[Mailman-Users] Amazon SES and Verified Senders

Duane Winner closetotheledge at yahoo.com
Fri Jan 11 18:27:23 CET 2013 

Hello,

Does anyone have any ideas on how to deal with this dilemma: I am running Mailman+Postfix+Ubuntu in Amazon AWS, and using Amazon SES as a relay. 
Although, this problem isn't unique to just SES. This problem is common among many relay services, DynDNS to name another.

To prevent against spam and abuse, SES, DynDNS and other relay services require that you VERIFY each SENDER before you can send mail from that email address.

When running Mailman, each member of every list is the SENDER, and it is not practical or even possible to verify every sender. 

I have two workarounds, but neither one is ideal.

Option 1) In Mailman, I can enable: "Hide the sender of a message, replacing it with the list address (Removes From, Sender and Reply-To fields) "

This will mean any post to a list will show only the list, and the list will be the return address (that is ok, even desirable).
But the problem with this is, that unless the poster includes a signature, there is no way to know who it came from when the other list members receive the post.
We need to know who posted to the lists, so we know who we're replying to, and if we need their email to take the conversation off-list, etc.


Option 2) In Postfix, maintain the canonical file so that each member address will be rewritten with a mailman domain address. Example:

In /etc/postfix/canonical:
jondoe at hotmail.com   jondoe.at.hotmail.com at mymailmandomain.com

Because I've approved the domain @mymailmandomain.com with DKIM in Amazon SES, and email from jondoe at hotmail.com will be rewritten as From: jondoe.at.hotmail.com at mymailmandomain.com, and Amazon SES will permit it.
The problem with this is that it still doesn't accurately reflect the senders real email anywhere, and another list member might pull the bogus "jondoe.at.hotmail.com at mymailmandomain.com" address, and try to send to this person off-list, or add the bogus email address to their address book....not good.
Also, a cronjob will have to regularly build and update the canonical addresses, which in itself isn't that a big deal, but is another point of failure.


Does anybody else have this problem, and how do you deal with it? Are there better solutions? Perhaps their is a better way to do #2 so that the From: address is rewritten to be acceptable to Amazon SES, but displays something that is more useful and friendly to recipients?

Thanks for any input!

DW

More information about the Mailman-Users mailing list