Re: [Mailman-Users] Second Name

On 07/23/2017 06:09 PM, David Andrews wrote: > One of my users has requested a list -- let's call it > li...@example.org. He wants a second name for this list -- > li...@example.org He says he heard Mailman can do this. I have > experimented a little, but can't see how. > > Can Mailman do this

Re: [Mailman-Users] Second Name

On 07/23/2017 08:19 PM, Grant Taylor via Mailman-Users wrote: > If Mailman can't do this itself, I'd try to get the MTA that interfaces > with Mailman to do help. Specifically, create aliases for list2 that > actually reference list1. > > Ultimately both SMTP envelope

Re: [Mailman-Users] Second Name

On 07/24/2017 12:12 PM, Caesar Samsi wrote: > It sounds like you want to create a master list which has list1 and > list2 as members. I understood David (OP) to be asking for something different. li...@example.org is the canonical list David is asking for an alternate name, li...@example.org, f

Re: [Mailman-Users] How to check if E-mail from Mailman was opened by the subscriber ?

On 07/27/2017 11:04 AM, Robert Heller wrote: All you can know for sure is if the E-Mail was delivered and accepted by the final MTA server. You can't even be 100% sure of that. You can use SMTP's DSN feature to request to be notified when a message is delivered. However, chances are good tha

Re: [Mailman-Users] Newer Thunderbird reply list behaviour

On 08/04/2017 07:46 AM, Andrew Hodgson wrote: I am recently getting a lot of complaints from Thunderbird users on several lists running on our Mailman 2.1.24 system that when they press ctrl+r for reply, the reply goes to the individual sender and not the list. Mailman is set to strip the Repl

Re: [Mailman-Users] Distributed mass subscribe attack?

On 08/18/2017 11:07 AM, Phil Stracchino wrote: I second this. It is a legitimate part of compliant email addresses, no matter how many web stores seem to believe otherwise (or are merely unaware of it). I third this. I love user+detail but HATE that poorly designed web forms balk at +, and h

Re: [Mailman-Users] Users being unsubscribed without requesting it.

On 08/21/2017 02:08 PM, John Levine wrote: There are plenty of anti-spam schemes that fetch all the URLs in a message to see whether they're malicious. That's why ESPs usually have a landing page with a confirm link, and why we wrote RFC 8058 which defines a one-click opt-out link that uses POST

Re: [Mailman-Users] How to blocking malicious subscription requests?

On 09/05/2017 08:55 AM, Ian Kelling wrote: There is at least one very major mail provider where joe+any_string@domain goes to the inbox of joe by default, Is Mailman aware of user+detail? Or does is it naively view the entire userpart as distinct? Thus allowing as many many subscriptions usi

[Mailman-Users] DKIM / DMARC woes...

Hello, Does setting from_is_list and / or dmarc_moderation_action to munge cause Mailman to do anything with existing DKIM-Signature headers? Will they be removed or left there? -- Grant. . . . unix || die -- Mailman-Users mailing list M

Re: [Mailman-Users] DKIM / DMARC woes...

Thank you for the reply Mark. On 09/21/2017 03:23 PM, Mark Sapiro wrote: The default behavior does nothing to DKIM related headers. This is from Defaults.py Would I be correct in assuming that REMOVE_DKIM_HEADERS needs to be set to 2 or 3 to remove the DKIM headers if no from header munging i

Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

On 09/26/2017 07:23 AM, Richard Shetron wrote: Spamassassin produces a numeric rating for for an email based on multiple rules.  Legitimate email can easily get a rating of 3 or 4 based on the way you have it configured.  I've seen double digit ratings as well.  If you check for a single digit,

Re: [Mailman-Users] DKIM / DMARC woes...

On 09/21/2017 03:23 PM, Mark Sapiro wrote: The default behavior does nothing to DKIM related headers. This is from Defaults.py Is the REMOVE_DKIM_HEADERS option a per mailing list setting? Or is it Mailman wide? I'm looking through the list admin interface for Mailman 2.1.20 and not findin

Re: [Mailman-Users] DKIM / DMARC woes...

On 10/03/2017 10:24 AM, Mark Sapiro wrote: It is not a list setting. It applies to the entire installation. It is documented in Mailman/Defaults.py and if you want to change the default, set it in Mailman/mm_cfg.py. Thank you Mark. Sorry if I'm asking obvious questions. I've not admined Mailm

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

On 10/11/2017 12:12 PM, Mark Sapiro wrote: solution 2). Your mail relaying process can rewrite the envelope sender to your domain, e.g., campa...@myserver.com or some other appropriate @myserver.com address. This will break mailman's automated bounce processing for mail from mailman-boun...@ext

Re: [Mailman-Users] cause of bounces

On 10/14/2017 02:07 PM, Stephen J. Turnbull wrote: For (2) to make sense, the email provider should have a policy that prohibits use of its mailboxes to post to mailing lists, and it must not provide "on behalf of" services such as sending photographs or newspaper articles using your address in F

Re: [Mailman-Users] cause of bounces

On 10/17/2017 10:55 AM, Christian F Buser via Mailman-Users wrote: I can perfectly follow your thoughts and arguments, they appear to be justified and reasonable. Thank you. I tried to make them so that people could understand, even if they choose to disagree. However, could you please elab

Re: [Mailman-Users] cause of bounces

On 10/17/2017 03:22 PM, Mark Sapiro wrote: Agreed, but the above imply NOT RFC 5322 compliant. Please elaborate, if you're referring to more than From: vs Sent-By:. In other words, an invalid DKIM signature SHOULD be treated no differently from no signature. Fair enough. - I suspect DKIM

Re: [Mailman-Users] cause of bounces

On 10/17/2017 04:15 PM, Lindsay Haisley wrote: Just as an aside here, my understanding is that validation of an email by DMARC requires ONE of two things: EITHER the DKIM signature in the email must validate, OR the domain of the From body header must resolve to the IP address of the Sender sys

Re: [Mailman-Users] cause of bounces

On 10/17/2017 04:28 PM, Dimitri Maziuk wrote: Why? If this message doesn't match its signature, then it has been altered in transit for sure. If were not signed, like when I post from home (because I can't be arsed to set gpg up on winderz), then there's no telling if it was or wasn't. One of tho

Re: [Mailman-Users] cause of bounces

On 10/17/2017 11:45 AM, Dimitri Maziuk wrote: If these actually exist, my spamassassin has been delivering to /dev/null for quite some time now. My impression is they largely died off, possibly thanks to adoption of SPF. If these actually exist? - I'm talking about someone configuring their

Re: [Mailman-Users] cause of bounces

On 10/17/2017 03:54 PM, Mark Sapiro wrote: What I mean is as I posted previously , RFC 5322 says the From: contains the "the mailbox(es) of the person(s) or system(s) responsible for the writing of the message." and mungi

Re: [Mailman-Users] cause of bounces

On 10/17/2017 05:07 PM, Mark Sapiro wrote: The reference is the DMARC standard RFC 7489 . I need to go back and re-read that again. It's more complicated than the above. There is a concept of domain alignment. Alignment is satisfied in either "stri

Re: [Mailman-Users] cause of bounces

On 10/17/2017 06:00 PM, Dimitri Maziuk wrote: I've a "tactical foliage green" kufiah, best five bucks I ever spent on an article of clothing. I like it. The point was that SPF will flag messages with ineptly spoofed From addresses, and I don't seem to see any of those anymore. ;-) As for D

Re: [Mailman-Users] cause of bounces

I didn't completely follow all of your message. I think we may have been talking past each other. On 10/17/2017 06:56 PM, Mark Sapiro wrote: There's no such thing as a group's address unless the addresses are listed along with the group name. Um My interpretation of 6854 § 1 and § 4 mak

Re: [Mailman-Users] cause of bounces

On 10/18/2017 09:18 AM, Dimitri Maziuk wrote: Then you seem to misunderstand what crypto signatures actually do. I believe I understand what the crypto signatures actually do. We are each entitled to decide what to actually do based on the result of the crypto signature (in)validity. If sig

Re: [Mailman-Users] cause of bounces

On 10/18/2017 11:50 AM, Mark Sapiro wrote: ... This is the crux of our disagreement. The outbound message is still the original author's message, albeit slightly altered by subject prefixing, content filtering and/or other transformations to conform with list policies. I don't agree that it is a

Re: [Mailman-Users] cause of bounces

On 10/18/2017 11:51 AM, Dimitri Maziuk wrote: Like tnеtсоnsulting.nеt being a benign minor encoding change in a couple of characters? No. That is not a simple content encoding change. Content (re)encoding changes the representation of the same encoded data. <е> 1077, Hex 0435, Octal 2065

Re: [Mailman-Users] cause of bounces

On 10/18/2017 12:35 PM, Mark Sapiro wrote: DMARC is not the problem. It is perfectly reasonable for say, irs.gov to publish DMARC p=reject as long as mail From: irs.gov is not an employees personal post to an email list. Presumably the IRS would have rules against that. The problem is when gene

Re: [Mailman-Users] cause of bounces

On 10/18/2017 01:07 PM, Dimitri Maziuk wrote: 17 == 0x11. "17" != "0x11". Which was precisely the point: if your MTA, say, does unicodedata.normalize( 'NFKD' ... ), and turns u-umlaut into a regular "u", you may consider it benign. Many won't. I would not consider that benign at all. I'm refe

Re: [Mailman-Users] cause of bounces

On 10/18/2017 02:10 PM, Dimitri Maziuk wrote: They are different ASCII representations of the same byte, yes. They are not the same text. Hum. I wonder if we have been talking about slightly different things. I've been referring to "ü" being displayed the same in MUAs which is interpreting t

Re: [Mailman-Users] cause of bounces

On 10/18/2017 03:42 PM, Dimitri Maziuk wrote: Because the very first $relayhost may apply transport encoding. You have to compute the hash before that happens. It's my understanding that DKIM is usually applied by the egress MSA / MTA. I guess an MSA could apply DKIM itself. It would need to

Re: [Mailman-Users] cause of bounces

On 10/18/2017 11:50 AM, Mark Sapiro wrote: This is the crux of our disagreement. The outbound message is still the original author's message, albeit slightly altered by subject prefixing, content filtering and/or other transformations to conform with list policies. I don't agree that it is a co

Re: [Mailman-Users] cause of bounces

On 10/19/2017 12:37 AM, Stephen J. Turnbull wrote: The IETF has NO position on WHEN this should be done because it's not relevant to interoperability. My personal reasoning with respect to mailing list managers like Mailman which normally pass through all text/plain, and perhaps add some tags

Re: [Mailman-Users] cause of bounces

On 10/19/2017 09:15 PM, Mark Sapiro wrote: I think that won't happen. The use of p=none subdomains by various entities that publish p=reject for their primary domain is intended for addresses for their own staff to use in communicating via mailing lists and perhaps other channels. If a freemail p

Re: [Mailman-Users] cause of bounces

On 10/19/2017 10:14 PM, Grant Taylor via Mailman-Users wrote: /The output of a resending MLM is/ *a new message*. ... *The resending MLM is the author* /of the new message/. Since the MLM is the author of the new message, I think it would be prudent to use either of the following as the

Re: [Mailman-Users] Replying to the List

On 12/07/2017 07:19 PM, Chip Davis wrote: And I have no problem with that (except that editorial advice probably doesn't belong on a settings page) because it refers to a "mailing list".  I have no statistics, but my exposure to Mailman has been almost exclusively as a "discussion list".  There

Re: [Mailman-Users] options for dealing with DMARC

On 12/28/2017 12:57 PM, Jordan Brown wrote: Wikipedia tells me that DMARC passes if either SPF or DKIM passes. Sending domain administrators can require that *both* SPF /and/ DKIM must pass for DMARC to pass. So your /or/ premise is likely not going to work out as well as you had hoped.

Re: [Mailman-Users] options for dealing with DMARC

On 12/28/2017 04:33 PM, Grant Taylor via Mailman-Users wrote: Sending domain administrators can require that *both* SPF /and/ DKIM must pass for DMARC to pass.  So your /or/ premise is likely not going to work out as well as you had hoped. (*sigh* It's been a day.) As sure as I say tha

Re: [Mailman-Users] Sample of an Uncaught bounce notification

On 01/12/2018 08:43 AM, Julian H. Stacey wrote: Is this live sample of an Uncaught bounce notification useful to forward to developers to extend pattern matching. http://berklix.com/~jhs/tmp/mailman/uncaught_bounce_notification/1 I highly doubt it. The bounce that is in the email you linked t

Re: [Mailman-Users] Retention policy for archives

On 01/16/2018 11:17 AM, Mark Sapiro wrote: The down side of this is each time you run it, the messages in the archive will be renumbered and prior saved URLs to archived messages will no longer work. It seems like it would be possible to augment the prune_arch script to add place holder messa

Re: [Mailman-Users] Reply-to options not working

On 01/20/2018 12:05 PM, Mark Sapiro wrote: What actually happens with "reply" depends on a few things. If the mail client involved is Thunderbird, it doesn't behave as expected. See . In short, in recent T'bird if the message has a List-Post

Re: [Mailman-Users] Reply-to options not working

On 01/22/2018 10:37 AM, Mark Sapiro wrote: With the default mail.override_list_reply_to = False, for a message with a List-Post: header and with the list posting address also in a Reply-To: header, T'bird will ignore the Reply-To: header and address a "Reply" to the From: address. Setting mai

Re: [Mailman-Users] Reply-to options not working

On 01/22/2018 10:37 AM, Mark Sapiro wrote: With the default mail.override_list_reply_to = False, for a message with a List-Post: header and with the list posting address also in a Reply-To: header, T'bird will ignore the Reply-To: header and address a "Reply" to the From: address. Setting mai

Re: [Mailman-Users] Reply-to options not working

On 01/22/2018 12:17 PM, Mark Sapiro wrote: My bad. I was confused. In my answer above, "False" should be "True" and vice versa. ;-) -- Grant. . . . unix || die -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/

Re: [Mailman-Users] Reply-to options not working

On 01/22/2018 12:41 PM, Mark Sapiro wrote: That's correct. *chuckle* I guess this is one time when munging the From for DMARC reasons may help ensure that messages do go back to the list. The T'bird developers view is that in these cases, you are offered a "Reply List" button and therefore

Re: [Mailman-Users] Reply-to options not working

On 01/22/2018 03:55 PM, Steven D'Aprano wrote: Its worse than that: what about people who intentionally set the Reply To header on non-mailing list emails? I believe the new behavior is only triggered when the Reply-To: and List-Post: headers match. I guess that might be a problem if the mai

Re: [Mailman-Users] Reply-to options not working

On 01/24/2018 01:50 AM, Stephen J. Turnbull wrote: I'd appreciate if those who have strong opinions on this would take a look at the analysis below and tell me if I'm missing something. If not, maybe I'll write up a BCP (non-standards-track RFC[1]) so it's on record. See my comments inline be

Re: [Mailman-Users] Reply-to options not working

On 01/24/2018 10:40 AM, Jordan Brown wrote: On 1/24/2018 12:50 AM, Stephen J. Turnbull wrote: I think there's an obvious algorithm for "smart single reply": 1. If there is a Reply-To, address the message to Reply-To. 2. Else if there is a List-Post, address the message to List-Post. 3. Else

Re: [Mailman-Users] Reply-to options not working

On 01/24/2018 09:16 PM, Jordan Brown wrote: I don't understand this statement. Or, I don't understand how it disagrees with what I said. I don't really care whether the MUA has a "Reply List" button that does something list-specific. "Reply" should go to the author; "Reply All" should go to

Re: [Mailman-Users] Reply-to options not working

On 01/28/2018 09:40 PM, Stephen J. Turnbull wrote: OK. But I'm not saying "always." I'm saying that this would DTRT for me a very large proportion of the time, and for AOLers, about 100% of the time to 6 sigmas. I think that's a question of corpus. DTRT for you is different from DTRT for m

Re: [Mailman-Users] Reply-to options not working

On 01/26/2018 09:41 PM, Jordan Brown wrote: I was suggesting that one way to address that complaint would be for your mail client to detect the duplication and hide the duplicate copies. That sounds good in theory. But the practice that I'm exposed to doesn't work out well. I usually receiv

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 01:43 PM, Dimitri Maziuk wrote: Dep. on your MDA setup, list replies could go to list folder and off-list copies: to main inbox. In which case I think that thunderbird plug-in would not work either, even if you still have both on disk. That's the exact scenario (save for the pred

Re: [Mailman-Users] Reply-to options not working

On 01/29/2018 10:14 AM, Chip Davis wrote: I have a constant problem with well-meaning, but essentially ignorant, email users who, upon seeing a "Reply To:" field in their MUA's setup screen, dutifully fill it in with their email address. I too have seen people fill in the Reply-To in the MUA s

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 03:04 PM, Jordan Brown wrote: Even getting agreement on what constitutes an ambiguous case might be tough. Agreement between people may be problematic. I think it will be quite simple to get people to define what they like and dislike. Which will likely differ from what other p

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 03:02 PM, Dimitri Maziuk wrote: Does it ave the same Message-ID though? I suppose if I reply-both on this one, you'll have an easy way to check. Yes, they frequently do have the same Message-ID. About the only time they don't is if the MLM changes the Message-ID. (sending to

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 03:09 PM, Dimitri Maziuk wrote: To answer my own question, the one I got back from the list has the same message id that was sent out so a t least in this particular delivery chain nothing mangled it. ;-) In that case keeping a list of the N last delivered message ids and disca

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 03:11 PM, Jordan Brown wrote: There are those who would consider it a problem if your mailing list is (mis:-)configured to add "Reply-To: " if there is no existing "Reply-To". I don't see how the MLM's behavior (good / bad / indifferent) has anything to do with this being a prob

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 05:53 PM, Jordan Brown wrote: [ Feh. My biggest MUA<->ML nuisance is that I don't have a way to force replies to use the custom From address that I use for that mailing list. I'm assuming that you're talking about the address that address that direct replies go to. My solution

Re: [Mailman-Users] Reply-to options not working

On 01/30/2018 07:22 PM, Mark Sapiro wrote: No. In the User A case messages from the list will have a Reply-To with the list address and replies (ignoring the pathological recent Thunderbird) will go to the list as you say, but in the User B case, messages from the list will have a Reply-To wit

Re: [Mailman-Users] How to remove "cc" of sender but retain "sender"?

On 03/08/2018 05:22 PM, Richard Johnson wrote: (1) set the "From" as the list address, while also (2) NOT including the sender in to any "CC" list, and instead including the sender in a "Sender" header. That really sounds like something that I would tackle with Procmail or a specially written

Re: [Mailman-Users] Yahoo rejects

On 03/16/2018 01:57 PM, Jim Dory wrote: -- Forwarded message -- From: MAILER-DAEMON@domain2.example To: nome-announce-bounces@domain1.example Cc: Bcc: Date: Subject: Delivery failure Message from domain2.example. Unable to deliver message to the following address(es). >: This use

Re: [Mailman-Users] Yahoo rejects

On 03/16/2018 07:54 PM, Grant Taylor via Mailman-Users wrote: Has there been any noise about Yahoo on mailop about this new behavior? I just read a handful of messages on mailop where multiple people are reporting this issue. One of the last messages indicated that the problem might be

Re: [Mailman-Users] (relatively) new DMARC issues - and Gmail

Have you considered sending your message to the Mailop mailing list? I know that there are a couple of Gmail admins / coworkers that are subscribed to Mailop and will respond to issues like this. Plus, it might also be a better forum and get more engagement / suggestions / gratitude by others

Re: [Mailman-Users] 'from' header at delivered email from inside / outside organization

On 04/19/2018 04:17 AM, kan...@yamachu-tokachi.co.jp wrote: Hello Mailman experts, I'm not an expert, but I've got questions. I created a mailing list (i.e. a...@ml.abc.co.jp) with mailman in our organization. I don't think it matters, but I want to make sure I'm not assuming anything inco

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote: It would be a much more annoying matter if they claimed the right to be deleted from third party posts that quoted and identified them, though. If there is a "right to be forgotten" that impinges on mailing list archives, that seems plausible t

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/12/2018 03:35 PM, Bernd Petrovitsch wrote: Well, it's the very nature of an archive that everything stays there (similar to a backup). Yes. But I believe that GDPR has implications on expunging things from archives / backups too. Not doing so is not within the spirit of forgetting som

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/14/2018 06:33 AM, Andrew Hodgson wrote: - Archive purge requests. We have discussed the same items as on the list to date. I am looking at doing a simple grep for the relevant person's details and changing that. The main reason for doing this is that if we just remove the author's messa

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/14/2018 04:02 PM, Ángel wrote: IMHO they would mostly fail under §18 and GDPR wouldn't apply: Okay. What happens if a subsequent data breach (malware / infection) causes said individual archives to become public information? }:-) Of course, if a company was using the mailing list to

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/14/2018 04:11 PM, Bernd Petrovitsch wrote: Seriously, these folks don't know what they imply. Nope. Politicians (almost) never fully understand what's going on. And to be honest: If person X fullquotes and the email ends in an archive, who's fault is it? Obviously the archive's (or m

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/15/2018 03:18 AM, Andrew Hodgson wrote: At the moment the list administrator and moderator account is accessed via no username and a single password. If that password is shared, I have no audit trail of who logged into the system. ACK I like to run Mailman (et al) administration pages

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/15/2018 03:08 AM, Andrew Hodgson wrote: What do I redact or remove in this instance? - Personal details about the original poster and the event who had not consented to having their email posted to the mailing list; I would likely have (presuming sufficient motivation): 1) Get mailman

Re: [Mailman-Users] GDPR

Duly noted. On 05/15/2018 07:04 PM, Mark Sapiro wrote: Actually, the easiest way is to just redact the cumulative LIST.mbox/LIST.mbox file and rebuild the archive with 'bin/arch --wipe' but that can have undesired side effects. Doesn't that run the risk of renumbering messages, thus breaking

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/17/2018 02:56 AM, Bernd Petrovitsch wrote: FWIW and IMHO, I think we are in violent agreement here. :-) In the old-school life: the sender (because s/he said it on her/his free will) - I hope;-). But the person who overheard it may tell the story to a third person. And it's just/only

Re: [Mailman-Users] [Mailman-cabal] GDPR

On 05/22/2018 07:33 PM, Stephen J. Turnbull wrote: I would imagine that it is the subthread rooted at the first post containing complainant's PII -- "Personally Identifying Information". I feel like that's a self referencing definition. A "thread" is "a subthread rooted at the first post conta

Re: [Mailman-Users] GDPR

On 05/22/2018 07:46 PM, Stephen J. Turnbull wrote: Many posts will include their names in CCs, especially on lists that munge Reply-To. Don't forget the munged reply. }:-) Some of these may be hidden (eg, Reply-To is normally not displayed; I don't know offhand if it's in the mbox files).

Re: [Mailman-Users] How do I run 2.x mailman more securely?

On 05/30/2018 03:36 PM, Parker, Michael D. wrote: I've been assigned the task of attempting to secure our current implementation of GNU MailMan. One thing that I've not seen (or missed) in this thread is the idea of leveraging HTTPS usernames and passwords to protect the web interface. IMHO

Re: [Mailman-Users] How do I run 2.x mailman more securely?

On 05/31/2018 12:25 PM, Grant Taylor wrote: IMHO the web server has a LOT more experience at user access control than most web applications. As such, I feel like the web server probably has a better handle on how to do it. Apache (and I suspect Nginx) has the ability to use client side TLS ce

Re: [Mailman-Users] How do I run 2.x mailman more securely?

I feel like I'm missing something and as such have some questions. On 05/31/2018 11:42 AM, incoming-pythonli...@rjl.com wrote: Depending on where your users are coming from, it might be easier to limit access to the GUI using a firewall. Why are you using a firewall instead of leveraging the w

Re: [Mailman-Users] How do I run 2.x mailman more securely?

On 05/31/2018 01:18 PM, Dimitri Maziuk wrote: Yeah, I too once thought that was a good idea. I'm not quite following you. Are you saying that you now dislike HTTP(S) usernames & passwords specifically? Or are you saying that you dislike hosting something yourself? And then heartbleed came

Re: [Mailman-Users] How do I run 2.x mailman more securely?

On 05/31/2018 03:05 PM, Dimitri Maziuk wrote: What exactly is it about mailman usernames and passwords that you are trying to protect with HTTPS? I wasn't talking about Mailman usernames (email addresses) and passwords. I was talking about the usernames and passwords for Basic HTTP(S) authen

Re: [Mailman-Users] How do I run 2.x mailman more securely?

On 05/31/2018 06:37 PM, incoming-pythonli...@rjl.com wrote: Both are valid alternatives. There may be performance advantages, to stopping attacks at the firewall level instead of higher up in the application stack. Agreed, on both accounts. Firewalls also have a tendency to protect multiple

Re: [Mailman-Users] How do I run 2.x mailman more securely?

On 05/31/2018 09:33 PM, incoming-pythonli...@rjl.com wrote: I wrote scripts that read the list and generated a rule per network. It can be slow, but has worked reliably for many years. Since it is a mailserver, performance has not been a big issue. I am in the process of designing a replaceme

Re: [Mailman-Users] Spam Subscriptions

On 06/02/2018 09:29 PM, Mark Sapiro wrote: I use this regexp in the GLOBAL_BAN_LIST ^[0-9a-z.]{8,}\+[0-9a-z]{4,}@gmail\.com$ Are you not looking for capital letters? I can see how the period in the first class would work, but I don't see that in the second class. What am I missing? -- G

Re: [Mailman-Users] Spam Subscriptions

On 06/03/2018 04:11 PM, Mark Sapiro wrote: Ban list regexps are case insensitive. Thank you for the clarification Mark. The fact that the ones I saw never had periods following the plus sign. ACK -- Grant. . . . unix || die -- Mailman-U

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 06:16 AM, Robert Heller wrote: I mean it does not check things like the Received: headers*by default*. If the email part of the From: header is a list member address, Mailman will consider that the mail is from that member and pass the message on to the list,*even if the From: hea

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 11:44 AM, Robert Heller wrote: All of which can be spoofed. Yes. Just about everything can be spoofed to some degree. It really depends on what information the owner of the purported sending domain publishes and what filtering / consumption of said information the receiving s

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 03:11 PM, John Levine wrote: Well, you know, this is what DMARC is intended to address. While DMARC checks on mail that has passed through mailing lists has all sorts of well known problems, doing DMARC checks on mail that arrives at a list server would be pretty benign. It's pr

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 04:16 PM, Mark Sapiro wrote: Mailman can be configured to remove DKIM related headers from incoming mail before sending. ACK I'm lumping various in as well, which I'm not aware of Mailman being able to remove. Authentication-Results: I think there are others that fall into th

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 06:22 PM, Mark Sapiro wrote: If Mailman is asked to remove or replace DKIM headers, the headers affected are DomainKey-Signature, DKIM-Signature and Authentication-Results. Good to know. Thank you for clarifying Mark. -- Grant. . . . unix || die -

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 05:27 PM, Mark Sapiro wrote: The problem is downstream has to trust me. If I'm gmail.com, I'll probably be trusted. If I'm msapiro.net, probably not. Python.org, who knows. Yep. I've not yet seen any indication that there will be any good way to establish this trust relationship

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/20/2018 12:40 AM, Jayson Smith wrote: Could either of these milter solutions linked previously be adapted for use as a Sendmail milter? I'd love to find something which would query Mailman about the status of a particular sender address at the RCPT stage of the SMTP transaction so spoofed

Re: [Mailman-Users] ARC, was non-subscribers getting through--email address in "Real Name"

On 07/21/2018 02:24 PM, John Levine wrote: I know people working on whiteish lists to use with ARC, to say that these domain are known to host real mailing lists so you should believe their ARC assertions. Is there some place that I can find out more about these people and / or their projects

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/19/2018 04:59 PM, Phil Stracchino wrote: Actually, mailing lists and other redistribution are among the places DMARC notably breaks. Does DMARC actually break or otherwise behave in a manner contrary to it's specification? I personally believe that DMARC (and SPF and DKIM) are doing ex

Re: [Mailman-Users] ARC, was non-subscribers getting through--email address in "Real Name"

On 07/22/2018 02:05 PM, John Levine wrote: Every domain added to a whitelist like this involves manual work. Yes. Why would you waste time on domains that aren't likely to send mail with ARC headers? I'm not suggesting wasting time on domains that wouldn't send ARC headers. I'm questioning

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/22/2018 02:03 PM, John Levine wrote: No, it was specified in full knowledge that it would break pretty much every mailing list on the planet if used on domains with human users, instead of its intended target of notices from robot domains like paypal.com. I choose to believe the mailing

Re: [Mailman-Users] ARC, was non-subscribers getting through--email address in "Real Name"

On 07/22/2018 11:02 PM, Stephen J. Turnbull wrote: You're misunderstanding. The ARC community doesn't discourage whitelisting other sites. The work to do whitelisting does. Thank you for clarifying Stephen. I was afraid that you were somehow implying that there was some sort of guideline on

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/22/2018 04:25 PM, Richard Damon wrote: What actions do you think mailing lists are doing improperly? I personally believe that mailing lists are their own end entity, just like our individual mailboxes. (Particularly discussion mailing lists.) I also believe that SPF, DKIM, and DMARC

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/24/2018 03:16 PM, John Levine wrote: Turning it on for aol.com, yahoo.com, and other domains with user mailboxes, So, are you stating that DMARC should NOT be used on domains that (predominantly) contain end user mailboxes? to outsource the pain of the spam they were getting I'm not

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/24/2018 06:51 PM, Mark Sapiro wrote: The stolen address books were used to send phishing emails purportedly from the owner of the address book the the addresses in the book. I.e., a message From: a_known_fri...@yahoo.com saying things look at this great thing I found and a URL to evilsit

Re: [Mailman-Users] non-subscribers getting through--email address in "Real Name"

On 07/24/2018 06:59 PM, Richard Damon wrote: You CAN’T strip DMARC. I can most certainly strip any DKIM related headers from messages that are coming into my server on their way to my mailing list. I'm not talking about altering other people's view of DNS. (That's a completely different to

  1   2   >