[Mailman-Developers] Adding DMARC support for Mailman 3
Barry Warsaw
barry at list.org
Thu Jul 11 21:52:34 CEST 2013
On Jul 11, 2013, at 03:23 AM, Stephen J. Turnbull wrote:
>Barry Warsaw writes:
>
> > For #1 you would have a rule that can answer the question of DMARC
> > disposition. Rules output binary results,
>
>This is somewhat problematic. DMARC results are potentially
>trivalent. If action is "reject" and pct is less than 100, some hits
>are "rejects" and some are "quarantine". Misses are misses. So I
>guess you do this with a chain of two rules, the first one verifying
>the message and if that hits (ie, verification fails) the second one
>rolls the dice for pct.
While ugly, that might be the best we can do for now. I have thought about
adding an action to links for when the rule misses, the default being 'Defer'
(i.e the next link in the chain executes as normal). That would at least give
you more control over each step in the chain. But handling more than two
cases quickly gets into ugliness.
Another possibility is to collapse the reject/quarantine "hit" into a single
boolean result. Rules can add key/values to the metadata dictionary, so you
could imagine that a hit wouldn't jump directly to the Reject or Hold chains.
Instead it would jump to a custom (terminal) chain that made the more specific
determination of whether to reject or hold the message.
> > and if this rule hits, it would run an action, probably to discard
> > the message, although it could also hold it or reject/bounce it.
>
>Silent discards without content analysis make me queasy.
Of course, we'd likely log and fire an event, so at least it wouldn't happen
completely silently.
>I guess we can work around that by doing DMARC checks after the content
>checks, although the draft implies the DMARC checks should be done early. Or
>we could reject, but unfortunately we can't reject in the SMTP transaction,
>so we need to issue a DSN. That makes me really queasy, because DSNs for
>illegitimate mail suck all around.
Yep. There is some limited ability to do additional checking at LMTP time,
but this isn't pluggable currently.
>In case of a quarantine, maybe this should go into a separate queue
>that silently waits for a moderator to look at the messages, and
>discards them after a reasonable period of time (maybe two weeks?) So
>they'd be there if somebody asks for a lost message, but otherwise no
>bother.
Currently there's only one moderation queue, but it can be set up to
auto-discard held requests after a period of time.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20130711/de10eb69/attachment.pgp>
More information about the Mailman-Developers
mailing list