Re: [Mailman-Users] DMARC and Bellsouth, etc.
Lindsay Haisley writes: On Wed, 2014-04-16 at 15:34 -0500, Mike Starr wrote: I know there aren't any teeth behind RFCs but it might at least get their attention. The real problem is that RFCs are based on working practice, preferably acknowledged best practice. DMARC is an experiment which is seriously flawed on the policy side, but has the potential to provide a lot of useful information for spam-fighting (I mean real spam-fighting, not the posturing that Yahoo! is involved in at the moment), not to mention lightening the burden on ISPs and list operators who implement DKIM and SPF. Until Yahoo!'s experiment has played out (which will take months), an anti-DMARC RFC is moot. After that, it will take years to get it through the IETF. Note that DMARC itself is an Internet-Draft (ie, proto-RFC). If you want to fight this, the related mailing list is the right place. However, looking at some of the threads there are rather high-powered folks already on the list (eg, the guy who edited most of the SMTP RFCs, and the guy who edited most of the RFC 822 series). You had better go in having booked up, or you will get ignored to death at best. Put it this way: *I* may go look over their archives, but it will be quite a while before I'm willing to speak to anything except technical details of how it affects mailing lists. Doubtful, but the sentiment is noble. My guess is that the people at Yahoo who implemented this, and possibly also the designers of DMARC, don't fully understand the RFC process and have a limited attention span and very narrow focus of attention as far as such things are concerned. Nope. If E. Zwicky (DMARC editor) is who I think she is, I owe her a kitten. No dummy. Murray Kucherawy doesn't seem to have two heads or a half-brain, either. Their understanding (and knowledge) of accepted best practices regarding email and mailing lists is woefully limited. I rather doubt that. The DMARC I-D has gone through several editions (I-Ds have a life-span limited to 6 months, the current renewal happened just about the time of Yahoo!'s policy change), suggesting that the NetGods and the commercial providers have been thinking pretty carefully all along. I think that where understanding and knowledge is lacking is on *this side* of the fence. Few, if any, of us have to make decisions about how to spend many millions of dollars on additional bandwidth, 90% of which (according to some accounts) is spam. That's a pile of money on the line for these guys. My guess also is that as a result, all of this kerfuffle has probably caught a number of these people by surprise. Indeed. I suspect that they didn't do their homework and simply count how many subscribers receive mail with List-* headers in them. I think they probably also were surprised by how fast Yahoo is hemmorhaging email users. Steve-rushes-not-where-angels-fear-to-tread-ly y'rs, -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Seeking suggestion for better services for mailing list
We are using the services from ultrahost.us There is no response from Ultrahost team in spite of our several tickets loged. Is anyone confronting the similar issue with them? I think now we may again have to change the service provider where we can get unlimited traffic with mailman as per the requirement. Do we have any hosting provider in India or Asia region? IN US we do face gap in communication when it comes to get the solution. Thanks, Amit Bhatt These days our list is out of function due to their server updation and all. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC
That sounds a bit like what yahoo and google groups do. If there's a web forum associated with the list then there'd be the option to simply not deliver to yahoo members, and they can just use the web interface. Peter Shute Sent from my iPhone On 17 Apr 2014, at 1:39 pm, Stephen J. Turnbull step...@xemacs.org wrote: jason fb writes: Isn't this DMARC issue a bellwether for the end of email lists as we know them? Yes and no. Those who like mailing lists as we know them will continue to use them that way, assuming that there's no active interference from the infrastructure itself. (This is supported by a mathematical theorem that I know to be true :-) but haven't actually succeeded in doing more than provide some persuasive examples yet.) It seems likely to me that Mailman itself will evolve in the direction of a multi-protocol distribution facility. What I mean by that is that at some point in the history of Mailman 3 you will be able to install a suite of applications that allow users to communicate with a mailing list via SMTP, NNTP, or HTTP. I don't know whether you consider that an email list as we know them or not. It's good enough for me, though. DMARC will still mean that you can't use your Yahoo! email as an author ID in such a system, though. It seems to me that the means of production (the internet backbone, the mail servers, etc) are now owned by Big Media (Comcast, Walt Disney, CBS, Viacom, Time Warner) and it is in their interest to make sure they can sell as much advertising as possible to the cattle. True. However, the backbone is constrained by U.S. law about common carriers. They *want* that protection, because otherwise they'd be liable for damages and criminal charges for pornography and terrorist communications. This doesn't prevent other countries or international gateways from operating by different rules, but as Larry Lessig pointed out, Code Is Law. Somebody has to write that software that operates by different rules, and it *will* be buggy at gateways. That doesn't appeal to Big Media, because working around would require that the sheep look up, and I doubt they want that. The free email service providers also have to worry about that because of the hysteria about spam and phishing. They could easily find themselves in a position where either they have to authenticate potential users the way banks do credit card applicants, or try to hide behind common carrier because anybody with an Internet connection can get a mailbox there. People who operate Mailman servers (you guys) are just the little guys who are helping people facilitate non-advertisable communication between the masses. There's nothing non-advertisable about it (if you're serious about the potential semantics of -able). Putting an advertisement into list footers or headers is trivial, and doing Web-2.0-style dynamic ads is a SMOP. We just choose not to do so, but I would imagine there exist lists that do accept advertising revenue for use of their footers. This seems like a poignant example of the fiction of the distributed network. The last 15 years of the internet history (indeed, the first 15 years of internet history) has been the story of the consolidation of control into the hands of the few, not the open and egalitarian peer-to-peer network utopia that the internet was touted to be in populist culture. So much the worse for popular culture. Some form of consolidation of responsibility was inevitable due to economies of scale in provision of the backbone. Since things don't work very well if authority (control) isn't commensurate with responsibility, consolidation of control is very hard to avoid. TANSTAAFL, you know. The Internet was never egalitarian. It always required enough expertise to make you a stranger in a strange land (damn, the science fiction ObRefs just don't stop coming!) Anybody who thought otherwise can hardly be accused of actually thinking about the issue. And egalitarian peer-to-peer is almost an oxymoron. People aren't peer-to-peer in any egalitarian sense: their social networks are hardly uniform. Phenomena like Facebook (social netword aggregators) were inevitable, and they have strong economies of scale too. So the bottom line is that this doesn't really bother me, I don't think that (at this point) the potential abuse by the powerful has really achieved 1984 or Brave New World levels, due to internal checks and balances of the system as it exists. And Mailman still has a lifespan more limited by our ability to adapt to new technology than by the society around us IMO. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives:
Re: [Mailman-Users] DMARC and Bellsouth, etc.
Larry Kuenning writes: Query: On a very low-traffic mailing list (i.e. one where the list admin doesn't think it too much trouble), would it be a reasonable workaround for the list admin to paste the content of a message-to-be-moderated (i.e. one From: a yahoo address) into a new message _of his/her own_ and send _that_ to the list? Yes, although given the available alternatives in the web admin pages I don't think this is worth the trouble for almost anybody (I understand that you have a very special situation with a relatively old Mailman that's working just fine, thank you, for you, but that's pretty unusual nowadays). This message could include the original From: address _in its body text_ (not its headers) along with a brief reference to the yahoo problem to explain the unusual format. 1. Other subscribers replying to the message will get MUA-generated text saying Larry List-Admin wrote instead of Sonia Subscriber wrote. Those who pay attention and take a little trouble can change that before clicking Send, but many won't. Change the display name to Sonia Subscriber/lla (the usual convention for letters written by a secretary but signed by the boss). 2. Similarly, other subscribers wanting to reply privately will send their replies to Larry List-Admin instead of Sonia Subscriber if they aren't careful (and some of them won't be). Add a Reply-To: so...@her-place.net header field. The recommendations above violate the letter but conform to the spirit of RFC 822 and successor standards. The list admin can forward these replies, but in a few cases they may contain confidential material that the admin shouldn't have seen. The above practices should mitigate this issue. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Trying to understand charset encoding in mailman
I am trying to understand how charset encoding works, and I get the distinct idea that I must be missing one small, vital piece of information. Background: The problem arose as follows: Somebody changed the footer of the EuroPython Mailing list which is hosted at python.org to be: EuroPython 2014 \x96 Berlin, 21th\x9627th July Note the two \x96 s. The intent was almost certainly to have this string interpreted by the windows-1252 charset, where \x96 means a en dash. But the Europython mailing list is configured so that its messages come out Content-Type: text/plain; charset=us-ascii Since \x96 is an unrecognised character in us-ascii, my mailer complained bitterly every time I read an EP message. Being a list admin, this bothered me, and I thought it would be my job to fix things. I thought I would change the charset to utf-8. After all, most European languages do not fit into us-ascii in any event. What if the conference had been held in my home town of Göteborg, for instance? But unless I have overlooked something, there is no way to make a charset change on a per-list basis through the mailman administrative interface. Instead you have to edit mm_cfg.py Even if I had root access on python.org, I wouldn't really want to inflict utf-8 on everybody else just because it makes things more convenient for the EuroPython mailing list. But needing to edit mm_cfg.py strikes me as a very odd design choice, odd enough that I figure either a) this isn't so and I have overlooked something, or b) it absolutely must be done this way for a reason I do not understand. Can somebody please explain this? Thank you very much, Laura Creighton -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Trying to understand charset encoding in mailman
Hi, Laura! Laura Creighton writes: But the Europython mailing list is configured so that its messages come out Content-Type: text/plain; charset=us-ascii This isn't from the list or site configuration, this is from the poster's mail user agent (MUA). The mailing list does not choose the charset for the message; the MUA does. For example, grepping my archive of python-dev messages I see 3 different variants of UTF-8 (capitalization and quoting), us-ascii, iso-8859-1, and window-1252 (each in several variants). Mailman already has about 200 lines of logic to handle cases where the footer charset is incompatible with the message's charset. Have you tried simply changing the Python escape to a literal EN DASH in the web interface? I hope Mailman is smart enough to convert that to Unicode internally, and all should Just Work[tm]. If that doesn't work, change the EN DASH to --, and report it as a bug. We'll see what we can do in 2.1.19, before EuroPython is held in Göteborg or Łódź. :-/ Since \x96 is an unrecognised character in us-ascii, It's not even a character here, it's a raw byte, which may or may not get recognized correctly by Mailman depending on the list's preferred charset. Somebody was way too tricky for their own good. But unless I have overlooked something, there is no way to make a charset change on a per-list basis through the mailman administrative interface. There's no way to make a charset change in posts at all; it's not Mailman's job to do that, really. I suppose we could convert all posts to UTF-8, which would make the logic mentioned above a lot simpler, but that would probably annoy a few people and might not work for some variant charsets. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
On 04/17/2014 04:19 AM, Laura Creighton wrote: But unless I have overlooked something, there is no way to make a charset change on a per-list basis through the mailman administrative interface. Instead you have to edit mm_cfg.py Correct. Even if I had root access on python.org, I wouldn't really want to inflict utf-8 on everybody else just because it makes things more convenient for the EuroPython mailing list. But needing to edit mm_cfg.py strikes me as a very odd design choice, odd enough that I figure either a) this isn't so and I have overlooked something, or b) it absolutely must be done this way for a reason I do not understand. There are a couple of issues. Mailman was designed a long time ago in a galaxy far, far away (SciFi ObRef). There was no Unicode or MIME in common use and email was ASCII text. Everything was English and us-ascii. When Mailman was internationalized, other languages required different character sets so a scheme was developed where each translation had it's own character set, but that for English was retained as us-ascii. We can't give a list owner the ability to change the character set for a list independent of the list language, because the templates and message catalog for that language are encoded with a particular encoding, and changing the character set without recoding the message catalog and templates in the new character set would break everything. The one exception to this is English. Because utf-8 is a strict superset of us-ascii, one can change the charset for English to utf-8 and things will continue to work. We haven't done that for reasons of superstition, and because we use the Python email library which base64 encodes utf-8 text in message bodies rendering it unreadable by someone with a non-MIME MUA. Thus, a site can change the encoding for English to utf-8 if it chooses, but there is no mechanism to do this per-list. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
On 04/17/2014 05:28 AM, Stephen J. Turnbull wrote: Mailman already has about 200 lines of logic to handle cases where the footer charset is incompatible with the message's charset. Have you tried simply changing the Python escape to a literal EN DASH in the web interface? I hope Mailman is smart enough to convert that to Unicode internally, and all should Just Work[tm]. I see Stephen and I are talking over each other again. The issue is msg_footer is assumed to be in the character set of the list's language, us-ascii by default for English. I don't think Mailman does the right thing in this case. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Upgrade 2.1.14 to 2.1.17 on Ubuntu Question
I've searched the list and found enough related posts that this looks like it should be simple just reinstall, hopefully with the original PREFIX settings and probably diff the old and new mm_cfg.py files just to catch all the changes/new features/etc. I have visual problems so my eyes often go fuzzy if I do too much computer work at one time. However I find there may be a complication from a problem made from the initial install of 2.1.14. The initial install was done as user mailman, group mailman. When I reboot the server it seems to set mailman to user list, group list and I have to go an fix permissions and ownership back to mailman:mailman. If I install 2.1.17 over 2.1.14 and use list:list for user:group will this fix the 'problem'? Are there any gotchas I should be aware of? I've found that at least with the current install (not done by me) that fixing all the bin/checkperm problems will actually break mailman on the server ;) If relevant we are using postfix. I was thinking of upgrading to MM3, but I don't see any final release version and no software to upgrade from 2.1.x to 3.x. Thanks in advance. Rick Shetron -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
In a message of Thu, 17 Apr 2014 05:41:15 -0700, Mark Sapiro writes: The issue is msg_footer is assumed to be in the character set of the list's language, us-ascii by default for English. I don't think Mailman does the right thing in this case. From my perspective, the problem is that by having these things defined in mm_cfg.py, all mailman administrators are stuck with whatever decisions their mailman host made for whatever language they chose as the default language for their list. But you and I could quite easily both want English(USA) as the default language for our lists, but you also want us-ascii while I want utf-8. The way things stand now, we cannot both use the same mailman host, and both get what we want, correct? Now that my problem has gone from 'getting the EP footers to work' to 'understanding what exactly is going on here'. And right now I do not see why the charset for the lists' language has to be hard coded in mm_cfg.py, nor why there has to be exactly one value for any given language which mailman supports. Thank you for your patience, Still trying to understand here, Laura -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
On Apr 17, 2014, at 03:54 PM, Laura Creighton wrote: Now that my problem has gone from 'getting the EP footers to work' to 'understanding what exactly is going on here'. And right now I do not see why the charset for the lists' language has to be hard coded in mm_cfg.py, nor why there has to be exactly one value for any given language which mailman supports. The big problem is that you can't have multilingual footers. I'm hoping to fix this in MM3 by supporting a lookup scheme that would allow different footers (and other decorations, templates, and messages) per language. -Barry -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Upgrade 2.1.14 to 2.1.17 on Ubuntu Question
On 04/17/2014 06:23 AM, Richard Shetron wrote: I've searched the list and found enough related posts that this looks like it should be simple just reinstall, hopefully with the original PREFIX settings and probably diff the old and new mm_cfg.py files just to catch all the changes/new features/etc. An upgrade never changes an existing mm_cfg.py. To see changes, diff the old and new Defaults.py files and/or read the NEWS file. I have visual problems so my eyes often go fuzzy if I do too much computer work at one time. I feel your pain. However I find there may be a complication from a problem made from the initial install of 2.1.14. The initial install was done as user mailman, group mailman. When I reboot the server it seems to set mailman to user list, group list and I have to go an fix permissions and ownership back to mailman:mailman. user:group list:list is from the Debian/Ubuntu Mailman package. There seems to be some conflict on your server between this package and your install. If I install 2.1.17 over 2.1.14 and use list:list for user:group will this fix the 'problem'? Are there any gotchas I should be aware of? If you installed 2.1.14 from source, I suggest configuring 2.1.17 with exactly the same ./configure command options as you used in 2.1.14. (Actually, if you can wait a week, I suggest 2.1.18rc1 which should be released by then.) I've found that at least with the current install (not done by me) that fixing all the bin/checkperm problems will actually break mailman on the server ;) There is a conflict between what you have installed and the Debian/Ubuntu package. I don't know what that is, but I suggest resolving that before proceeding. If necessary, you can post more details about the exact issues, and we will try to help. I was thinking of upgrading to MM3, but I don't see any final release version and no software to upgrade from 2.1.x to 3.x. We're working on it, but it will still be a while before there is a robust install and migration path. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mirror mailing list with web forum
On Apr 17, 2014, at 04:27 AM, Jon 1234 wrote: When is Mailman 3 expected to be released, very approximately? We *are* going to do a beta release of the full suite after Pycon. I expect there will be bugs and missing features, but we're hoping people will bang on it and help us get to a good, stable, final release. -Barry -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
On 04/17/2014 06:54 AM, Laura Creighton wrote: In a message of Thu, 17 Apr 2014 05:41:15 -0700, Mark Sapiro writes: Now that my problem has gone from 'getting the EP footers to work' to 'understanding what exactly is going on here'. And right now I do not see why the charset for the lists' language has to be hard coded in mm_cfg.py, nor why there has to be exactly one value for any given language which mailman supports. I tried to explain that for any given language, the message catalog and templates are encoded in some specific character set. If you simply change the character set for the list, you must change it to one which is a strict superset or everything breaks unless you also recode the message catalog and templates. This works for changing us-ascii to, e.g., iso-8859-1 or utf-8, but not in general. Things will be easier in MM 3. Most things will be unicode internally and utf-8 will be the preferred encoding. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Bellsouth, etc.
On Thu, 2014-04-17 at 15:24 +0900, Stephen J. Turnbull wrote: Their understanding (and knowledge) of accepted best practices regarding email and mailing lists is woefully limited. I rather doubt that. The DMARC I-D has gone through several editions (I-Ds have a life-span limited to 6 months, the current renewal happened just about the time of Yahoo!'s policy change), suggesting that the NetGods and the commercial providers have been thinking pretty carefully all along. I think that where understanding and knowledge is lacking is on *this side* of the fence. Few, if any, of us have to make decisions about how to spend many millions of dollars on additional bandwidth, 90% of which (according to some accounts) is spam. That's a pile of money on the line for these guys. Stephen, thanks for your generous reply, and your insights. It does seem to me, though, that when megabucks are riding on additional bandwidth, and if Yahoo is serious about controlling spam, they might start by putting some resources behind putting their own house in order. Someone, maybe it was you, posted on this forum earlier that perhaps 90% or more of spam with a yahoo.com origin (or one of their international DNs) actually _does_ come from Yahoo and that their response to abuse notifications is abysmal to nonexistent. So it looks to me as if one of two things is happening here. Either the right hand doesn't know what the left hand is doing (or not doing), or this is a blatant, cynical attack on network neutrality designed to push people toward Yahoo's own list service. Has anyone seen or heard any figures on how much this DMARC fiasco has cost Yahoo in terms of the number of email end-users who have left their service? Someone mentioned that it was substantial enough to probably get their attention. -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Bellsouth, etc.
I can't answer your specific question but a number of years ago I created a Yahoo account which required the creation of a Yahoo email address. I have never used that email address nor have I divulged it to anyone. Oddly enough, thousands of spam email addresses land in that Yahoo email account. I can only assume that Yahoo routinely sells email addresses indiscriminately... not caring if they're delivering those email addresses to spammers. The only other alternative is that somehow Yahoo's security at the time was so lax that spammers were able to hack into their servers and grab millions of Yahoo email addresses. Best Regards, Mike -- Mike Starr, Writer Technical Writer -Online Help Developer - WordPress Websites Graphic Designer - Desktop Publisher - Custom Microsoft Word templates (262) 694-1028 - m...@writestarr.com - http://www.writestarr.com President - Working Writers of Wisconsin http://www.workingwriters.org/ On 4/17/2014 11:13 AM, Lindsay Haisley wrote: Stephen, thanks for your generous reply, and your insights. It does seem to me, though, that when megabucks are riding on additional bandwidth, and if Yahoo is serious about controlling spam, they might start by putting some resources behind putting their own house in order. Someone, maybe it was you, posted on this forum earlier that perhaps 90% or more of spam with a yahoo.com origin (or one of their international DNs) actually _does_ come from Yahoo and that their response to abuse notifications is abysmal to nonexistent. So it looks to me as if one of two things is happening here. Either the right hand doesn't know what the left hand is doing (or not doing), or this is a blatant, cynical attack on network neutrality designed to push people toward Yahoo's own list service. Has anyone seen or heard any figures on how much this DMARC fiasco has cost Yahoo in terms of the number of email end-users who have left their service? Someone mentioned that it was substantial enough to probably get their attention. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
In a message of Thu, 17 Apr 2014 15:54:19 +0200, Laura Creighton writes: In a message of Thu, 17 Apr 2014 05:41:15 -0700, Mark Sapiro writes: The issue is msg_footer is assumed to be in the character set of the list's language, us-ascii by default for English. I don't think Mailman does the right thing in this case. From my perspective, the problem is that by having these things defined in mm_cfg.py, all mailman administrators are stuck with whatever decisions their mailman host made for whatever language they chose as the default language for their list. But you and I could quite easily both want English(USA) as the default language for our lists, but you also want us-ascii while I want utf-8. The way things stand now, we cannot both use the same mailman host, and both get what we want, correct? Now that my problem has gone from 'getting the EP footers to work' to 'understanding what exactly is going on here'. And right now I do not see why the charset for the lists' language has to be hard coded in mm_cfg.py, nor why there has to be exactly one value for any given language which mailman supports. Thank you for your patience, Still trying to understand here, Laura Sorry about this note -- mail is arriving in an odd order here. The mail where you explained this perfectly arrived after your other mail, so I was still confused when I wrote this note. Laura -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] DMARC and From header munging
It occurred to me that one possible variation on From: header munging which wouldn't break any applications depending on this being an actual, working address for a post's author, while still passing DMARC authentication, would be for Mailman to change the From: address to a VERP-like address with the author's address encapsulated within an address @ the list server. Any mail received by the list server for this address would have its address parsed by Mailman and be redirected to the original author's real email address. Would this pass RFC compliance? -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
I see you've already responded, but there are a few things I'd like to clarify. Laura Creighton writes: But you and I could quite easily both want English(USA) as the default language for our lists, but you also want us-ascii while I want utf-8. The way things stand now, we cannot both use the same mailman host, and both get what we want, correct? In this particular case, you can choose UTF-8, and you both get what you want. US-ASCII is a subset of UTF-8. Anybody else *may* have a problem if they have sufficiently ancient software that it can't handle UTF-8, but that's a rapidly vanishing issue. In fact *right now* you and I and Wang Han Lo can use English, Japanese, and Mandarin on the same list at the same time, each posting and setting our subscription options in our preferred language. It's only footers and headers that have this issue, and that's at least partly because even today there's no reliable way to mix charsets in a message (too many users still use MUAs-that-suck). For most purposes, Mailman is pretty well internationalized, it's just that some corner cases remain ugly. The other cause is historical accident. Email is very messy -- it's one of the oldest Internet protocols. Mailman itself goes back to a time when neither Python nor its email package had a coherent way of dealing with multilingual applications. So we've been overhauling various parts of Mailman 2 as necessary. And users -- well, many Mailman list admins think that they type Japanese or German rather than EUC-JP or ISO-8859-15, and undoubtedly the charset-per-language architecture was intended to make life easy for them. Why nobody ever got around to properly internationalizing the headers and footers (ie, allowing charsets defined per list) I'm not sure. I suspect it's because few users ever tried on international lists: they just use English in the footers as lingua franca. This is the first time I've seen somebody reporting issues with the internationalization of the footer, and I've been following Mailman since 1999 or so. Getting it right by design ... well, that's why we need Mailman 3. We know a lot more about lots of things than we did when Mailman 2 was designed. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and From header munging
Lindsey, I have been following this thread with interest, and relieved that for our list, all posts are moderated. We have determined to repost all messages coming from Yahoo with our moderator's account. To your question if VERP might be a partial answer, we are using VERP and Full personalization so the posters email address is passed through. we are still getting the DMARC error. Here is what came back to my gmail address as a result of a Yahoo post (which I did not receive): Diagnostic-Code: smtp; 550-5.7.1 Unauthenticated email from yahoo.com is not accepted due to domain's 550-5.7.1 DMARC policy. Please contact administrator of yahoo.com domain if 550-5.7.1 this was a legitimate mail. Please visit 550-5.7.1 http://support.google.com/mail/answer/2451690to learn about DMARC 550 5.7.1 initiative. x7si9647998qaj.232 - gsmtp Terry Earley 801 810-4175 Donate to FitEyes http://www.fiteyes.com/community/donate-to-fiteyes On Thu, Apr 17, 2014 at 12:01 PM, Lindsay Haisley fmo...@fmp.com wrote: It occurred to me that one possible variation on From: header munging which wouldn't break any applications depending on this being an actual, working address for a post's author, while still passing DMARC authentication, would be for Mailman to change the From: address to a VERP-like address with the author's address encapsulated within an address @ the list server. Any mail received by the list server for this address would have its address parsed by Mailman and be redirected to the original author's real email address. Would this pass RFC compliance? -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/terry%40fiteyes.com -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and From header munging
On 04/17/2014 11:01 AM, Lindsay Haisley wrote: It occurred to me that one possible variation on From: header munging which wouldn't break any applications depending on this being an actual, working address for a post's author, while still passing DMARC authentication, would be for Mailman to change the From: address to a VERP-like address with the author's address encapsulated within an address @ the list server. Any mail received by the list server for this address would have its address parsed by Mailman and be redirected to the original author's real email address. Would this pass RFC compliance? It would probably be RFC compliant as long as the from address reliably worked to send to the author, but there are other problems. The first that comes to mind is suppose a yahoo.com user replies to a post originally From: another yahoo.com user. There may be DMARC issues with the delivery of this reply from the Mailman server to the original poster. Maybe not because the forwarding of the reply is a pass-through that *probably* won't break a DKIM signature. But then what if the original poster had included a Reply-To: to an alternate address. This might result in a reply goint to the original From: instead of the original Reply-To:. Finally, there is this note from a draft document from the DMARC community: NOTE: The inclusion of more than one domain in the RFC5322.From field is dangerous. Recent studies by two major senders show that ~95% of all cases in which there is one domain in the RFC5322.From “display name” and different domain in the RFC5322.From “address-spec” are fraudulent. This practice should be discouraged as there are efforts underway to increase “spam scores” within inbound filtering when this is detected. This implies that the verp like encoding should mangle things like example.com so they don't look like domain names which could make them difficult to parse. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and From header munging
On Thu, 2014-04-17 at 12:26 -0600, Terry Earley wrote: I have been following this thread with interest, and relieved that for our list, all posts are moderated. We have determined to repost all messages coming from Yahoo with our moderator's account. To your question if VERP might be a partial answer, we are using VERP and Full personalization so the posters email address is passed through. we are still getting the DMARC error. Here is what came back to my gmail address as a result of a Yahoo post (which I did not receive): What I'm suggesting here isn't VERP, as it's optionally implemented in the envelope sender address, but a VERP-like encapsulation of the _author's_ email address into a munged From: address. This is something completely different, but uses the same paradigm for address encapsulation as does the current envelope sender VERP. -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Bellsouth, etc.
Lindsay Haisley writes: Stephen, thanks for your generous reply, and your insights. It does seem to me, though, that when megabucks are riding on additional bandwidth, and if Yahoo is serious about controlling spam, they might start by putting some resources behind putting their own house in order. Nobody can control spam in the current architecture of Internet mail. What needs to be done is author identification, that is, digital signatures. But that requires cooperation from users, which is anathema to the freemail providers. So p=reject, and to a lesser extent DMARC itself, are basically PR stunts IMO, see below. Someone, maybe it was you, posted on this forum earlier that perhaps 90% or more of spam with a yahoo.com origin (or one of their international DNs) actually _does_ come from Yahoo Wasn't me. I don't have that data, and don't know where to get it offhand. So maybe it does, but in my spamtrap I have only 67/4359 (1.5%) messages from Yahoo (based on grepping for ^From:.*yahoo and ^From: respectively), vs. 658/38748 (1.7%) in my saved mail folders. It seems to me that spam using Yahoo addresses is hardly a big problem, whether it's spoofed or using throwaway addresses. and that their response to abuse notifications is abysmal to nonexistent. So it looks to me as if one of two things is happening here. Either the right hand doesn't know what the left hand is doing (or not doing), or this is a blatant, cynical attack on network neutrality designed to push people toward Yahoo's own list service. I think the main thing is that the decision-makers (who are basically business people) see this as a marketing/PR problem. I don't think it's an attack on network neutrality per se so much as a PR stunt to be perceived as doing something about spam and phishing. I wonder if they're not positioning themselves to do something big in finance or expand in handling payments to vendors who use their e-business platforms -- which would make a tough on phishing stance very important to them, as it is for banks. Has anyone seen or heard any figures on how much this DMARC fiasco has cost Yahoo in terms of the number of email end-users who have left their service? Someone mentioned that it was substantial enough to probably get their attention. I did but that was based on my personal experience, with (as I wrote elsewhere) users who are not very attached to any particular email address yet. I don't see how anybody could get reliable figures, though, except Yahoo! themselves based on statistical analysis of outbound traffic and maybe an increase in the number of accounts that .forward to other accounts. Steve -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Mailman 2.1.18 release
I am pleased to announce the first release candidate for Mailman 2.1.18. Python 2.4 is the minimum supported, but Python 2.7 is recommended. This release has new features to help with mitigation of the impacts of DMARC on mailing lists. There is also a new dependency associated with these features. Namely, the new Privacy options - Sender filters - dmarc_moderation_action feature requires that the dnspython http://www.dnspython.org/ package be available in Python. There are also bug fixes. See the attached README for more details. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, please see: http://www.list.org http://www.gnu.org/software/mailman http://mailman.sourceforge.net/ Mailman 2.1.18rc1 can be downloaded from https://launchpad.net/mailman/2.1/ http://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/ -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan 2.1.18rc1 (18-Apr-2014) Dependencies - There is a new dependency associated with the new Privacy options - Sender filters - dmarc_moderation_action feature discussed below. This requires that the dnspython http://www.dnspython.org/ package be available in Python. New Features - The from_is_list feature introduced in 2.1.16 is now unconditionally available to list owners. There is also, a new Privacy options - Sender filters - dmarc_moderation_action feature which applies to list messages where the From: address is in a domain which publishes a DMARC policy of reject or possibly quarantine. This is a list setting with values of Accept, Wrap Message, Munge From, Reject or Discard. There is a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the default for this, and the list admin UI is not able to set an action which is 'less' than the default. The prior ALLOW_FROM_IS_LIST setting has been removed and is effectively always Yes. There is a new DMARC_QUARANTINE_MODERATION_ACTION configuration setting which defaults to Yes but can be set to No to exclude domains with DMARC policy of quarantine from dmarc_moderation_action. dmarc_moderation_action and from_is_list interact in the following way. If the message is From: a domain to which dmarc_moderation_action applies and if dmarc_moderation_action is other than Accept, dmarc_moderation_action applies to that message. Otherwise the from_is_list action applies. i18n - Added missing mm-digest-question-start tag to French listinfo template. (LP: #1275964) Bug Fixes and other patches - Fixed a long standing issue in which a notice sent to a user whose language is other than that of the list can cause subsequent things which should be in the list's language to be in the user's language instead. (LP: #1308655) - Fixed the admin Membership List so a search string if any is not lost when visiting subsequent fragments of a chunked list. (LP: #1307454) - For from_is_list feature, use email address from original From: if original From: has no display name and strip domain part from resultant names that look like email addresses. (LP: #1304511) - Added the list name to the vette log held message approved entry. (LP: 1295875) - Added the CGI module name to various No such list error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in No such list error log entries. - Fixed a NameError exception in cron/nightly_gzip when it tries to print the usage message. (LP: #1291038) - Fixed a bug in ListAdmin._handlepost that would crash when trying to preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES is False. (LP: #1282365) - The from_is_list header munging feature introduced in Mailman 2.1.16 is no longer erroneously applied to Mailman generated notices. (LP: #1279667) - Changed the message from the confirm CGI to not indicate approval is required for an acceptance of an invitation. (LP: #1277744) - Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive. (LP: #1267003) - Added recognition for another simple warning to bounce processing. (LP: #1263247) - Fixed a few failing tests in tests/test_handlers.py. (LP: #1262950) - Fixed bin/arch to not create scrubbed attachments for messages skipped when processing the --start= option. (LP: #1260883) - Fixed email address validation to do a bit better in obscure cases. (LP: #1258703) - Fixed a bug which caused some authentication cookies to expire too soon if
Re: [Mailman-Users] Mirror mailing list with web forum
On 17 Apr 2014, at 04:27, Jon 1234 jon.1...@hotmail.co.uk wrote: From: rich...@damon-family.org I have been (slowly) working on an module to integrate a mailing list to a Drupal web site. My goal is to generate an archive that you can easily find recent messages in, and then be able to reply back to the list via the web site. I will need to look at some of those options to see if any would help in my needs. I found Drupal hard enough by itself, let alone integrating it with a mailing list. Good luck. I finally got FUDforum to work. Without wanting to go into detail here, I had to change the shebang line on maillist.php and change the file permissions in the FUDforum/messages folder. Seems simple now! On installation I had other permission errors (host doesn't allow 777 web directories), and other errors may occur in future, but at least I know in principle it works for me. I have it working with Fudforum and although the fudforum integration was (to me) poorly documented I got it working and has been stable / rock solid for a couple of years now. It would be nice to get things like membership linked between the two and to more easily identify forum posters (when their mail hits the list) but that is just a comment not a request (unless someone has worked it out!) BW Tim -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman 2.1.18 release
On 04/17/2014 11:32 AM, Mark Sapiro wrote: I am pleased to announce the first release candidate for Mailman 2.1.18. I neglected to emphasize that there are some new and some modified i18n strings in this release. I strongly encourage all interested people to look at these and submit translation updates, preferably as launchpad merge proposals but directly to me is OK, before 1 May 2014 to get them in the final release. -- Mark Sapiro m...@msapiro.netThe highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and From header munging
On Thu, 2014-04-17 at 11:29 -0700, Mark Sapiro wrote: On 04/17/2014 11:01 AM, Lindsay Haisley wrote: It occurred to me that one possible variation on From: header munging which wouldn't break any applications depending on this being an actual, working address for a post's author, while still passing DMARC authentication, would be for Mailman to change the From: address to a VERP-like address with the author's address encapsulated within an address @ the list server. Any mail received by the list server for this address would have its address parsed by Mailman and be redirected to the original author's real email address. Would this pass RFC compliance? It would probably be RFC compliant as long as the from address reliably worked to send to the author, but there are other problems. The first that comes to mind is suppose a yahoo.com user replies to a post originally From: another yahoo.com user. There may be DMARC issues with the delivery of this reply from the Mailman server to the original poster. Maybe not because the forwarding of the reply is a pass-through that *probably* won't break a DKIM signature. Well it does come up against the long-standing issue with SPF regarding email redirection, and if an email doesn't come from a mail server supporting DKIM, then there would be an issues in this case. But then what if the original poster had included a Reply-To: to an alternate address. This might result in a reply goint to the original From: instead of the original Reply-To:. This is, as I understand it, a MUA issue. Doesn't a reply _always_ go to a Reply-To: address by default? I don't see how munging of the From: address could affect this behavior. This implies that the verp like encoding should mangle things like example.com so they don't look like domain names which could make them difficult to parse. I'm already using AES encryption/decryption in Mailman to put the recipient address into the Resent-Message-ID: header in a form that AOL's brain-dead TOS report system can't redact. This is the same kind of problem. Mangling wouldn't even have to be that sophisticated. ROT13 would probably do. -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] DMARC and From header munging
Lindsay Haisley writes: Mailman to change the From: address to a VERP-like address with the author's address encapsulated within an address @ the list server. Any mail received by the list server for this address would have its address parsed by Mailman and be redirected to the original author's real email address. Would this pass RFC compliance? Technically, it probably does. The problem is that Mailman doesn't handle those mails, the MTA does. It would be reasonably easy to set up a filter and have the MTA pass the message to that filter. It's very ugly, though, especially if for some reason you have no display name to work with. A bigger problem, as stated what you've done is to set up an open relay. So you would need to either maintain a database of valid addresses forever, or do some crypto trickery so that only valid addresses would be forwarded. The latter would involve key management, etc. N.B. I read a very similar suggestion somewhere, probably in the DMARC Internet-Draft or in their FAQ. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Trying to understand charset encoding in mailman
On Apr 18, 2014, at 03:07 AM, Stephen J. Turnbull wrote: Getting it right by design ... well, that's why we need Mailman 3. And really, Python 3. The email package in Python 3.4 rocks. -Barry -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and From header munging
On Fri, 2014-04-18 at 03:51 +0900, Stephen J. Turnbull wrote: Lindsay Haisley writes: Mailman to change the From: address to a VERP-like address with the author's address encapsulated within an address @ the list server. Any mail received by the list server for this address would have its address parsed by Mailman and be redirected to the original author's real email address. Would this pass RFC compliance? Technically, it probably does. The problem is that Mailman doesn't handle those mails, the MTA does. It would be reasonably easy to set up a filter and have the MTA pass the message to that filter. We already do this for listname-subscribe, listname-owner, listname-bounces, etc. The addition of another similar name extension should be no problem. It's very ugly, though, especially if for some reason you have no display name to work with. Agreed! But the display name is free form and strictly informational. Could this not be the subscriber name of the author, if it's part of the subscription record? A bigger problem, as stated what you've done is to set up an open relay. So you would need to either maintain a database of valid addresses forever, or do some crypto trickery so that only valid addresses would be forwarded. The latter would involve key management, etc. This is a good point, so the encapsulated address would have to be obfuscated in some way. Crypto wouldn't be difficult. I've already hacked AES encryption/decryption into Mailman for generating a Resent-Message-ID: header containing the recipient address. I have a single key in mm_cfg.py and as long as it stays the same then addresses will translate. But I see your point. This is putting RFC compliance out an a very long and thin thread. If you change the key, your entire archive of emails becomes theoretically non-compliant, and this is indeed ugly. N.B. I read a very similar suggestion somewhere, probably in the DMARC Internet-Draft or in their FAQ. -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman 2.1.18 release
On Thu, 2014-04-17 at 11:32 -0700, Mark Sapiro wrote: dnspython http://www.dnspython.org/ Mark, is this distinct from pydns at http://pydsn.sourceforge.net? -- Lindsay Haisley | Everything works if you let it FMP Computer Services | 512-259-1190 | --- The Roadie http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman 2.1.18 release
On Thu, Apr 17, 2014 at 4:20 PM, Lindsay Haisley fmo...@fmp.com wrote: On Thu, 2014-04-17 at 11:32 -0700, Mark Sapiro wrote: dnspython http://www.dnspython.org/ Mark, is this distinct from pydns at http://pydsn.sourceforge.net? (not Mark), short answer yes. PyDNS and DNSPython are 2 different python libs, the latter seems to be more popular. -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] DMARC and Bellsouth, etc.
On Thu, Apr 17, 2014 at 2:32 PM, Stephen J. Turnbull step...@xemacs.orgwrote: Lindsay Haisley writes: Someone, maybe it was you, posted on this forum earlier that perhaps 90% or more of spam with a yahoo.com origin (or one of their international DNs) actually _does_ come from Yahoo Wasn't me. I don't have that data, and don't know where to get it offhand. So maybe it does, but in my spamtrap I have only 67/4359 (1.5%) messages from Yahoo (based on grepping for ^From:.*yahoo and ^From: respectively), vs. 658/38748 (1.7%) in my saved mail folders. It seems to me that spam using Yahoo addresses is hardly a big problem, whether it's spoofed or using throwaway addresses. I'm curious, what numbers do you currently see for tumblr (also a yahoo company) spam? -Jim P. -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mailman 2.1.18 release
On Thu, 2014-04-17 at 16:28 -0400, Jim Popovitch wrote: (not Mark), short answer yes. PyDNS and DNSPython are 2 different python libs, the latter seems to be more popular. Slightly confusing :) import DNS[imports PyDNS] import dns[imports DNSPython] -- Lindsay Haisley | Real programmers use butterflies FMP Computer Services | 512-259-1190 | - xkcd http://www.fmp.com| -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mirror mailing list with web forum
From: t...@yingtong.co.uk I have it working with Fudforum and although the fudforum integration was (to me) poorly documented I got it working and has been stable / rock solid for a couple of years now. It would be nice to get things like membership linked between the two and to more easily identify forum posters (when their mail hits the list) but that is just a comment not a request (unless someone has worked it out!) BW Tim I'm pleased to hear this - out of interest, which versions of FUDforum and Mailman are you running? I have some ideas about linking membership and will report back here if I come up with anything useful. By 'more easily identify forum posters' do you mean by, for instance, a header/footer stating that the message came from the web interface? I think that would be fairly easy to implement. Or is it part of your linking-membership point? - so that, for instance, you'd want Mailman to realise when a forum post should (or should not) be held for moderation? Best wishes Jon -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mirror mailing list with web forum
On 17 Apr 2014, at 22:04, Jon 1234 jon.1...@hotmail.co.uk wrote: From: t...@yingtong.co.uk I have it working with Fudforum and although the fudforum integration was (to me) poorly documented I got it working and has been stable / rock solid for a couple of years now. It would be nice to get things like membership linked between the two and to more easily identify forum posters (when their mail hits the list) but that is just a comment not a request (unless someone has worked it out!) BW Tim I'm pleased to hear this - out of interest, which versions of FUDforum and Mailman are you running? I have some ideas about linking membership and will report back here if I come up with anything useful. By 'more easily identify forum posters' do you mean by, for instance, a header/footer stating that the message came from the web interface? I think that would be fairly easy to implement. Or is it part of your linking-membership point? - so that, for instance, you'd want Mailman to realise when a forum post should (or should not) be held for moderation? Best wishes Jon Hi Jon, FUDForum 3.0.5 but several version prior to the latest too. Mailman 2.1.12 as part of Virtualmin ref identity I really mean at present most of the traffic is on the mailing list (and the forum is more of an archive for 80% of the joint community) where users complain they can’t easily identify forum posters as people (its a friendly bunch) as I’ve set it to post to the list as the single subscribed list address. They/I would like to see the forum users name/email address somewhere inside the body text so they can say “Hi Peter, good to hear from you, I think I can answer this one…” I’ve searched within FUDforum for documentation of how to format posts to include posters names etc. to no avail. In reality for membership intergration between the two I suspect I wouldn’t be first in the queue currently as I have several hundred subscribers both places, with significant overlap between them! BW TIm -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] Mirror mailing list with web forum
From: t...@yingtong.co.uk Date: Fri, 18 Apr 2014 00:36:37 +0100 ref identity I really mean at present most of the traffic is on the mailing list (and the forum is more of an archive for 80% of the joint community) where users complain they can’t easily identify forum posters as people (its a friendly bunch) as I’ve set it to post to the list as the single subscribed list address. They/I would like to see the forum users name/email address somewhere inside the body text so they can say “Hi Peter, good to hear from you, I think I can answer this one…” I’ve searched within FUDforum for documentation of how to format posts to include posters names etc. to no avail. This seems to work. Go to forum/theme/default/post.php and find the line: if (!empty($r[3])) { // Use the forum's fixed From: address. After it add words to the following effect: $body .= \n-- \nThis message was sent via the web forum by $from; You should get a footer along the lines of: This message was sent via the web forum by Name email address Which will be followed by the Mailman footer. In reality for membership intergration between the two I suspect I wouldn’t be first in the queue currently as I have several hundred subscribers both places, with significant overlap between them! BW TIm If I manage to solve this how about I mention it here but post the detail on the FUDforum website? Best wishes Jon -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Seeing your own sig appear in (someone else's) email to the list
One of my users on one of my lists is seeing something odd. His own signatures are appearing on other people’s emails sent to a Mailman (2.1.14) list. Some points of info: - He has his own domain, hosted by google - Email is read on the web (not sure which browser) - It appears on some, but not all list posts - Started happening “about a week ago” - I do not see his signatures when the same emails come to me, nor are they in the archive. - He is a list admin and moderator. The list is fully moderated and he approves/rejects most of the posts. Is he crazy? Any idea how to track this “problem” down? -Conrad -- Power today. Pleasure tomorrow. -- Mellowfields Top security holiday camps Luxury without fear Fun without suspicion Relax in a panic-free atmosphere -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org