'. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
Is the existing change (making sure the poster's address is in the reply-to) available in a patch? I checked launchpad but if it's there I couldn't find it. I'd like to see if I can apply it to 2.1.17 while waiting for cPanel to upgrade to 2.1.18. FWIW, I'd vote against a rollback to the earlier behavior. I got several complaints about the poster's email address going missing. So I ended up setting first_strip_reply_to to No, which of course is also a problem because I have max_num_recipients set pretty low (4). rac On Tue, May 6, 2014 at 2:48 PM, Mark Sapiro m...@msapiro.net wrote: On 05/06/2014 02:36 PM, Glenn Sieb wrote: On 5/6/14, 5:31 PM, Mark Sapiro wrote: I could always add yet another setting, but I hate that idea for multiple reasons. Can there be an option somewhere in between anonymous_list and reply_goes_to_list? One where it can strip the poster's email from the reply-to, but leave the other headers alone? That's covered in my sentence above. Anyway, that's a decision for the next release, which hopefully isn't 'imminent'. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/rclemings%40gmail.com -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On 05/06/2014 02:52 PM, Russell Clemings wrote: Is the existing change (making sure the poster's address is in the reply-to) available in a patch? I checked launchpad but if it's there I couldn't find it. I'd like to see if I can apply it to 2.1.17 while waiting for cPanel to upgrade to 2.1.18. The actual change is the CookHeaders.py diff at http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1476, but there are other changes in CookHeaders.py and other modules since 2.1.17 that impact this as well so you can't just apply that patch. In fact, the stuff that's being changed isn't even there in 2.1.17. It's very convoluted and fragile and touches things like new list settings as well, and I don't know how it plays with cPanel's mods. It would almost turn into a full upgrade to 2.1.18. I'm advising you to not try it. FWIW, I'd vote against a rollback to the earlier behavior. I got several complaints about the poster's email address going missing. So I ended up setting first_strip_reply_to to No, which of course is also a problem because I have max_num_recipients set pretty low (4). Thanks for voting. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
On May 06, 2014, at 05:17 PM, Glenn Sieb wrote: Fair enough. So, basically I'm fsck'd. Set the lists to be anonymous_list or set an explicit reply-to to be the lists and hope that strips out the extraneous reply-to entry. Yes, and sadly it's forced on us by external policies. I must admit that I'm sympathetic to John Levine's solution over in mailman-developers. His implementation adds `.invalid` to the domain in the From header. Yes it breaks the standards and you'd still have to explicitly modify the headers in the reply (the ease of which depends on your MUA), but it avoids tricky interactions with the already fragile and overloaded Reply-To header munging, and points the finger in the direction of the original problem. I need to read that whole thread and think about it some more. It's painfully clear that DMARC as defined and implemented today is poison to mailing lists, and it's a shame that you, our dear users, are the canaries. I hope we can have some constructive discussions with the DMARC advocates about how to restore usability to mailing lists in a DMARC pervasive world. Cheers, -Barry signature.asc Description: PGP signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
Barry Warsaw writes: On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote: No, the point is that a phishing mail with From: Chase Bank Customer Service serv...@chase.com.invalid will sail right past DMARC, as currently set up. So too will serv...@chase.com.ru without Mailman ever getting involved, and I bet that will be just as effective at phishing as .invalid. Et tu, FLUFL? The point is that if Mailman provides this, it becomes a standard way to get a DMARC p=reject address past DMARC p=reject, and people *may* develop an it may say .INVALID, but it's OK reflex. As I wrote to John Levine on mailman-developers, if operators want to experiment with it, that's one thing. But does *Mailman* want to take part in encouraging that it's OK *because* it's .INVALID meme? Do we want to encourage phishers to use something that looks like a Mailman feature, and have the DMARC WG come back with something that involves anything that looks like my domain? The DMARC WG advocates putting list-post in From in place of a DMARC p=reject address. I advocate accepting their advice for stock Mailman, and avoiding other non-conforming workarounds until the market demands them. If it gets noisy, feel free to cave in faster than you did on Reply-To munging.wink / Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
Glenn Sieb writes: So I updated to 2.1.18-1 today. Now we have a Reply-To that has the poster's email and the list's email address. A few of the lists I run block emails with more than one recipient, so now this is going to be an adventure. (Ok, more like a nightmare, as right now it appears my choices are make reply-to only the list (anonymous_list) or make reply-to the poster and the list.) What is the intent of the restriction? Are you trying to get the users to use reply to author by punishing them with a black hole if they don't, and then set Reply-To to list-post so that nobody ever gets a personal reply? Or is this intended to prevent people from including 3rd parties in the OP (of course, you can't -- they can always BCC and you'll never know)? I suppose your users would get upset if you used dmarc_moderation_action = 'Wrap Message' instead of whichever_option = 'Mung From'? Given Mark's reply, probably you'll need use a custom Handler, whatever the requirements. Is that acceptable (ie, you have the necessary accesses)? N.B. It's possible to restrict use of Handlers to particular lists by giving them list-specific pipelines. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
Stephen J. Turnbull wrote: The DMARC WG advocates putting list-post in From in place of a DMARC p=reject address. I advocate accepting their advice for stock Mailman, and avoiding other non-conforming workarounds until the market demands them. If it gets noisy, feel free to cave in faster than you did on Reply-To munging.wink / Can you explain that for the uneducated, please? What do you mean by list-post? Is that the list address? Peter Shute -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org