From mark at msapiro.net  Thu May  1 00:18:31 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 30 Apr 2014 15:18:31 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <1398887807.8417.36.camel@pudina.fmp.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
Message-ID: <536176B7.7020301@msapiro.net>

On 04/30/2014 12:56 PM, Lindsay Haisley wrote:
> The internal documentation in the admin screens for 2.1.18 is a bit
> confusing with regard to Reply-To munging.
> 
> In the doc for the from_is_list option we have "It replaces the poster's
> address in the From: header with the list address and adds the poster to
> the Reply-To: header, but the anonymous_list and Reply-To: header
> munging settings below take priority."
> 
> Which Reply-To: header munging settings take priority, and how should
> one set them so that they don't override from_is_list?


If you set anonymous_list = Yes the post will be fully anonymized as
before which includes setting the From: to the list address. Thus,
setting anonymous_list = Yes obviates the need for From: header munging
because you're already doing it.

However, the statment "the anonymous_list and Reply-To: header munging
settings below take priority." is probably not correct. It comes from
2.1.16 which was a bit different with respect to Reply-To:.

In 2.1.18, with anonymous_list - Yes and from_is_list = No, From: will
be "List's description <list posting address>" and there will be no
Reply-To:. If from_is list is Munge (or Wrap) the (outer) From: will be
"List's description via list's real_name <list posting address>" and the
(outer) Reply-To will be "List's description <list posting address>"

So the from_is_list options add 'via real_name' to the From: and add a
redundant Reply-To: the list.

from_is_list interacts with first_strip_reply_to and reply_goes_to_list
in the way one intuitively expects. I.e. first_strip_reply_to and
reply_goes_to_list behave as always and from_is_list just adds the
posters From: to Reply-To: if it isn't there already (and in the case of
an anonymous list, the poster's From: has already been set to the list.

That text should probably be changed. I don't like to change strings
that have already been translated and this one was for 2.1.16 for a few
languages, but I should fix it.


> If dmarc_moderation_action overrides from_is_list, as the doc for it
> says it does, is it also overridden by Reply-To: header munging
> settings?


As I explained above, from_is_list works in all cases. And, the same is
true for dmarc_moderation_action if it applies.


> Also, in the doc for reply_goes_to_list, we see "When set to Poster [the
> default], no Reply-To: header is added by Mailman".  Does this mean that
> this overrides from_is_list, which if set says that it causes the
> original From header to be inserted into the Reply-To header?


No. The poster's address will be added to Reply-To: in all cases where
from_is_list or dmarc_moderation_action rewriting or wrapping is done.


> I can probably figure this out, but it might be good to explain this a
> bit more completely in the Mailman internal docs.  It's not really clear
> exactly how these options relate, and how the precedence of settings is
> organized.  These may be stupid questions, but I can just about
> guarantee you that all my list admins will trip on them :(


I hear you. It is badly explained and I need to fix it. Thanks for
raising this.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  1 00:42:36 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 30 Apr 2014 15:42:36 -0700
Subject: [Mailman-Users] Private mailing list reply watcher
In-Reply-To: <536109C7.70200@gmail.com>
References: <536109C7.70200@gmail.com>
Message-ID: <53617C5C.10508@msapiro.net>

On 04/30/2014 07:33 AM, Tomas Babej wrote:
> 
> I plan to write a script that will handle such cases in a generic way,
> however, I don't like reinventing the wheel. Does anybody know if this
> problem has already been solved?


What problem are you trying to solve? Remailing the reply from the list
archive to the original sender, or something else?

>From your Subject:, it seems you're looking for something that monitors
list traffic and in case of a message determined to be a reply to the
list with no Cc: to someone else, sends that message to the someone
else, but identifying to whom might be tricky. I'd be interested in what
you come up with.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  1 02:05:59 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 30 Apr 2014 17:05:59 -0700
Subject: [Mailman-Users] Issue approving subscription requests
In-Reply-To: <CAL0qLwb9JovF3ZaZMDctyt-Vv6uFnEqCeYxF5uBUia31Uh54dw@mail.gmail.com>
References: <CAL0qLwb_Viqg+JtmAHE+tWusuv_18mVxyY2OceJTHf9kVxqEQQ@mail.gmail.com>	<535FD5C4.9020206@msapiro.net>	<CAL0qLwYWw3a1AGyQLS7uvSn6izGb16UunoMdQ4LqTGpyReY8yw@mail.gmail.com>	<535FF1AF.6040606@msapiro.net>
 <CAL0qLwb9JovF3ZaZMDctyt-Vv6uFnEqCeYxF5uBUia31Uh54dw@mail.gmail.com>
Message-ID: <53618FE7.1070106@msapiro.net>

On 04/30/2014 11:58 AM, Murray S. Kucherawy wrote:
> On Tue, Apr 29, 2014 at 11:38 AM, Mark Sapiro <mark at msapiro.net
> <mailto:mark at msapiro.net>> wrote:
> 
> 
>     See the script at <http://www.msapiro.net/scripts/list_requests>.
> 
> 
> Tried that, got this:
> 
> ./list_requests -H -l <listname>
>   <address> (name) <date>
> (S)kip, (A)ccept, (R)eject, (D)iscard [sard] A
> Traceback (most recent call last):
>   File "./list_requests", line 216, in <module>
>     main()
>   File "./list_requests", line 128, in main
>     changed += handle_req(mlist, id)
>   File "./list_requests", line 204, in handle_req
>     mlist.HandleRequest(id, mm_cfg.APPROVE)
>   File "/usr/local/mailman/Mailman/ListAdmin.py", line 172, in HandleRequest
>     status = self.__handlesubscription(data, value, comment)
>   File "/usr/local/mailman/Mailman/ListAdmin.py", line 428, in
> __handlesubscription
>     assert value == mm_cfg.SUBSCRIBE


The script never worked to approve (un)subscriptions. Sorry about that.
It's fixed now. get the version with

# Copyright (C) 1998-2014 by the Free Software Foundation, Inc.

from <http://www.msapiro.net/scripts/list_requests> or
<http://fog.ccsf.edu/~msapiro/scripts/list_requests>, and it will work.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  1 02:42:56 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 30 Apr 2014 17:42:56 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <536176B7.7020301@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>
Message-ID: <53619890.3050403@msapiro.net>

On 04/30/2014 03:18 PM, Mark Sapiro wrote:
> On 04/30/2014 12:56 PM, Lindsay Haisley wrote:
> 
>> I can probably figure this out, but it might be good to explain this a
>> bit more completely in the Mailman internal docs.  It's not really clear
>> exactly how these options relate, and how the precedence of settings is
>> organized.  These may be stupid questions, but I can just about
>> guarantee you that all my list admins will trip on them :(
> 
> 
> I hear you. It is badly explained and I need to fix it. Thanks for
> raising this.


I changed it. In the 2.1.18 final it will say:

-------------------------------------------------------------
from_is_list (general): Replace the sender with the list address to
conform with policies like DMARC.

Replace the sender with the list address to conform with policies like
ADSP and DMARC. It replaces the poster's address in the From: header
with the list address and adds the poster to the Reply-To: header.

If this is set to Wrap Message, just wrap the message in an outer
message From: the list with Content-Type: message/rfc822.

These settings play as expected with the anonymous_list and Reply-To:
header munging settings below with the exception of adding "via
real_name" to the display name in the From: for an anonymous list and
adding the poster's address to Reply-To: in almost all cases.

If anonymous_list is Yes, there is no reason to set from_is_list to
anything other than No.

If dmarc_moderation_action applies to this message with an action other
than Accept, that action rather than this is applied
-------------------------------------------------------------

Note I also removed the bit about SPF and DKIM signing. They actually
may help with acceptance of your list mail by some ESPs, but not because
of DMARC, and the note could discourage people from using this when it
shouldn't.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Thu May  1 03:58:44 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Wed, 30 Apr 2014 20:58:44 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <536176B7.7020301@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>
Message-ID: <1398909524.8417.51.camel@pudina.fmp.com>

On Wed, 2014-04-30 at 15:18 -0700, Mark Sapiro wrote:
> I hear you. It is badly explained and I need to fix it. Thanks for
> raising this.
> 
Mailman is open source software and I use it.  It's my job :)

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From stephen at xemacs.org  Thu May  1 04:13:10 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 01 May 2014 11:13:10 +0900
Subject: [Mailman-Users] Excessive bounces to list members on my list
In-Reply-To: <9F576395-55BF-420D-B000-344B304F1BFB@nuw.org.au>
References: <8D13134EDFA7104-3D5C-22371@webmail-d176.sysops.aol.com>
 <87iopsm5j2.fsf@uwakimon.sk.tsukuba.ac.jp>
 <F191C0EC-0FCA-4B05-8415-401DB47303F5@alum.mit.edu>
 <1398802700.61040.23.camel@pudina.fmp.com>
 <9E0F600A2292D67CE4396497@sodor.cc.columbia.edu>
 <53603682.1070505@msapiro.net>
 <70300038-2EC1-4B53-AB6E-8F791A4FF0C9@nuw.org.au>
 <607E588A-E1EF-480D-964E-9BA03FB82A00@portadmiral.org>
 <53610CEE.2060400@msapiro.net>
 <9F576395-55BF-420D-B000-344B304F1BFB@nuw.org.au>
Message-ID: <874n1amekp.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > Another question is what happens if yahoo groups receive aol
 > bounces. They might not use them to disable or unsubscribe members,
 > which would limit the damage to just non delivery.

Yahoo! is a proprietary service, not in the habit of telling anybody
what they're doing or why.  You'll have to ask them.



From stephen at xemacs.org  Thu May  1 04:57:23 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 01 May 2014 11:57:23 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <53619890.3050403@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
Message-ID: <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > I changed it. In the 2.1.18 final it will say:
 > 
 > -------------------------------------------------------------
 > from_is_list (general): Replace the sender with the list address to
 > conform with policies like DMARC.
 > 
 > Replace the sender with the list address to conform with policies like
 > ADSP and DMARC. It replaces the poster's address in the From: header
 > with the list address and adds the poster to the Reply-To: header.
 > 
 > If this is set to Wrap Message, just wrap the message in an outer
 > message From: the list with Content-Type: message/rfc822.

Ouch!  I'd really like to change this variable's name!  (It's not very
easy to understand anyway; grammatically the semantics are "whatever
you see in From is {a, the} list", not "replace whatever is in From
with the list's address".)

Something like "from_alignment", with values None (don't try to align
domains in From), 'shift author' (From into Reply-To, <list> into
From), or 'wrap message'.

May as well rewrite the doc ... here goes:

    from_alignment:  Try to ensure that From is not "misaligned" with
    the author's domain, to conform with protocols like DMARC.
    [FIXME: I don't see how to avoid the double negative.  Help?!]

    This setting replaces the from_is_list setting, which is now
    deprecated.  Existing from_is_list settings will be respected.

    Several protocols now in wide use attempt to ensure that use of
    the domain in the author's address (ie, in the From header field)
    is authorized by that domain.  These protocols may be incompatible
    with common list features such as footers, causing participating
    email services to bounce list traffic merely because of the
    address in the From field.  *This has resulted in members being
    unsubscribed despite being perfectly able to receive mail.*

    The following actions are applied to messages where use of such a
    protocol is detected by Mailman.  [FIXME: Is that correct?]

    Valid values:

    'no': Do nothing special.  This is appropriate for anonymous lists.
    It is appropriate for dedicated announcement lists, unless the
    "From" address is not within the Mailman host's domain.  [FIXME:
    Maybe None is a better value here.  Of course that's not backward
    compatible, but with the name change it would be possible to check
    the old from_is_list.]

    'shift author': Shift the address(es) in From to Reply-To
    (preserving existing addresses in Reply-To), and insert the list's
    [posting?] address in From.

    'wrap message': Treat the message as a MIME forward with list in
    From and the original message encapsulated in a MIME message/rfc822
    part.  Subscribers will perceive this as a "one message digest".
    [FIXME: Should this respect the MIME vs. legacy encapsulation
    ('digest') setting?  If 'yes', that setting should move to General
    or so?]

 > These settings play as expected with the anonymous_list and Reply-To:

What does "as expected" mean?  (If *I* have to ask.... :-)

 > header munging settings below with the exception of adding "via
 > real_name" to the display name in the From: for an anonymous list and

??  Adding real name to From in an *anonymous* list?

 > adding the poster's address to Reply-To: in almost all cases.
 > 
 > If anonymous_list is Yes, there is no reason to set from_is_list to
 > anything other than No.

Unnecessary with my wording above.

 > If dmarc_moderation_action applies to this message with an action other
 > than Accept, that action rather than this is applied

This doesn't seem correct.  True, if Reject (aka "emit backscatter")
or Discard, the message will never reach this point.  But if it's
Hold, this processing will be applied if the message is accepted by
the moderator.  How about

    See also dmarc_moderation_action (which will be applied earlier in
    processing than this feature).

From lstone19 at stonejongleux.com  Thu May  1 05:21:43 2014
From: lstone19 at stonejongleux.com (Larry Stone)
Date: Wed, 30 Apr 2014 22:21:43 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <09CA4E9C-3EEF-46AD-BD23-10465FD06694@stonejongleux.com>

On Apr 30, 2014, at 9:57 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> May as well rewrite the doc ... here goes:
> 
>    from_alignment:  Try to ensure that From is not "misaligned" with
>    the author's domain, to conform with protocols like DMARC.
>    [FIXME: I don't see how to avoid the double negative.  Help?!]

Seems to me saying ?Try to ensure that 'From:' is ?aligned? with ?? does it. I?d prefer to put the header field name in quotes or otherwise distinguish it. Otherwise, it can be difficult to parse - is ?from? the header or a preposition.

But, I don?t like ?author?s domain?. Who or what is the author? Why not just say ?the Mailman server?s domain? since that?s what it?s going to be aligned with. 

>    'no': Do nothing special.  This is appropriate for anonymous lists.
>    It is appropriate for dedicated announcement lists, unless the
>    "From" address is not within the Mailman host's domain.  [FIXME:
>    Maybe None is a better value here.  Of course that's not backward
>    compatible, but with the name change it would be possible to check
>    the old from_is_list.]

None is better. No would only be appropriate if ?yes? was the other option. But backwards compatibility is important too (even if it?s not to most large computer companies :-( ).


-- 
Larry Stone
lstone19 at stonejongleux.com
http://www.stonejongleux.com/




From fmouse at fmp.com  Thu May  1 06:06:09 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Wed, 30 Apr 2014 23:06:09 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <53619890.3050403@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
Message-ID: <1398917169.8417.53.camel@pudina.fmp.com>

On Wed, 2014-04-30 at 17:42 -0700, Mark Sapiro wrote:
> If this is set to Wrap Message, just wrap the message in an outer
> message From: the list with Content-Type: message/rfc822.
> 
Since this is the _outer_ wrapper, shouldn't this be multipart/mixed?
The inner _real_ list post is Content-Type: message/rfc822.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From fmouse at fmp.com  Thu May  1 06:08:44 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Wed, 30 Apr 2014 23:08:44 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <53619890.3050403@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
Message-ID: <1398917324.8417.55.camel@pudina.fmp.com>

On Wed, 2014-04-30 at 17:42 -0700, Mark Sapiro wrote:
> Note I also removed the bit about SPF and DKIM signing. They actually
> may help with acceptance of your list mail by some ESPs, but not because
> of DMARC, and the note could discourage people from using this when it
> shouldn't.

DKIM signing isn't readily available for many MTAs, so this is good.  My
server uses courier-MTA for which DKIM signing isn't well developed.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From mark at msapiro.net  Thu May  1 06:10:00 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 30 Apr 2014 21:10:00 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>	<536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5361C918.5000106@msapiro.net>

On 04/30/2014 07:57 PM, Stephen J. Turnbull wrote:
> 
> May as well rewrite the doc ... here goes:
> 
>     from_alignment:  Try to ensure that From is not "misaligned" with
>     the author's domain, to conform with protocols like DMARC.
>     [FIXME: I don't see how to avoid the double negative.  Help?!]


I'm not sure what to change at this point. I really don't want another
change in the attribute name, but maybe.

I'm also not sure about alignment as that is a technical term in the
DMARC spec and may be more technical than we want here.

If I understand the double negative remark, what about 'From is
"aligned" ...', but that really is not the issue. The issue is that if
the From: domain publishes a DMARC p=reject policy, that domain must
align with that of a valid DKIM signature or a valid SPF envelope
sender/server. The SPF won't align because the envelope is from the
list's domain for bounce processing, and the DKIM sig from the author's
domain won't validate because of list transformations on the message.

We are really rewriting the From: header (I need to remove the 'sender'
wording) to avoid it's containing the author's address because that
address won't pass DMARC.


>     This setting replaces the from_is_list setting, which is now
>     deprecated.  Existing from_is_list settings will be respected.
> 
>     Several protocols now in wide use attempt to ensure that use of
>     the domain in the author's address (ie, in the From header field)
>     is authorized by that domain.  These protocols may be incompatible
>     with common list features such as footers, causing participating
>     email services to bounce list traffic merely because of the
>     address in the From field.  *This has resulted in members being
>     unsubscribed despite being perfectly able to receive mail.*
> 
>     The following actions are applied to messages where use of such a
>     protocol is detected by Mailman.  [FIXME: Is that correct?]


The current from_is_list applies to all list messages.
dmarc_moderation_action applies only to messages From: a domain "where
use of such a protocol is detected by Mailman."


>     Valid values:
> 
>     'no': Do nothing special.  This is appropriate for anonymous lists.
>     It is appropriate for dedicated announcement lists, unless the
>     "From" address is not within the Mailman host's domain.  [FIXME:
>     Maybe None is a better value here.  Of course that's not backward
>     compatible, but with the name change it would be possible to check
>     the old from_is_list.]
> 
>     'shift author': Shift the address(es) in From to Reply-To
>     (preserving existing addresses in Reply-To), and insert the list's
>     [posting?] address in From.
>
>     'wrap message': Treat the message as a MIME forward with list in
>     From and the original message encapsulated in a MIME message/rfc822
>     part.  Subscribers will perceive this as a "one message digest".
>     [FIXME: Should this respect the MIME vs. legacy encapsulation
>     ('digest') setting?  If 'yes', that setting should move to General
>     or so?]


I don't want to go the FIXME route. It's too hard for this release.
Also, are you suggesting doing this for all messages based on what is
now Digest options-> mime_is_default_digest or doing it per user based
on the user's "Get MIME or Plain Text Digests?" (which has a value for
everyone even if they don't get digests). Of course, we are only
concerned with non-digest members here and their value is probably the
list default anyway.

Also, this (legacy encapsulation) really only differs from the Munge
>From option in that a few headers are copied to the body of the message
and non-text/plain part are scrubbed, and I don't know how valuable it
would be.


>  > These settings play as expected with the anonymous_list and Reply-To:
> 
> What does "as expected" mean?  (If *I* have to ask.... :-)


Point taken.


>  > header munging settings below with the exception of adding "via
>  > real_name" to the display name in the From: for an anonymous list and
> 
> ??  Adding real name to From in an *anonymous* list?


real_name refers the the list attribute which is the list name with
possibly different capitalization, but I see it should be changed.


>  > adding the poster's address to Reply-To: in almost all cases.
>  > 
>  > If anonymous_list is Yes, there is no reason to set from_is_list to
>  > anything other than No.
> 
> Unnecessary with my wording above.
> 
>  > If dmarc_moderation_action applies to this message with an action other
>  > than Accept, that action rather than this is applied
> 
> This doesn't seem correct.  True, if Reject (aka "emit backscatter")
> or Discard, the message will never reach this point.  But if it's
> Hold, this processing will be applied if the message is accepted by
> the moderator.  How about


Hold is not an option for dmarc_moderation_action. it is the action
which applies to messages From: a domain with DMARC policy p=reject an
optionally p=quarantine. The possible actions are Accept, Munge From,
Wrap Message, Reject or Discard


>     See also dmarc_moderation_action (which will be applied earlier in
>     processing than this feature).
> 


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Thu May  1 06:13:26 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Wed, 30 Apr 2014 23:13:26 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <1398917606.8417.57.camel@pudina.fmp.com>

On Thu, 2014-05-01 at 11:57 +0900, Stephen J. Turnbull wrote:
>     from_alignment:  Try to ensure that From is not "misaligned" with
>     the author's domain, to conform with protocols like DMARC.
>     [FIXME: I don't see how to avoid the double negative.  Help?!]

    from_alignment:  Try to ensure that From is "aligned" with
    the author's domain, to conform with protocols like DMARC.
 
-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From mark at msapiro.net  Thu May  1 06:20:21 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 30 Apr 2014 21:20:21 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <1398917169.8417.53.camel@pudina.fmp.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <1398917169.8417.53.camel@pudina.fmp.com>
Message-ID: <5361CB85.3080601@msapiro.net>

On 04/30/2014 09:06 PM, Lindsay Haisley wrote:
> On Wed, 2014-04-30 at 17:42 -0700, Mark Sapiro wrote:
>> If this is set to Wrap Message, just wrap the message in an outer
>> message From: the list with Content-Type: message/rfc822.
>>
> Since this is the _outer_ wrapper, shouldn't this be multipart/mixed?
> The inner _real_ list post is Content-Type: message/rfc822.


Actually, initially, an outer message with Content-Type: message/rfc822
is created with body equal to the original message. I.e. as described.

But, by the time the user receives it, it will have been decorated with
msg_header and/or msg_footer assuming at least one is non empty, and it
then becomes some subset of

multipart/mixed
    text/plain      <- the msg_header
    message/rfc822  <- the original message
    text/plain      <- msg_footer

but initially, it is just a single part message/rfc822 message
containing the original message, analogous to a single part text/plain
message containing a plain text body.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Thu May  1 08:33:43 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 01 May 2014 15:33:43 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <09CA4E9C-3EEF-46AD-BD23-10465FD06694@stonejongleux.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <09CA4E9C-3EEF-46AD-BD23-10465FD06694@stonejongleux.com>
Message-ID: <871twem2ig.fsf@uwakimon.sk.tsukuba.ac.jp>

Larry Stone writes:

 > Seems to me saying ?Try to ensure that 'From:' is ?aligned? with ??
 > does it.

No.  The problem is the author's email provider (ie, the mail domain
of the person whose address is in the original From).  For most lists,
Mailman does *not* want "From" to be aligned with any particular
domain, it wants to just pass "From" through.  RFC 5322 quite clear
that this is the correct behavior (as are all of its predecessors).

 > I?d prefer to put the header field name in quotes or otherwise
 > distinguish it. Otherwise, it can be difficult to parse - is ?from?
 > the header or a preposition.

Sure.

 > But, I don?t like ?author?s domain?. Who or what is the author?

"The author" is the person responsible for the content of the message,
per RFC 5322 (and all of its predecessors).  You could substitute "the
original 'From' address" if that seems more intelligible to
non-technical admins.

 > Why not just say ?the Mailman server?s domain? since that?s what
 > it?s going to be aligned with.

That may or may not be true, depending on how the host is set up.  For
example, it may not participate in SPF or DKIM at all.  DMARC
alignment is a rather complex concept.  I do not think it's a good
idea to have sloppy wording here.


From stephen at xemacs.org  Thu May  1 08:58:29 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 01 May 2014 15:58:29 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <5361C918.5000106@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5361C918.5000106@msapiro.net>
Message-ID: <87zjj2kmsq.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > I'm not sure what to change at this point. I really don't want another
 > change in the attribute name, but maybe.

Yeah, I know.  On the other hand, now that it really matters, this is
probably the last chance to make such a change.

 > I'm also not sure about alignment as that is a technical term in the
 > DMARC spec and may be more technical than we want here.

Sure.  But "from rewriting" is something we do for other reasons
(anonymous lists), and saying that message/rfc822 encapsulation is
"from rewriting" seems way too inaccurate to me.

 > >     [FIXME: Should this respect the MIME vs. legacy encapsulation
 > >     ('digest') setting?  If 'yes', that setting should move to General
 > >     or so?]
 > 
 > I don't want to go the FIXME route. It's too hard for this release.

OK.

 > Also, are you suggesting doing this for all messages based on what is
 > now Digest options-> mime_is_default_digest or doing it per user based
 > on the user's "Get MIME or Plain Text Digests?"

Per user, because of the issues we've heard about specific MUAs having
trouble with MIME encapsulation.

 > Also, this (legacy encapsulation) really only differs from the Munge
 > >From option in that a few headers are copied to the body of the message
 > and non-text/plain part are scrubbed, and I don't know how valuable it
 > would be.

True.  I mention it because we've had PRs about MIME encapsulation
already.

 > >  > header munging settings below with the exception of adding "via
 > >  > real_name" to the display name in the From: for an anonymous list and
 > > 
 > > ??  Adding real name to From in an *anonymous* list?
 > 
 > real_name refers the the list attribute which is the list name with
 > possibly different capitalization, but I see it should be changed.

OIC.  I don't think you need to mention it here; Mailman should just
DTRT.  If it's an anonymous list, the list owner should configure
'From' correctly, that's all.

 > Hold is not an option for dmarc_moderation_action. it is the action
 > which applies to messages From: a domain with DMARC policy p=reject an
 > optionally p=quarantine. The possible actions are Accept, Munge From,
 > Wrap Message, Reject or Discard

I don't understand why we need both this and list_is_from?  The latter
is a clear violation of RFC 5322, acceptable only because it's one of
the approaches the DMARC proponents (and Yahoo!) suggest for mailing
lists faced with a DMARC DoS attack.  Why not just deprecate
list_is_from in favor of dmarc_moderation_action?

From tomasbabej at gmail.com  Thu May  1 11:54:28 2014
From: tomasbabej at gmail.com (=?UTF-8?B?VG9tw6HFoSBCYWJlag==?=)
Date: Thu, 1 May 2014 11:54:28 +0200
Subject: [Mailman-Users] Private mailing list reply watcher
In-Reply-To: <53617C5C.10508@msapiro.net>
References: <536109C7.70200@gmail.com>
	<53617C5C.10508@msapiro.net>
Message-ID: <CALbnS6V-WP1n_QO39EpnSmM_9XWmOUbW8jCp83MohSiCj9h=bw@mail.gmail.com>

The situation (let's call it situation S) I want to detect is as follows:

1.) not-member writes to a private mailing list which serves as a contact
point
2.) member writes a reply to the list (usually by hitting reply-to and not
reply-all in his mail client)

Depending on the circumstances, this can be intentional or not.

* if you need to discuss the content of the non-member's message privately,
it can be intentional
* if you wanted to reply to the non-member, it is not intentional (and can
be easily missed, since
  every list member sees the email in the thread and thinks the mailing
list has been cc-ed)

Since you cannot really distinguish between these two variants, my thought
is to monitor the mailing list,
and if the situation S occurs, have a warning message replied to the list
("Warning! This email
was addressed to the mailing list only.")

My thoughts how to go with this are:

* gain access to the conferrence Mailbox, and watch it with for changes
with inotify
* on Mailbox change, parse it with python script which will detect
situation S and send a warning to the list
* list of the members can be extracted using list_members

Compared to integrating this with the mailman directly, this has the
advantage of working with any mailing
list solution (as long as list of members can be easily extracted).

Thoughts? Would anybody be interested in such tool?


On Thu, May 1, 2014 at 12:42 AM, Mark Sapiro <mark at msapiro.net> wrote:

> On 04/30/2014 07:33 AM, Tomas Babej wrote:
> >
> > I plan to write a script that will handle such cases in a generic way,
> > however, I don't like reinventing the wheel. Does anybody know if this
> > problem has already been solved?
>
>
> What problem are you trying to solve? Remailing the reply from the list
> archive to the original sender, or something else?
>
> From your Subject:, it seems you're looking for something that monitors
> list traffic and in case of a message determined to be a reply to the
> list with no Cc: to someone else, sends that message to the someone
> else, but identifying to whom might be tricky. I'd be interested in what
> you come up with.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/tomasbabej%40gmail.com
>

From post at ralfj.de  Thu May  1 14:46:24 2014
From: post at ralfj.de (Ralf Jung)
Date: Thu, 01 May 2014 14:46:24 +0200
Subject: [Mailman-Users] DMARC From munging: Keep original sender
Message-ID: <53624220.8020604@ralfj.de>

Dear all,

I am currently experimenting with the From munging of Mailman (2.1.16)
to make my lists DMARC-compliant. This is generally working, there is a
problem though: I found no way so far to tell, from the mail that's
ultimately delivered to the users, who was the original sender. No
matter whether I set reply_goes_to_list to 0 or 1 (and unfortunately,
many of my users request a 1 here :-/ ), the final mail contains no
trace of the original sender except for its pretty-printed name.

Strange enough, I found code in Mailman/Handlers/CookHeaders.py which
adds the original sender to reply-to (which I was about to suggest), but
that header does not end up in the mail.
What I would expect to happen is (with from munging):
* reply_goes_to_list=0: The reply-to header contains the sender
* reply_goes_to_list=1: The reply-to header contains the sender (due to
  munging) and the list (due to replies going to the list)

Is this a known problem? Am I doing something wrong? Any help would be
appreciated.

Kind regards
Ralf

From fmouse at fmp.com  Thu May  1 16:38:52 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Thu, 01 May 2014 09:38:52 -0500
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <53624220.8020604@ralfj.de>
References: <53624220.8020604@ralfj.de>
Message-ID: <1398955132.8417.58.camel@pudina.fmp.com>

On Thu, 2014-05-01 at 14:46 +0200, Ralf Jung wrote:
> I am currently experimenting with the From munging of Mailman (2.1.16)
> to make my lists DMARC-compliant. This is generally working, there is a
> problem though: I found no way so far to tell, from the mail that's
> ultimately delivered to the users, who was the original sender. No
> matter whether I set reply_goes_to_list to 0 or 1 (and unfortunately,
> many of my users request a 1 here :-/ ), the final mail contains no
> trace of the original sender except for its pretty-printed name.
> 
> Strange enough, I found code in Mailman/Handlers/CookHeaders.py which
> adds the original sender to reply-to (which I was about to suggest), but
> that header does not end up in the mail.
> What I would expect to happen is (with from munging):
> * reply_goes_to_list=0: The reply-to header contains the sender
> * reply_goes_to_list=1: The reply-to header contains the sender (due to
>   munging) and the list (due to replies going to the list)
> 
> Is this a known problem? Am I doing something wrong? Any help would be
> appreciated.

This is being addressed in MM 2.1.18, to be released shortly.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From post at ralfj.de  Thu May  1 16:54:02 2014
From: post at ralfj.de (Ralf Jung)
Date: Thu, 01 May 2014 16:54:02 +0200
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <1398955132.8417.58.camel@pudina.fmp.com>
References: <53624220.8020604@ralfj.de>
 <1398955132.8417.58.camel@pudina.fmp.com>
Message-ID: <5362600A.1030006@ralfj.de>

Hi,

thanks for the fast reply.

>> Strange enough, I found code in Mailman/Handlers/CookHeaders.py which
>> adds the original sender to reply-to (which I was about to suggest), but
>> that header does not end up in the mail.
>> What I would expect to happen is (with from munging):
>> * reply_goes_to_list=0: The reply-to header contains the sender
>> * reply_goes_to_list=1: The reply-to header contains the sender (due to
>>   munging) and the list (due to replies going to the list)
>>
>> Is this a known problem? Am I doing something wrong? Any help would be
>> appreciated.
> 
> This is being addressed in MM 2.1.18, to be released shortly.

So what will be the new behaviour? I read through the release notes but
could not find anything applying to this particular issue.

I just noticed that stripping reply-to headers was enabled on the list
in question, and that this is not the default (as I originally thought
it was - I wasn't the one who initially set up these lists). Stripping
happens after From munging, so this explains my issue. After disabling
stripping, the original sender remains in the Reply-To.
I would however argue that this is not expected - in particular, the
text says that the Reply-To header of the "original message" is removed,
which I read as: First the header is removed, then all the other
processing is done.

Kind regards
Ralf

From mark at msapiro.net  Thu May  1 17:01:15 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 08:01:15 -0700
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <53624220.8020604@ralfj.de>
References: <53624220.8020604@ralfj.de>
Message-ID: <536261BB.4060403@msapiro.net>

On 05/01/2014 05:46 AM, Ralf Jung wrote:
> 
> Strange enough, I found code in Mailman/Handlers/CookHeaders.py which
> adds the original sender to reply-to (which I was about to suggest), but
> that header does not end up in the mail.


It should.


> Is this a known problem? Am I doing something wrong? Any help would be
> appreciated.


The current release is 2.1.18rc3. The final will be released this
weekend. It works there. It should work in 2.1.16 as long as the list is
not fully personalized.

There are bugs fixed in 2.1.18rc3, but they don't seem relevant to your
case. See <https://bugs.launchpad.net/bugs/1311431>,
<https://bugs.launchpad.net/bugs/1312970> and
<https://bugs.launchpad.net/bugs/1313010>.

I'll try later today to duplicate this with 2.1.16.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  1 17:05:26 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 08:05:26 -0700
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <5362600A.1030006@ralfj.de>
References: <53624220.8020604@ralfj.de>
 <1398955132.8417.58.camel@pudina.fmp.com> <5362600A.1030006@ralfj.de>
Message-ID: <536262B6.6020709@msapiro.net>

On 05/01/2014 07:54 AM, Ralf Jung wrote:
> 
> I just noticed that stripping reply-to headers was enabled on the list
> in question, and that this is not the default (as I originally thought
> it was - I wasn't the one who initially set up these lists). Stripping
> happens after From munging, so this explains my issue. After disabling
> stripping, the original sender remains in the Reply-To.


The from_is_list description in 2.1.16 does say Reply-To: munging takes
priority.


> I would however argue that this is not expected - in particular, the
> text says that the Reply-To header of the "original message" is removed,
> which I read as: First the header is removed, then all the other
> processing is done.


I *think* it works as you expect in 2.1.18rc3, but I'll have to double
check.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From post at ralfj.de  Thu May  1 17:14:51 2014
From: post at ralfj.de (Ralf Jung)
Date: Thu, 01 May 2014 17:14:51 +0200
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <536262B6.6020709@msapiro.net>
References: <53624220.8020604@ralfj.de>
 <1398955132.8417.58.camel@pudina.fmp.com> <5362600A.1030006@ralfj.de>
 <536262B6.6020709@msapiro.net>
Message-ID: <536264EB.5030405@ralfj.de>

Hi,

>> I just noticed that stripping reply-to headers was enabled on the list
>> in question, and that this is not the default (as I originally thought
>> it was - I wasn't the one who initially set up these lists). Stripping
>> happens after From munging, so this explains my issue. After disabling
>> stripping, the original sender remains in the Reply-To.
> 
> 
> The from_is_list description in 2.1.16 does say Reply-To: munging takes
> priority.

Indeed, I must have missed that.

> I *think* it works as you expect in 2.1.18rc3, but I'll have to double
> check.

Distribution packages as usual lack behind...

Kind regards
Ralf

From heller at deepsoft.com  Thu May  1 17:21:28 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 1 May 2014 11:21:28 -0400
Subject: [Mailman-Users] Mailman error (2.1.16): "low level
	unrecoverable exception"
In-Reply-To: <53616C7B.4080109@msapiro.net>
References: <201404301830.s3UIUbxo003489@sharky2.deepsoft.com> 
 <53616C7B.4080109@msapiro.net>
Message-ID: <201405011521.s41FLSDE020872@sharky2.deepsoft.com>

At Wed, 30 Apr 2014 14:34:51 -0700 Mark Sapiro <mark at msapiro.net> wrote:

> 
> On 04/30/2014 11:30 AM, Robert Heller wrote:
> > What does this error message mean? "low level unrecoverable exception"
> 
> 
> It means something really bad happened. One of the Mailman web CGIs
> threw an exception and the CGI driver script encountered another
> exception while trying to log a traceback and the environment info.
> 
> 
> > I just installed my own build of mailman 2.1.16 (built under CentOS 5 x84_64)
> > as an upgrade over the stock 2.1.9 that comes with CentOS 5 and I am getting
> > this error. What should I be looking for? 
> 
> 
> Did you restart Mailman or stop before, start after?

I believe the install scripts in the RPM stop and restart Mailman.  But I will 
do an explicit shutdown of Mailman before the upgrade when I try it again.

> 
> Did you totally remove the Centos package or try to 'upgrade' it. The
> latter is not at all straightforward. See the FAQ at
> <http://wiki.list.org/x/KYCB>.

That page relates to upgrading from 2.1.5-20 or earlier.  I was upgrading from 
2.1.9, so that does not apply (?).  When I did an upgrade to 2.1.16 from an 
'bare' install of 2.1.9 on my home system, there weren't any (major) problems. 
And a fresh install of 2.1.16 (on another machine) had no problems either.

Ok, I did an explict stop of mailman, removed the old rpm (rpm -e) and then a
fresh install of the new version, started mailman, and after some minor config
tweaks, it seems to be working.

> 
> There was an issue a while back, see
> <https://mail.python.org/pipermail/mailman-users/2005-November/047814.html>,
> but this was due to a SuSE patch that referenced a Python xml library
> that wasn't installed. The specifics aren't relevant to your issue, but
> it could indicate there's something missing in your python. Have you
> installed the python-dev package?
> 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                                                                                      

From mark at msapiro.net  Thu May  1 17:31:05 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 08:31:05 -0700
Subject: [Mailman-Users] Mailman error (2.1.16): "low level
 unrecoverable exception"
In-Reply-To: <201405011521.s41FLSDE020872@sharky2.deepsoft.com>
References: <201404301830.s3UIUbxo003489@sharky2.deepsoft.com>
 <53616C7B.4080109@msapiro.net>
 <201405011521.s41FLSDE020872@sharky2.deepsoft.com>
Message-ID: <536268B9.2040105@msapiro.net>

On 05/01/2014 08:21 AM, Robert Heller wrote:
> At Wed, 30 Apr 2014 14:34:51 -0700 Mark Sapiro <mark at msapiro.net> wrote:
>>
>> Did you totally remove the Centos package or try to 'upgrade' it. The
>> latter is not at all straightforward. See the FAQ at
>> <http://wiki.list.org/x/KYCB>.
> 
> That page relates to upgrading from 2.1.5-20 or earlier.  I was upgrading from 
> 2.1.9, so that does not apply (?).


That FAQ and the mailman-developers post linked from it explain changed
in the RedHat/CentOS package beginning with 2.1.15 that render it
impossible to do a straightforward configure/install of a GNU Mailman
source distribution on top of an existing RedHat/CentOS package.


> Ok, I did an explict stop of mailman, removed the old rpm (rpm -e) and then a
> fresh install of the new version, started mailman, and after some minor config
> tweaks, it seems to be working.


Good.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From heller at deepsoft.com  Thu May  1 19:06:53 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 1 May 2014 13:06:53 -0400
Subject: [Mailman-Users] Mailman error (2.1.16): "low level
	unrecoverable exception"
In-Reply-To: <536268B9.2040105@msapiro.net>
References: <201404301830.s3UIUbxo003489@sharky2.deepsoft.com> 
 <53616C7B.4080109@msapiro.net> 
 <201405011521.s41FLSDE020872@sharky2.deepsoft.com> 
 <536268B9.2040105@msapiro.net>
Message-ID: <201405011706.s41H6roV026024@sharky2.deepsoft.com>

At Thu, 01 May 2014 08:31:05 -0700 Mark Sapiro <mark at msapiro.net> wrote:

> 
> On 05/01/2014 08:21 AM, Robert Heller wrote:
> > At Wed, 30 Apr 2014 14:34:51 -0700 Mark Sapiro <mark at msapiro.net> wrote:
> >>
> >> Did you totally remove the Centos package or try to 'upgrade' it. The
> >> latter is not at all straightforward. See the FAQ at
> >> <http://wiki.list.org/x/KYCB>.
> > 
> > That page relates to upgrading from 2.1.5-20 or earlier.  I was upgrading from 
> > 2.1.9, so that does not apply (?).
> 
> 
> That FAQ and the mailman-developers post linked from it explain changed
> in the RedHat/CentOS package beginning with 2.1.15 that render it
> impossible to do a straightforward configure/install of a GNU Mailman
> source distribution on top of an existing RedHat/CentOS package.
> 
> 
> > Ok, I did an explict stop of mailman, removed the old rpm (rpm -e) and then a
> > fresh install of the new version, started mailman, and after some minor config
> > tweaks, it seems to be working.
> 
> 
> Good.

I also found a *fatal* error in Tagger.py at line 74:

May 01 10:50:39 2014 (17899) Traceback (most recent call last):
  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 119, in _oneloop
    self._onefile(msg, msgdata)
  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 190, in _onefile
    keepqueued = self._dispose(mlist, msg, msgdata)
  File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
    more = self._dopipeline(mlist, msg, msgdata, pipeline)
  File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
    sys.modules[modname].process(mlist, msg, msgdata)
  File "/usr/lib/mailman/Mailman/Handlers/Tagger.py", line 74, in process
    mlist, msg, msgdata, Delete=False)
TypeError: change_header() got an unexpected keyword argument 'Delete'

I deleted the ', Delete=False' from the change_header parameter list and
removed Tagger.pyc and Tagger.pyo (forcing the use of the uncompiled code) as
a short term temp fix (so that mail will go through). I *presume* that this is
fixed in 2.1.18 and when that comes out (I understand it is due out "Real Soon
Now"(tm)).

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                                                                                  

From anotheranne at fables.co.za  Thu May  1 20:31:32 2014
From: anotheranne at fables.co.za (Anne Wainwright)
Date: Thu, 1 May 2014 20:31:32 +0200
Subject: [Mailman-Users] accessing relay mailman server from its
	own	network
In-Reply-To: <516B3858.2090004@msapiro.net>
References: <PC19932013041116023107503ba5250d@MSAPIRO>
 <PC1993201304121335340591f62fe871@MSAPIRO>
 <20130414171357.GA20342@fables.co.za> <516B3858.2090004@msapiro.net>
Message-ID: <20140501183132.GA22946@fables.co.za>

Hello, Mark,

A year has gone by and the system has run well. This was with the ip
address set for users on the network in the 'hosts' file and with the
'absolute=1' setting in admindb.py

Recently I changed my dns provider (from dyndns to activedns) and was
back reviewing what had happened here because I was again having the
same issues. obviously I had not handled it correctly

In the end I changed the code in admindb.py from absolute to relative
(deleted all instances of 'absolute=1', changed 'hosts' file to show the
activedns address  .... but

I still have dyndns addresses showing on the numeric/alpha address
listing both locally and from outside

I have changed DEFAULT_URL_HOST in mm_cfg.py appropriately, cleared the
browser caches. Where can this be dyndns be hiding, or is it time to run 
the fix_url script?

regards
Anne




On Sun, Apr 14, 2013 at 04:14:32PM -0700, Mark Sapiro wrote:
> On 4/14/2013 10:13 AM, Anne Wainwright wrote:
> > 
> > I have tried that with partial success, but there is another odd 
> > unmentioned behaviour that I have/had to cope with.
> > 
> > When I click on a 0-9A-Z link I am dumped outside back at the
> > login window. When I log in a second time I am presented with the
> > list of members that I wanted in the first place, subsequent
> > queries work first time. Similarly when I need to moderate a
> > message.
> 
> 
> If I understand correctly, this is what's happening in those cases.
> You have a /etc/hosts or whatever to direct the 'outside' host to the
> 'inside' host. You go to the admin or admindb page via an 'inside'
> URL (probably a bookmark) and log in. Once there, relative links work
> fine. You go to a link with an absolute URL. This points to the
> 'outside' host which as far as your browser is concerned is not the
> host that set the authentication cookie so it is not returned to the
> 'outside' host and you have to log in again. Once you have logged in
> once for each host, you are authenticated for the rest of the browser
> session.
> 
> The answer is if you have /etc/hosts or whatever routing the 'outside'
> host to the 'inside' host, never go to the 'inside' host (fix your
> bookmarks to point to the 'outside' host name).
> 
> 
> > At the moment removing the 'absolute=1' entries does the job 100%.
> 
> 
> If you do notice any issues related to this, please let me know.
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 02:07:12 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 17:07:12 -0700
Subject: [Mailman-Users] Mailman error (2.1.16): "low level
 unrecoverable exception"
In-Reply-To: <201405011706.s41H6roV026024@sharky2.deepsoft.com>
References: <201404301830.s3UIUbxo003489@sharky2.deepsoft.com>
 <53616C7B.4080109@msapiro.net>
 <201405011521.s41FLSDE020872@sharky2.deepsoft.com>
 <536268B9.2040105@msapiro.net>
 <201405011706.s41H6roV026024@sharky2.deepsoft.com>
Message-ID: <5362E1B0.3030603@msapiro.net>

On 05/01/2014 10:06 AM, Robert Heller wrote:
> 
> I also found a *fatal* error in Tagger.py at line 74:
> 
...
> TypeError: change_header() got an unexpected keyword argument 'Delete'


That's a known bug which was fixed in 2.1.17
<https://bugs.launchpad.net/mailman/+bug/1251495>.


> I deleted the ', Delete=False' from the change_header parameter list


That's the wrong fix. The correct fix is to change the spelling from
Delete=False to delete=False


> and
> removed Tagger.pyc and Tagger.pyo (forcing the use of the uncompiled code) as
> a short term temp fix (so that mail will go through).


That was unnecessary. When Python imports a module, and there is a .py
and a .pyc and maybe a .pyo, it checks the time stamps and if the .py is
more recent, it loads that and compiles it and if it has permission,
(re)writes the .pyc.


> I *presume* that this is
> fixed in 2.1.18 and when that comes out (I understand it is due out "Real Soon
> Now"(tm)).


As I note above, fixed in 2.1.17, and the final 2.1.18 release will be
this weekend barring any unforeseen personal emergencies.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From earle at isolar.DynDNS.ORG  Fri May  2 01:30:48 2014
From: earle at isolar.DynDNS.ORG (Greg Earle)
Date: Thu, 1 May 2014 16:30:48 -0700
Subject: [Mailman-Users] ht://Dig integration patches with Mailman
	2.1.12/RHEL 6.5
Message-ID: <8449B44C-A80E-49C4-AF1A-5123400DBE2C@isolar.DynDNS.ORG>

At work I'm dealing with migrating a legacy production system that
uses Mailman 2.1.9 with ht://Dig integration on a RHEL 5.x box.

I'm trying to migrate it to a RHEL 6.5 system with Mailman 2.1.12-18.

I have the indexing and ht://Dig patches for 2.1.12 and I'm trying
to integrate it into a custom RPM build, like its predecessor.  Basing
it on mailman-2.1.12-18.el6.src.rpm.

Has anyone on the list done this before?

It seems like no matter where I try to put the 2 patches in the .spec
file, there is a conflict between the htdig patch and some other patch
(like the "cron" patch or the "FHS" patch).

What's strange is that the patches for 2.1.9 seem not all that very
different, and yet that rpmbuild worked perfectly for me!  But no
such luck with 2.1.12 so far.

If I look in the old 2.1.9 version of the htdig patch file, I see
this segment for "crontab.in.in", for example:

--
diff -ruP --exclude=.DS_Store mailman-2.1.9-index/cron/crontab.in.in mailman-2.1
.9-htdig/cron/crontab.in.in
--- mailman-2.1.9-index/cron/crontab.in.in      2002-01-06 06:28:12.000000000 +0
000
+++ mailman-2.1.9-htdig/cron/crontab.in.in      2006-09-20 16:06:17.000000000 +0
100
@@ -18,6 +18,11 @@
 # or want to exclusively use a callback strategy instead of polling.
 0,5,10,15,20,25,30,35,40,45,50,55 * * * * @PYTHON@ -S @prefix@/cron/gate_news
 #
+# At 2:19am every night, regenerate htdig search files.  Only
+# turn this on if the internal archiver is used and htdig
+# use enabled in mm_cfg.py with USE_HTDIG
+19 2 * * * @PYTHON@ -S @prefix@/cron/nightly_htdig
+#
 # At 3:27am every night, regenerate the gzip'd archive file.  Only
 # turn this on if the internal archiver is used and
 # GZIP_ARCHIVE_TXT_FILES is false in mm_cfg.py
--

which assumes that line 19 has "gate_news" and "@PYTHON@" in it.

Yet if I look at the actual diffs after the 2.1.9 htdig patch was
(successfully) applied, it's somehow not the same:

--
[root at rushmore cron]# diff -u crontab.in.in.htdig crontab.in.in
--- crontab.in.in.htdig	2009-04-02 01:45:29.000000000 -0700
+++ crontab.in.in	2009-04-02 01:45:29.000000000 -0700
@@ -41,6 +41,11 @@
 # or want to exclusively use a callback strategy instead of polling.
 0,5,10,15,20,25,30,35,40,45,50,55 * * * * @MAILMAN_USER@ @prefix@/cron/gate_news
 #
+# At 2:19am every night, regenerate htdig search files.  Only
+# turn this on if the internal archiver is used and htdig
+# use enabled in mm_cfg.py with USE_HTDIG
+19 2 * * * @PYTHON@ -S @prefix@/cron/nightly_htdig
+#
 # At 3:27am every night, regenerate the gzip'd archive file.  Only
 # turn this on if the internal archiver is used and
 # GZIP_ARCHIVE_TXT_FILES is false in mm_cfg.py
--

Note the "@MAILMAN_USER@" on the "gate_news" line (which is now line 42
after the "cron" patch had been applied).  Plus, after the "cron" patch
was applied, the line numbers in the "htdig" patch are no longer correct.

In other words, shouldn't the 2.1.9 patch have choked as well, just
as the 2.1.12 patch seems to be doing to me now?

I tried changing the current 2.1.12 htdig patch and put in "@MAILMAN_USER@".

Now the htdig patch works - but then I get an immediate .rej file from
the FHS patch right afterwards.  :-(

The htdig patch assumes FHS hasn't been applied yet - but if htdig is
applied before FHS, then FHS breaks because it doesn't know about the
added "archives/htdig" entry in VAR_DIRS that the htdig patch put there.

I re-ran the 2.1.9 rpmbuild and sure enough, it worked perfectly fine:

--
[...]
Patch #4 (mailman-cron.patch):
+ patch -p1 -b --suffix .cron -s
+ echo 'Patch #5 (indexing-2.1.9-0.1.patch):'
Patch #5 (indexing-2.1.9-0.1.patch):
+ patch -p1 -b --suffix .indexing -s
+ echo 'Patch #6 (htdig-2.1.9-0.1.patch):'
Patch #6 (htdig-2.1.9-0.1.patch):
+ patch -p1 -b --suffix .htdig -s
+ echo 'Patch #7 (mailman-FHS.patch):'
Patch #7 (mailman-FHS.patch):
+ patch -p1 -b --suffix .FHS -s
[...]
--

At this point I'm more shocked that the 2.1.9 patches worked, given what
I've seen with the 2.1.12 patches.  Color me baffled at this point!

If anyone has successfully done this integration and can offer any pointers
(like what order to do the patching, and what patch number in the spec file
to insert them into, or what obvious thing I'm doing wrong), feel free to
respond or send me e-mail directly and take it off-line.

Thanks,

	- Greg


From mark at msapiro.net  Fri May  2 02:19:35 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 17:19:35 -0700
Subject: [Mailman-Users] accessing relay mailman server from its
	own	network
In-Reply-To: <20140501183132.GA22946@fables.co.za>
References: <PC19932013041116023107503ba5250d@MSAPIRO>
 <PC1993201304121335340591f62fe871@MSAPIRO>
 <20130414171357.GA20342@fables.co.za> <516B3858.2090004@msapiro.net>
 <20140501183132.GA22946@fables.co.za>
Message-ID: <5362E497.3040605@msapiro.net>

On 05/01/2014 11:31 AM, Anne Wainwright wrote:
> 
> I still have dyndns addresses showing on the numeric/alpha address
> listing both locally and from outside


I do not understand "the numeric/alpha address listing"

Where specifically do you see these?


> I have changed DEFAULT_URL_HOST in mm_cfg.py appropriately, cleared the
> browser caches. Where can this be dyndns be hiding, or is it time to run 
> the fix_url script?


Probably. See the FAQ at <http://wiki.list.org/x/mIA9>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 02:55:21 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 17:55:21 -0700
Subject: [Mailman-Users] ht://Dig integration patches with Mailman
 2.1.12/RHEL 6.5
In-Reply-To: <8449B44C-A80E-49C4-AF1A-5123400DBE2C@isolar.DynDNS.ORG>
References: <8449B44C-A80E-49C4-AF1A-5123400DBE2C@isolar.DynDNS.ORG>
Message-ID: <5362ECF9.7060503@msapiro.net>

On 05/01/2014 04:30 PM, Greg Earle wrote:
> 
> I have the indexing and ht://Dig patches for 2.1.12 and I'm trying
> to integrate it into a custom RPM build, like its predecessor.  Basing
> it on mailman-2.1.12-18.el6.src.rpm.


I can't help at all with RPM packaging, but I can tell you that this
diff is for a user crontab designed to be 'configured' into crontab.in
and then installed as a user crontab in, e.g. /var/spool/mailman


> diff -ruP --exclude=.DS_Store mailman-2.1.9-index/cron/crontab.in.in mailman-2.1
> .9-htdig/cron/crontab.in.in
> --- mailman-2.1.9-index/cron/crontab.in.in      2002-01-06 06:28:12.000000000 +0
> 000
> +++ mailman-2.1.9-htdig/cron/crontab.in.in      2006-09-20 16:06:17.000000000 +0
> 100
> @@ -18,6 +18,11 @@
>  # or want to exclusively use a callback strategy instead of polling.
>  0,5,10,15,20,25,30,35,40,45,50,55 * * * * @PYTHON@ -S @prefix@/cron/gate_news
>  #
> +# At 2:19am every night, regenerate htdig search files.  Only
> +# turn this on if the internal archiver is used and htdig
> +# use enabled in mm_cfg.py with USE_HTDIG
> +19 2 * * * @PYTHON@ -S @prefix@/cron/nightly_htdig
> +#
>  # At 3:27am every night, regenerate the gzip'd archive file.  Only
>  # turn this on if the internal archiver is used and
>  # GZIP_ARCHIVE_TXT_FILES is false in mm_cfg.py


and this diff is for a system crontab designed to be configured into
crontab.in and installed as, e.g., /etc/cron.d/mailman


> [root at rushmore cron]# diff -u crontab.in.in.htdig crontab.in.in
> --- crontab.in.in.htdig	2009-04-02 01:45:29.000000000 -0700
> +++ crontab.in.in	2009-04-02 01:45:29.000000000 -0700
> @@ -41,6 +41,11 @@
>  # or want to exclusively use a callback strategy instead of polling.
>  0,5,10,15,20,25,30,35,40,45,50,55 * * * * @MAILMAN_USER@ @prefix@/cron/gate_news
>  #
> +# At 2:19am every night, regenerate htdig search files.  Only
> +# turn this on if the internal archiver is used and htdig
> +# use enabled in mm_cfg.py with USE_HTDIG
> +19 2 * * * @PYTHON@ -S @prefix@/cron/nightly_htdig
> +#
>  # At 3:27am every night, regenerate the gzip'd archive file.  Only
>  # turn this on if the internal archiver is used and
>  # GZIP_ARCHIVE_TXT_FILES is false in mm_cfg.py
> --

I.e. the htdig patches are for a GNU Mailman source distribution which
assumes the crontab will be installed as the mailman user's crontab
whereas the RedHat package assumes a system crontab, thus the extra
field for the user to run as. I suspect RedHat's crontab drops the
Python command because it's in a shebang line in the cron files anyway
and it avoids a python version dependency in the crontab.

Sorry I can't offer more help.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 03:04:40 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 18:04:40 -0700
Subject: [Mailman-Users] ht://Dig integration patches with Mailman
 2.1.12/RHEL 6.5
In-Reply-To: <5362ECF9.7060503@msapiro.net>
References: <8449B44C-A80E-49C4-AF1A-5123400DBE2C@isolar.DynDNS.ORG>
 <5362ECF9.7060503@msapiro.net>
Message-ID: <5362EF28.7080605@msapiro.net>

On 05/01/2014 05:55 PM, Mark Sapiro wrote:
> 
> I can't help at all with RPM packaging, but I can tell you that this
> diff is for a user crontab designed to be 'configured' into crontab.in
> and then installed as a user crontab in, e.g. /var/spool/mailman


That should have been /var/spool/cron/mailman.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 05:29:30 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 20:29:30 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>	<536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5363111A.6050900@msapiro.net>

Here's what I've got. I didn't change the name of the setting, but I
changed its description and all the detail. I now have


from_is_list (general): Replace the From: header address with the list's
posting address to mitigate issues stemming from the original From:
domain's DMARC or similar policies.

Several protocols now in wide use attempt to ensure that use of the
domain in the author's address (ie, in the From: header field) is
authorized by that domain. These protocols may be incompatible with
common list features such as footers, causing participating email
services to bounce list traffic merely because of the address in the
From: field. *This has resulted in members being unsubscribed despite
being perfectly able to receive mail.*

The following actions are applied to all list messages when selected
here. To apply these actions only to messages where the domain in the
From: header is determined to use such a protocol, see the
dmarc_moderation_action settings under Privacy options... -> Sender filters.

Settings:

No
    Do nothing special. This is appropriate for anonymous lists. It is
appropriate for dedicated announcement lists, unless the From: address
of authorized posters might be in a domain with a DMARC or similar
policy. It is also appropriate if you choose to use
dmarc_moderation_action other than Accept for this list.
Munge From
    This action replaces the poster's address in the From: header with
the list's posting address and adds the poster's address to the
Reply-To: header.
Wrap Message
    Just wrap the message in an outer message with the From: header
containing the list's posting address and with the original From:
address added to the Reply-To: header and with Content-Type:
message/rfc822. This is effectively a one message MIME format digest.

The transformations for anonymous_list are applied before any of these
actions, so if actions other than No are applied on an anonymous list,
they will apply to the anonymized message.

The Reply-To: header munging actions below interact with these actions
as follows:

first_strip_reply_to = Yes will remove all the incoming Reply-To:
addresses but will still add the poster's address to Reply-To: for all
three settings of reply_goes_to_list which respectively will result in
just the poster's address, the poster's address and the list posting
address or the poster's address and the explicit reply_to_address in the
outgoing Reply-To: header.

[Note: is the above what we want? I think so, but others are adding a
header something like X-Mailman-Originally-From: (see the "The future
options for mailing list managers" section at
<http://onlinegroups.net/blog/2014/05/01/dmarc-taking-responsibility-sending-group-email/>)]

These actions do not apply to messages in digests or archives or sent to
usenet via the Mail<->News gateways.

If dmarc_moderation_action applies to this message with an action other
than Accept, that action rather than this is applied

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 05:50:22 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 20:50:22 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <87zjj2kmsq.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>	<536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>	<8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>	<5361C918.5000106@msapiro.net>
 <87zjj2kmsq.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <536315FE.90104@msapiro.net>

On 04/30/2014 11:58 PM, Stephen J. Turnbull wrote:

> Why not just deprecate
> list_is_from in favor of dmarc_moderation_action?
> 


I don't think I can for two reasons. One is technical.
dmarc_moderation_action is unreliable. If the DNS lookup times out, the
message is assumed unaffected by DMARC. This could be reversed, and in
any case, I plan to make the timeouts an mm_cfg.py setting, but I think
this is an issue. It also requires installation of the 3rd party
dnspython package, and if that's not there, all messages pass. I did
build a test into configure so it will error out if dnspython isn't
installed. None of these is a show stopper for this feature, but some
may just want to apply whatever action to all messages.

The other is social. My largest and highest traffic production list is
the discussion list for my bicycle club.

If I could, I would set dmarc_moderation_action to Reject with a gentle
suggestion to find another ESP to post from, but I can't. One particular
member of the board of directors is a very vocal and not very technical
Yahoo user who I think would have a fit if her mail were "singled out"
for differing treatment, even if only that hers was munged and mine
wasn't. I have tried in the past to programmatically hold or reject "me
too" posts and others that have way more quoted that original material.
(Almost everyone top posts and quotes the entire message being replied
to.) I was forced by a few vociferous complainers who got the boards
attention to back off.

Anyway, my point is list owners don't always have the freedom to do
whatever they want. If their list serves an organization, the policies
of that organization can override good sense.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 06:20:01 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 21:20:01 -0700
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <536262B6.6020709@msapiro.net>
References: <53624220.8020604@ralfj.de>
 <1398955132.8417.58.camel@pudina.fmp.com> <5362600A.1030006@ralfj.de>
 <536262B6.6020709@msapiro.net>
Message-ID: <53631CF1.5020600@msapiro.net>

On 05/01/2014 08:05 AM, Mark Sapiro wrote:
> On 05/01/2014 07:54 AM, Ralf Jung wrote:
>>
>> I just noticed that stripping reply-to headers was enabled on the list
>> in question, and that this is not the default (as I originally thought
>> it was - I wasn't the one who initially set up these lists). Stripping
>> happens after From munging, so this explains my issue. After disabling
>> stripping, the original sender remains in the Reply-To.
> 
> I *think* it works as you expect in 2.1.18rc3, but I'll have to double
> check.


In 2.1.18rc3 with first_strip_reply_to = Yes and reply_goes_to_list =
Poster, the poster's From: address is in Reply-To:, but not for the
other settings of reply_goes_to_list. I'm changing it for the final so
the poster's From: address will always be in Reply-To: when from_is list
is other than No.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Fri May  2 06:26:06 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Thu, 01 May 2014 23:26:06 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <5363111A.6050900@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
Message-ID: <1399004766.5954.8.camel@pudina.fmp.com>

On Thu, 2014-05-01 at 20:29 -0700, Mark Sapiro wrote:
> first_strip_reply_to = Yes will remove all the incoming Reply-To:
> addresses but will still add the poster's address to Reply-To: for all
> three settings of reply_goes_to_list which respectively will result in
> just the poster's address, the poster's address and the list posting
> address or the poster's address and the explicit reply_to_address in the
> outgoing Reply-To: header.

If first_strip_reply_to = No there are two possible situations which
aren't covered in your (much improved!) self-doc.  Either the original
poster included a Reply-To:, or not.  If not, then I assume the original
From: address is put into the Reply-To: address. Yes?  If the original
poster included a Reply-To: address then DMARC forces us into a
situation in which we can't avoid information loss.  Either the poster's
Reply-To: is overwritten with the original From:, or the original
Reply-To: is retained and the original From: address is lost.  Which is
it?

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From stephen at xemacs.org  Fri May  2 06:33:57 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 02 May 2014 13:33:57 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <5363111A.6050900@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5363111A.6050900@msapiro.net>
Message-ID: <87sioslryi.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > from_is_list (general): Replace the From: header address with the list's
 > posting address to mitigate issues stemming from the original From:
 > domain's DMARC or similar policies.

That's good!

[snip my suggestion :]

 > The following actions are applied to all list messages when selected
 > here. To apply these actions only to messages where the domain in the
 > From: header is determined to use such a protocol, see the
 > dmarc_moderation_action settings under Privacy options... -> Sender filters.

Good!  Maybe even "encourage" use of d_m_a?

 > No
 >     Do nothing special. This is appropriate for anonymous lists.

[snip]

 > The transformations for anonymous_list are applied before any of these
 > actions, so if actions other than No are applied on an anonymous list,
 > they will apply to the anonymized message.

This may be confusing?

 > 
 > The Reply-To: header munging actions below interact with these actions
 > as follows:
 > 
 > first_strip_reply_to = Yes will remove all the incoming Reply-To:
 > addresses but will still add the poster's address to Reply-To: for all
 > three settings of reply_goes_to_list which respectively will result in
 > just the poster's address, the poster's address and the list posting
 > address or the poster's address and the explicit reply_to_address in the
 > outgoing Reply-To: header.
 > 
 > [Note: is the above what we want? I think so, but others are adding a
 > header something like X-Mailman-Originally-From:

IIUC, yes, that's what we want.  OnlineGroups has some features
Mailman doesn't (yet?) to handle the "reply munging" issue AIUI.

(1) X- fields are deprecated.  They don't actually help in creating
    "private" protocols, and (not relevant to us here, I think) they
    make it difficult to upgrade to the standardized version.

(2) I think this is pretty useless (with one exception), because most
    MUAs won't display the information.  Even with "Show Source" (how
    many AOLers use that?), you have to dig through a thicket of trace
    fields and spam scores.  Better to log the information.  But why
    do that when we archive the original message as received?  (In
    fact, if we do this correctly it would be possible to post-archive
    DKIM-verify messages!  GSoC 2015? :-)

 > (see the "The future options for mailing list managers" section at
 > <http://onlinegroups.net/blog/2014/05/01/dmarc-taking-responsibility-sending-group-email/>)]

They don't seem to think it's terribly useful though, it's just a sort
of trace field.  BTW, that blog also says

    The attackers succeeded in accessing about 20% of AOL users? email
    accounts and obtaining details of their contacts.

I hope that means that AOL is now down to the 100 Stupidest On-Line
Americans, of whom 20 were fooled....  But I digress.

 > These actions do not apply to messages in digests or archives or
 > sent to usenet via the Mail<->News gateways.

Is that true of dmarc_moderation_action, too?  (I assume so and would
consider it a bug if not.)




From stephen at xemacs.org  Fri May  2 06:48:52 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 02 May 2014 13:48:52 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <536315FE.90104@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5361C918.5000106@msapiro.net>
 <87zjj2kmsq.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536315FE.90104@msapiro.net>
Message-ID: <87r44clr9n.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > dmarc_moderation_action is unreliable. If the DNS lookup times out, the
 > message is assumed unaffected by DMARC.

Ouch.  I suppose you could hard-code a list of miscreants, er, domains
that have used p=reject and fall back on that (including a check for a
change in policy of DMARC DoS'ers that results in an email to owner).

 > If I could, I would set dmarc_moderation_action to Reject with a gentle
 > suggestion to find another ESP to post from, but I can't.

Heck, even I don't recommend that (I do it, but that's only because I
*can* -- as I've mentioned my users are all looking for excuses to
switch to GMail anyway if they haven't done so already).

 > One particular member of the board of directors is a very vocal and
 > not very technical Yahoo user who I think would have a fit if her
 > mail were "singled out" for differing treatment, even if only that
 > hers was munged and mine wasn't.

Tell her it's mandated by Yahoo! and hard-coded in Mailman (blame
Barry! and don't tell her about the Time Machine), *your* hands are
tied. :-)

 > I have tried in the past to programmatically hold or reject "me
 > too" posts and others that have way more quoted that original material.
 > (Almost everyone top posts and quotes the entire message being replied
 > to.)

But this is different: it really is censorship.  It's censorship I
agree with, it's censorship that doesn't actually infringe on freedom
of expression, but it is prohibiting certain (obnoxious) forms of
expression.

N.B. If top posting bothered me (in channels where it is customary, it
doesn't bother me any more :-), I would implement a Handler that
removes trailing quoted material and substitutes a link to the
archives (if possible to the In-Reply-To message).

From post-mailman-users at partan.com  Fri May  2 06:57:20 2014
From: post-mailman-users at partan.com (Andrew Partan)
Date: Fri, 2 May 2014 00:57:20 -0400
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <5363111A.6050900@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
Message-ID: <20140502045720.GA16995@partan.com>

On Thu, May 01, 2014 at 08:29:30PM -0700, Mark Sapiro wrote:
> Here's what I've got. I didn't change the name of the setting, but I
> changed its description and all the detail. I now have

Do you have a setting to change From: user at domain to From: user at domain.INVALID
- that is the hack I would like to use.

Andrew Partan

From mark at msapiro.net  Fri May  2 07:09:53 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 22:09:53 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <1399004766.5954.8.camel@pudina.fmp.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <1399004766.5954.8.camel@pudina.fmp.com>
Message-ID: <536328A1.9090701@msapiro.net>

On 05/01/2014 09:26 PM, Lindsay Haisley wrote:
> 
> If first_strip_reply_to = No there are two possible situations which
> aren't covered in your (much improved!) self-doc.  Either the original
> poster included a Reply-To:, or not.  If not, then I assume the original
> From: address is put into the Reply-To: address. Yes?


Yes.


> If the original
> poster included a Reply-To: address then DMARC forces us into a
> situation in which we can't avoid information loss.  Either the poster's
> Reply-To: is overwritten with the original From:, or the original
> Reply-To: is retained and the original From: address is lost.  Which is
> it?


Neither. The poster's From: address is merged with the other addresses
in the original Reply-To:. I.e. The Poster's From: address will be there
as will all the other addresses in the original Reply-To:, but there
will be no duplicates.

What do I need to change to make this clear. Note that earlier under the
Munge From action, it says "... and adds the poster's address to the
Reply-To: header" and under the Wrap Message action it says "with the
original From: address added to the Reply-To: header".

So it seems clear to me that we're *adding* the From: address to
Reply-To: and the only question is how does first_strip_reply_to affect
this, and the answer is if it's Yes, the Reply-To: we're adding to was
stripped and is empty, and if No we're adding to the original. Do I have
to repeat that last bit further down?

Maybe instead of "the Reply-To: header" in the two action statements, I
should say "the addresses in the original Reply-To: header". I.e. "...
and adds the poster's address to the addresses in the original Reply-To:
header" and "with the original From: address added to the addresses in
the original Reply-To: header". Does that help?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 07:20:49 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 22:20:49 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <87sioslryi.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>	<536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>	<8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>	<5363111A.6050900@msapiro.net>
 <87sioslryi.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <53632B31.3060808@msapiro.net>

On 05/01/2014 09:33 PM, Stephen J. Turnbull wrote:
> Mark Sapiro writes:
> 
>  > The transformations for anonymous_list are applied before any of these
>  > actions, so if actions other than No are applied on an anonymous list,
>  > they will apply to the anonymized message.
> 
> This may be confusing?


How about "... if actions other than No are applied on an anonymous
list, they will be redundant."

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May  2 07:50:00 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 01 May 2014 22:50:00 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <20140502045720.GA16995@partan.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <20140502045720.GA16995@partan.com>
Message-ID: <53633208.9020907@msapiro.net>

On 05/01/2014 09:57 PM, Andrew Partan wrote:
> 
> Do you have a setting to change From: user at domain to From: user at domain.INVALID
> - that is the hack I would like to use.


No, not currently. It is an interesting idea, but it may cause issues in
delivery of mail From: a non-existent domain.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Fri May  2 08:29:27 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Fri, 02 May 2014 01:29:27 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <536328A1.9090701@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <1399004766.5954.8.camel@pudina.fmp.com> <536328A1.9090701@msapiro.net>
Message-ID: <1399012167.5954.27.camel@pudina.fmp.com>

On Thu, 2014-05-01 at 22:09 -0700, Mark Sapiro wrote:
> So it seems clear to me that we're *adding* the From: address to
> Reply-To: and the only question is how does first_strip_reply_to affect
> this, and the answer is if it's Yes, the Reply-To: we're adding to was
> stripped and is empty, and if No we're adding to the original. Do I have
> to repeat that last bit further down?

I hadn't considered that a Reply-To: address can be plural, which makes
perfect sense.  A single sentence, perhaps just a reference to other
text, covering first_strip_reply_to = No might be in order to pair with
your explicit discussion of first_strip_reply_to = Yes.

The whole issue is complex, and the measures in Mailman to address it
are similarly complex.  Your changes to the internal docs are certainly
an improvement and probably about as good as can be done with a bad
situation.  There may be a problem with being _too_ wordy in explaining
it.

Here's a suggestion:

        first_strip_reply_to = Yes will remove all the incoming
        Reply-To:
        addresses but will still add the poster's address to Reply-To:
        for all three settings of reply_goes_to_list which respectively
        will result in just the poster's address, the poster's address
        and the list posting address or the poster's address and the
        explicit reply_to_address in the outgoing Reply-To: header.  If
        first_strip_reply_to = No the poster's address in the From:
        header, if not already included in the Reply-To:, will be
        appended to any existing Reply-To: address(es).
        
Last sentence added.  Is this correct, and reasonable?


-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From anotheranne at fables.co.za  Fri May  2 09:31:52 2014
From: anotheranne at fables.co.za (Anne Wainwright)
Date: Fri, 2 May 2014 09:31:52 +0200
Subject: [Mailman-Users] accessing relay mailman server from its
	own	network
In-Reply-To: <5362E497.3040605@msapiro.net>
References: <PC19932013041116023107503ba5250d@MSAPIRO>
 <PC1993201304121335340591f62fe871@MSAPIRO>
 <20130414171357.GA20342@fables.co.za> <516B3858.2090004@msapiro.net>
 <20140501183132.GA22946@fables.co.za> <5362E497.3040605@msapiro.net>
Message-ID: <20140502073152.GA26451@fables.co.za>

On Thu, May 01, 2014 at 05:19:35PM -0700, Mark Sapiro wrote:
> On 05/01/2014 11:31 AM, Anne Wainwright wrote:
> > 
> > I still have dyndns addresses showing on the numeric/alpha address
> > listing both locally and from outside
> 
> 
> I do not understand "the numeric/alpha address listing"

I was not clear there, I meant the 0-9, A-Z tabular listing of members
under Membership Management / Membership List.
> 
> Where specifically do you see these?
> 
> 
> > I have changed DEFAULT_URL_HOST in mm_cfg.py appropriately, cleared the
> > browser caches. Where can this be dyndns be hiding, or is it time to run 
> > the fix_url script?
> 
> 
> Probably. See the FAQ at <http://wiki.list.org/x/mIA9>.

That is a clear exposition of the issue, I will go that route.

many thanks
Anne

> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/anotheranne%40fables.co.za

From turnbull at sk.tsukuba.ac.jp  Fri May  2 09:58:08 2014
From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Fri, 02 May 2014 16:58:08 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <20140502045720.GA16995@partan.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5363111A.6050900@msapiro.net> <20140502045720.GA16995@partan.com>
Message-ID: <87lhuklii7.fsf@uwakimon.sk.tsukuba.ac.jp>

Andrew Partan writes:

 > Do you have a setting to change From: user at domain to From:
 > user at domain.INVALID - that is the hack I would like to use.

Seems reasonable, but for the reason Mark gave and because it makes
personal replies a little bit harder, I *personally* would tend to
avoid it, and I recommend being careful to observe what's happening if
you try it (watch logs, listen for user complaints, etc).

From post at ralfj.de  Fri May  2 10:41:15 2014
From: post at ralfj.de (Ralf Jung)
Date: Fri, 02 May 2014 10:41:15 +0200
Subject: [Mailman-Users] DMARC From munging: Keep original sender
In-Reply-To: <53631CF1.5020600@msapiro.net>
References: <53624220.8020604@ralfj.de>
 <1398955132.8417.58.camel@pudina.fmp.com> <5362600A.1030006@ralfj.de>
 <536262B6.6020709@msapiro.net> <53631CF1.5020600@msapiro.net>
Message-ID: <53635A2B.7060803@ralfj.de>

Hi,

> On 05/01/2014 08:05 AM, Mark Sapiro wrote:
>> On 05/01/2014 07:54 AM, Ralf Jung wrote:
>>>
>>> I just noticed that stripping reply-to headers was enabled on the list
>>> in question, and that this is not the default (as I originally thought
>>> it was - I wasn't the one who initially set up these lists). Stripping
>>> happens after From munging, so this explains my issue. After disabling
>>> stripping, the original sender remains in the Reply-To.
>>
>> I *think* it works as you expect in 2.1.18rc3, but I'll have to double
>> check.
> 
> 
> In 2.1.18rc3 with first_strip_reply_to = Yes and reply_goes_to_list =
> Poster, the poster's From: address is in Reply-To:, but not for the
> other settings of reply_goes_to_list. I'm changing it for the final so
> the poster's From: address will always be in Reply-To: when from_is list
> is other than No.

Cool, thanks.

Kind regards
Ralf

From stephen at xemacs.org  Fri May  2 12:19:03 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 02 May 2014 19:19:03 +0900
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <53632B31.3060808@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5363111A.6050900@msapiro.net>
 <87sioslryi.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53632B31.3060808@msapiro.net>
Message-ID: <87iopolbzc.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:
 > On 05/01/2014 09:33 PM, Stephen J. Turnbull wrote:
 > > Mark Sapiro writes:
 > > 
 > >  > The transformations for anonymous_list are applied before any of these
 > >  > actions, so if actions other than No are applied on an anonymous list,
 > >  > they will apply to the anonymized message.
 > > 
 > > This may be confusing?
 > 
 > How about "... if actions other than No are applied on an anonymous
 > list, they will be redundant."

You already said that above, so it won't hurt to say it here too.  But
what I'm worried about (which was not clear, sorry!) is that if
somebody *does* turn one of these options on, the behavior they
observe will be confusing.  Ie, I wonder if

    It is probably *not* useful to apply these options to an anonymous
    list, and if you do need to do so, the result may be surprising.

isn't the most accurate statement of affairs.

Steve

From larry at qhpress.org  Fri May  2 14:27:54 2014
From: larry at qhpress.org (Larry Kuenning)
Date: Fri, 02 May 2014 08:27:54 -0400
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <87sioslryi.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <87sioslryi.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <53638F4A.9030207@qhpress.org>

(Despite the subject line, this follows up a digression by correcting 
some mistaken information about an e-mail attack on AOL.)

On 5/2/2014 12:33 AM, Stephen J. Turnbull wrote:

> BTW, that blog
> [<http://onlinegroups.net/blog/2014/05/01/dmarc-taking-responsibility-sending-group-email/>]
> also says
>
>      The attackers succeeded in accessing about 20% of AOL users? email
>      accounts and obtaining details of their contacts.
>
> I hope that means that AOL is now down to the 100 Stupidest On-Line
> Americans, of whom 20 were fooled....  But I digress.

What it actually means is that onlinegroups.net miscopied the percentage 
from the AOL blog!  The figure given by AOL is 2%.  (Discovered because 
I'm a compulsive looker-up of sources....)

-- 
Larry Kuenning
larry at qhpress.org

From her at adm.ku.dk  Fri May  2 13:59:04 2014
From: her at adm.ku.dk (Henrik Rasmussen)
Date: Fri, 2 May 2014 11:59:04 +0000
Subject: [Mailman-Users] Which file are Mailman's webpages build from?
Message-ID: <6DCC3E5DA06FE346B4DE4876C4F2713DBAE81CEC@P2KITMBX06WC03.unicph.domain>

I am running Mailman version 2.1.12. I have not been able to find a list of pages where the different HTML templates are used.

Having copied the HTML-templates, listed below, from /usr/lib/mailman/templates/da/  to /usr/lib/mailman/templates/site/da/ I would like to change the design of the web-pages. So far I am doing good a few templates, but I am not able to locate on which pages the second list of files are used Also some of the web-pages gets there information from various spurces such as the template-files, the messages file etc.

Is there an overview of which files different pages are build from?

admlogin.html
listinfo.html
emptyarchive.html
private.html
admindbdetails.html
subscribe.html
roster.html
options.html
headfoot.html
article.html
archtocnombox.html
archtoc.html
archtocentry.html
archliststart.html
archidxhead.html
archidxfoot.html
admindbsummary.html
admindbpreamble.html


Med venlig hilsen

Henrik Rasmussen
Systemadministrator, Core Services

K?BENHAVNS UNIVERSITET
Koncern-it, Drift & Support
N?rregade 10, postboks 2177
1017 K?benhavn K

Tel: 35322626
Dir 35322704
Fax 35322707
Email: her at adm.ku.dk<mailto:her at adm.ku.dk>
Web: it.ku.dk<http://it.ku.dk/>

[KU_logo]

Sp?rgsm?l af b?de faglig og teknisk karakter skal indrapporteres i KUnet's selvbetjeningssystem: "KUnet --> Selvbetjening --> It-service --> Min Servicedesk --> Opret Sag" eller via mail til it-service at adm.ku.dk<mailto:it-service at adm.ku.dk>. KUnet's selvbetjening findes p? http://sd.ku.dk<blocked::http://sd.ku.dk/>.



From mark at msapiro.net  Fri May  2 19:59:08 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 02 May 2014 10:59:08 -0700
Subject: [Mailman-Users] Which file are Mailman's webpages build from?
In-Reply-To: <6DCC3E5DA06FE346B4DE4876C4F2713DBAE81CEC@P2KITMBX06WC03.unicph.domain>
References: <6DCC3E5DA06FE346B4DE4876C4F2713DBAE81CEC@P2KITMBX06WC03.unicph.domain>
Message-ID: <5363DCEC.5000802@msapiro.net>

On 05/02/2014 04:59 AM, Henrik Rasmussen wrote:
> 
> Is there an overview of which files different pages are build from?


No. Some are built almost entirely from templates. Some are built
entirely dynamically with no template, and some are a combination.

Only the source code knows for sure.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From post-mailman-users at partan.com  Fri May  2 21:08:29 2014
From: post-mailman-users at partan.com (Andrew Partan)
Date: Fri, 2 May 2014 15:08:29 -0400
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <87lhuklii7.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <20140502045720.GA16995@partan.com>
 <87lhuklii7.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <20140502190829.GA67937@partan.com>

On Thu, 01 May 2014 at 22:52:27 -0700, Mark Sapiro wrote:
>  > Do you have a setting to change From: user at domain to From:
>  > user at domain.INVALID - that is the hack I would like to use.
> 
> No, not currently. It is an interesting idea, but it may cause issues in
> delivery of mail From: a non-existent domain.

None of the current options to try to work around the DMARC breakage
work well; all fail in various ways.

Until people figure out real ways of making DMARC work with forwrders
& mailing lists (see ietf-822 at ietf.org for one place discussions
are going on), I think it useful to have more work-around hacks out
there so that people can experiment with them to see which ones
more-or-less work in different situations.

Andrew Partan

From superuser at gmail.com  Fri May  2 21:25:51 2014
From: superuser at gmail.com (Murray S. Kucherawy)
Date: Fri, 2 May 2014 12:25:51 -0700
Subject: [Mailman-Users] Issue approving subscription requests
In-Reply-To: <53618FE7.1070106@msapiro.net>
References: <CAL0qLwb_Viqg+JtmAHE+tWusuv_18mVxyY2OceJTHf9kVxqEQQ@mail.gmail.com>
 <535FD5C4.9020206@msapiro.net>
 <CAL0qLwYWw3a1AGyQLS7uvSn6izGb16UunoMdQ4LqTGpyReY8yw@mail.gmail.com>
 <535FF1AF.6040606@msapiro.net>
 <CAL0qLwb9JovF3ZaZMDctyt-Vv6uFnEqCeYxF5uBUia31Uh54dw@mail.gmail.com>
 <53618FE7.1070106@msapiro.net>
Message-ID: <CAL0qLwa_BspQau_0jR4t-Dj9kms9oXKWUTra-oM2sqmmkz=CFw@mail.gmail.com>

On Wed, Apr 30, 2014 at 5:05 PM, Mark Sapiro <mark at msapiro.net> wrote:

> The script never worked to approve (un)subscriptions. Sorry about that.
> It's fixed now. get the version with
>
> # Copyright (C) 1998-2014 by the Free Software Foundation, Inc.
>
> from <http://www.msapiro.net/scripts/list_requests> or
> <http://fog.ccsf.edu/~msapiro/scripts/list_requests>, and it will work.
>

That worked, thanks!

-MSK

From post-mailman-users at partan.com  Sat May  3 02:21:18 2014
From: post-mailman-users at partan.com (Andrew Partan)
Date: Fri, 2 May 2014 20:21:18 -0400
Subject: [Mailman-Users] Ignore DMARC bounces?
Message-ID: <20140503002118.GA81568@partan.com>

Is there some way of ignoring the DMCAC bounces?  That way a message
From: someone at yahoo.com will not not increase the bounce count of
all Yahoo, AOL, Hotmail, ATT, MSN, and Comcast users.

Yahoo & ATT say this:
	554 5.7.9 Message not accepted for policy reasons.  See
	http://postmaster.yahoo.com/errors/postmaster-28.html

AOL says this:
	521 5.2.1 :  (DMARC) This message failed DMARC Evaluation
	and is being refused due to provided DMARC Policy

Comcast says this:
	550 5.2.0 x4fx1n03n5DGQ1A034fysP Message rejected due to
	DMARC. Please see
	http://postmaster.comcast.net/smtp-error-codes.php#DM000001

MSN/Hotmail say this:
	550 5.7.0 (BAY0-MCn-Fn) Unfortunately, messages from (N.N.N.N)
	on behalf of (yahoo.com) could not be delivered due to
	domain owner policy restrictions.)

Andrew Partan

From fmouse at fmp.com  Sat May  3 03:32:56 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Fri, 02 May 2014 20:32:56 -0500
Subject: [Mailman-Users] Ignore DMARC bounces?
In-Reply-To: <20140503002118.GA81568@partan.com>
References: <20140503002118.GA81568@partan.com>
Message-ID: <1399080776.48411.3.camel@pudina.fmp.com>

On Fri, 2014-05-02 at 20:21 -0400, Andrew Partan wrote:
> Is there some way of ignoring the DMCAC bounces?  That way a message
> From: someone at yahoo.com will not not increase the bounce count of
> all Yahoo, AOL, Hotmail, ATT, MSN, and Comcast users.
> 
> Yahoo & ATT say this:
> 	554 5.7.9 Message not accepted for policy reasons.  See
> 	http://postmaster.yahoo.com/errors/postmaster-28.html
> 
> AOL says this:
> 	521 5.2.1 :  (DMARC) This message failed DMARC Evaluation
> 	and is being refused due to provided DMARC Policy
> 
> Comcast says this:
> 	550 5.2.0 x4fx1n03n5DGQ1A034fysP Message rejected due to
> 	DMARC. Please see
> 	http://postmaster.comcast.net/smtp-error-codes.php#DM000001
> 
> MSN/Hotmail say this:
> 	550 5.7.0 (BAY0-MCn-Fn) Unfortunately, messages from (N.N.N.N)
> 	on behalf of (yahoo.com) could not be delivered due to
> 	domain owner policy restrictions.)

Set bounce_processing to No.  This will turn off all bounce processing.
To the best of my knowledge, Mailman has no way to tell the difference
between bounces caused by DMARC and those caused by other factors, such
as "user unknown".

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From mark at msapiro.net  Sat May  3 07:25:48 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 02 May 2014 22:25:48 -0700
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <1399012167.5954.27.camel@pudina.fmp.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <1399004766.5954.8.camel@pudina.fmp.com> <536328A1.9090701@msapiro.net>
 <1399012167.5954.27.camel@pudina.fmp.com>
Message-ID: <53647DDC.50800@msapiro.net>

On 05/01/2014 11:29 PM, Lindsay Haisley wrote:
> 
> There may be a problem with being _too_ wordy in explaining
> it.


Yes, and I may have gone there ;)

Here is the current entire thing. The changes are a few more words in
the Munge From and Wrap Message descriptions; adding the "If
first_strip_reply_to = No" sentence to the "first_strip_reply_to = Yes"
and changing the second sentence in the anonymous list paragraph.



from_is_list (general): Replace the From: header address with the list's
posting address to mitigate issues stemming from the original From:
domain's DMARC or similar policies.

Several protocols now in wide use attempt to ensure that use of the
domain in the author's address (ie, in the From: header field) is
authorized by that domain. These protocols may be incompatible with
common list features such as footers, causing participating email
services to bounce list traffic merely because of the address in the
From: field. This has resulted in members being unsubscribed despite
being perfectly able to receive mail.

The following actions are applied to all list messages when selected
here. To apply these actions only to messages where the domain in the
From: header is determined to use such a protocol, see the
dmarc_moderation_action settings under Privacy options... -> Sender filters.

Settings:

No
    Do nothing special. This is appropriate for anonymous lists. It is
appropriate for dedicated announcement lists, unless the From: address
of authorized posters might be in a domain with a DMARC or similar
policy. It is also appropriate if you choose to use
dmarc_moderation_action other than Accept for this list.
Munge From
    This action replaces the poster's address in the From: header with
the list's posting address and adds the poster's address to the
addresses in the original Reply-To: header.
Wrap Message
    Just wrap the message in an outer message with the From: header
containing the list's posting address and with the original From:
address added to the addresses in the original Reply-To: header and with
Content-Type: message/rfc822. This is effectively a one message MIME
format digest.

The transformations for anonymous_list are applied before any of these
actions. It is not useful to apply actions other than No to an anonymous
list, and if you do so, the result may be surprising.

The Reply-To: header munging actions below interact with these actions
as follows:

first_strip_reply_to = Yes will remove all the incoming Reply-To:
addresses but will still add the poster's address to Reply-To: for all
three settings of reply_goes_to_list which respectively will result in
just the poster's address, the poster's address and the list posting
address or the poster's address and the explicit reply_to_address in the
outgoing Reply-To: header. If first_strip_reply_to = No the poster's
address in the original From: header, if not already included in the
Reply-To:, will be added to any existing Reply-To: address(es).

These actions, whether selected here or via dmarc_moderation_action, do
not apply to messages in digests or archives or sent to usenet via the
Mail<->News gateways.

If dmarc_moderation_action applies to this message with an action other
than Accept, that action rather than this is applied

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sat May  3 07:49:12 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 02 May 2014 22:49:12 -0700
Subject: [Mailman-Users] Ignore DMARC bounces?
In-Reply-To: <20140503002118.GA81568@partan.com>
References: <20140503002118.GA81568@partan.com>
Message-ID: <53648358.9010005@msapiro.net>

On 05/02/2014 05:21 PM, Andrew Partan wrote:
> Is there some way of ignoring the DMCAC bounces?  That way a message
> From: someone at yahoo.com will not not increase the bounce count of
> all Yahoo, AOL, Hotmail, ATT, MSN, and Comcast users.


It's difficult. If The local MTA is refused and reports directly to
Mailman at SMTP time, Mailman will only see the SMTP status, e.g. 554,
521, or 550 in your examples. It is not possible to distinguish DMARC
from other failures just by this 5xx status.

More likely, the local MTA accepted the message from Mailman and is now
delivering a DSN. If every MTA delivered an RFC 3464 compliant DSN with
an RFC 1893 extended status code, one could just ignore 5.7.x bounces,
but even your example services don't all use a 5.7.x code even though
the RFC is clear that that is the code for security or policy rejection.

Then there is the fact that many real world MTAs report in their own way
and don't necessarily provide enough information to tell what the reason
is. Take a look at Mailman/Bouncers/* to get an idea of what you'd be up
against.


> Yahoo & ATT say this:
> 	554 5.7.9 Message not accepted for policy reasons.  See
> 	http://postmaster.yahoo.com/errors/postmaster-28.html
> 
> AOL says this:
> 	521 5.2.1 :  (DMARC) This message failed DMARC Evaluation
> 	and is being refused due to provided DMARC Policy
> 
> Comcast says this:
> 	550 5.2.0 x4fx1n03n5DGQ1A034fysP Message rejected due to
> 	DMARC. Please see
> 	http://postmaster.comcast.net/smtp-error-codes.php#DM000001
> 
> MSN/Hotmail say this:
> 	550 5.7.0 (BAY0-MCn-Fn) Unfortunately, messages from (N.N.N.N)
> 	on behalf of (yahoo.com) could not be delivered due to
> 	domain owner policy restrictions.)


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Sat May  3 14:43:31 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 03 May 2014 21:43:31 +0900
Subject: [Mailman-Users] yahoo.com.INVALID as a DMARC defense [was:
 2.1.18 internal documentation suggestions]
In-Reply-To: <20140502190829.GA67937@partan.com>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net> <53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5363111A.6050900@msapiro.net> <20140502045720.GA16995@partan.com>
 <87lhuklii7.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140502190829.GA67937@partan.com>
Message-ID: <87eh0bkp70.fsf@uwakimon.sk.tsukuba.ac.jp>

Andrew Partan writes:

 > Until people figure out real ways of making DMARC work with forwrders
 > & mailing lists (see ietf-822 at ietf.org for one place discussions
 > are going on), I think it useful to have more work-around hacks out
 > there so that people can experiment with them to see which ones
 > more-or-less work in different situations.

That's what they said about Reply-To munging, too.

If people want to implement them themselves and try them out, heck,
I've been wrong before and I'll be wrong again.  But I don't think
*Mailman* should proactively implement RFC violations unless there's a
clear and present danger, and then the violations should try to be
minimal.[1]

DMARC, since it causes denial of service to third parties, is such a
clear and present danger.  Here I interpret "minimal" to mean "try to
avoid to adding to the set of RFC violations out there."  I know it's
tempting to imply that yahoo.com is an invalid domain, but it's not at
all necessary given that substituting the list-post address is what
Yahoo itself suggests.  The original user is easily replied to via the
Reply-To hack.

Footnotes: 
[1]  Retroactive implementation, such as "Reply-To munging", may be
appropriate in response to customer demand.




From rob at colorist.org  Sat May  3 00:41:44 2014
From: rob at colorist.org (Rob Lingelbach)
Date: Fri, 2 May 2014 17:41:44 -0500
Subject: [Mailman-Users] Parallel list question
Message-ID: <AFA52B44-9531-4CB1-8D04-08B34AF18F96@colorist.org>

I once set this up long ago on mailman but took it down and now need to do it again but forgot how:

Want to have all subscribers to list A receive from, and be able to post to, list B. Purpose is to change the list title shown in the Subject: field, and have different admin options for list B. 

Thank you in advance. 
(And while I'm at it, thank you to those who have worked on the DMARC "enhancements.")

Rob Lingelbach
http://colorist.org



From ubuntu at fachschaft.physik.uni-bielefeld.de  Fri May  2 17:07:44 2014
From: ubuntu at fachschaft.physik.uni-bielefeld.de (Viktor Dick)
Date: Fri, 02 May 2014 17:07:44 +0200
Subject: [Mailman-Users] new users added to custom MemberAdaptor don't get
	emails
Message-ID: <5363B4C0.90008@fachschaft.physik.uni-bielefeld.de>

Hi folks,
I have a setup where lists are not open to be joined by anyone but are
managed by an LDAP database. The database is queried once an hour and
the members of each list are written to a file which is then read in
whenever anything is posted to a list.

My problem is that newly added members seem not to be recognized until I
reboot the server. The strange part is that executing
/usr/lib/mailman/bin/list_members gives the correct entries including
any newly added members while no actual mails are sent to the new
members (they don't receive the mails and there are no entries in
/var/log/mail.log) until I reboot the server.

I am guessing that the ldap part should be correct since list_members
shows the correct entries. I am attaching the files
/usr/lib/mailman/Mailman/FileMemberships.py and
/var/lib/mailman/lists/testlist/extend.py, which should contain all the
relevant information. If anyone is also interested in the part that
polls the LDAP server, the whole code can be found at
http://ldapsync.sourceforge.net/

Any help is appreciated.
Regards,
Viktor

From fmouse at fmp.com  Sat May  3 17:47:53 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sat, 03 May 2014 10:47:53 -0500
Subject: [Mailman-Users] 2.1.18 internal documentation suggestions
In-Reply-To: <53647DDC.50800@msapiro.net>
References: <1398887807.8417.36.camel@pudina.fmp.com>
 <536176B7.7020301@msapiro.net>	<53619890.3050403@msapiro.net>
 <8738gumcj0.fsf@uwakimon.sk.tsukuba.ac.jp> <5363111A.6050900@msapiro.net>
 <1399004766.5954.8.camel@pudina.fmp.com> <536328A1.9090701@msapiro.net>
 <1399012167.5954.27.camel@pudina.fmp.com> <53647DDC.50800@msapiro.net>
Message-ID: <1399132073.48411.11.camel@pudina.fmp.com>

On Fri, 2014-05-02 at 22:25 -0700, Mark Sapiro wrote:
> On 05/01/2014 11:29 PM, Lindsay Haisley wrote:
> > 
> > There may be a problem with being _too_ wordy in explaining
> > it.
>
> Yes, and I may have gone there ;)
> 
Well I think you've pretty well covered the bases.  It may take a bit of
study on the part of list admins to understand it, but this is much
improved over what it was.

This is the kind of thing that people with experience in, or knowledge
of structured programming can explain rather succinctly in logical
pseudocode, but you're working with the more traditional prose style in
which the rest of Mailman's internal docs are written, and a certain
amount of redundant verbiage is probably inevitable.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From mark at msapiro.net  Sat May  3 18:48:42 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 03 May 2014 09:48:42 -0700
Subject: [Mailman-Users] new users added to custom MemberAdaptor don't
 get emails
In-Reply-To: <5363B4C0.90008@fachschaft.physik.uni-bielefeld.de>
References: <5363B4C0.90008@fachschaft.physik.uni-bielefeld.de>
Message-ID: <53651DEA.4010909@msapiro.net>

On 05/02/2014 08:07 AM, Viktor Dick wrote:
> Hi folks,
> I have a setup where lists are not open to be joined by anyone but are
> managed by an LDAP database. The database is queried once an hour and
> the members of each list are written to a file which is then read in
> whenever anything is posted to a list.
> 
> My problem is that newly added members seem not to be recognized until I
> reboot the server. The strange part is that executing
> /usr/lib/mailman/bin/list_members gives the correct entries including
> any newly added members while no actual mails are sent to the new
> members (they don't receive the mails and there are no entries in
> /var/log/mail.log) until I reboot the server.


When you run list_members, it runs as a new, separate process so it gets
the current version of the members from a new instance of the MemberAdaptor.

However, Mailman's qrunner processes are persistent and they don't
'reload' unless Mailman is restarted. Apparently, once your
MemberAdaptor thinks it has the membership list, it doesn't try to
update it.

Note that rebooting is overkill. Just restarting Mailman should suffice.

I can't say more about what to do without actually seeing your
MemberAdaptor, however you might look at
<https://bugs.launchpad.net/mailman/+bug/558106> for an alternative.


> I am attaching the files
> /usr/lib/mailman/Mailman/FileMemberships.py and
> /var/lib/mailman/lists/testlist/extend.py, which should contain all the
> relevant information.


The list's content filtering removes non text/plain attachments. They
will come through if you ensure they have a MIME Content-Type: of
text/plain. Maybe naming them FileMemberships.py.txt and extend.py.txt
will convince your mail client to do that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sat May  3 19:03:35 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 03 May 2014 10:03:35 -0700
Subject: [Mailman-Users] Parallel list question
In-Reply-To: <AFA52B44-9531-4CB1-8D04-08B34AF18F96@colorist.org>
References: <AFA52B44-9531-4CB1-8D04-08B34AF18F96@colorist.org>
Message-ID: <53652167.8080600@msapiro.net>

On 05/02/2014 03:41 PM, Rob Lingelbach wrote:
> 
> Want to have all subscribers to list A receive from, and be able to post to, list B. Purpose is to change the list title shown in the Subject: field, and have different admin options for list B. 


Since you want the list A subscribers to get the list A subject_prefix
for posts to list B, list A needs to be a member of (subscribed to) list
B. You can't make list A a regular_include_list of list B because the
members of list A would then see list B's subject_prefix in posts to list B.

So list A is a member of list B. You need to be sure that list A's user
options include no password reminders. You can't make list B an umbrella
list (see <http://wiki.list.org/x/boA9>) because list B has regular
members and an umbrella list has only lists as members.

Then for list A members to be able to post to list B, you need @lista
(or whatever it's name is) in list B's accept_these_nonmembers and for
list B posts to not be held for implicit destination by list A, you need
to put list B's address in list A's Privacy options... -> Recipient
filters -> acceptable_aliases or turn off require_explicit_destination.
	

> (And while I'm at it, thank you to those who have worked on the DMARC "enhancements.")


Thanks from all of us for your appreciation. It's been an exciting month ...

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mike at writestarr.com  Sat May  3 19:42:42 2014
From: mike at writestarr.com (Mike Starr)
Date: Sat, 03 May 2014 12:42:42 -0500
Subject: [Mailman-Users] Parallel list question
In-Reply-To: <53652167.8080600@msapiro.net>
References: <AFA52B44-9531-4CB1-8D04-08B34AF18F96@colorist.org>
 <53652167.8080600@msapiro.net>
Message-ID: <53652A92.7000806@writestarr.com>

I'd like to add my thanks as well... the folks who have contributed to 
the discussion and I'm guessing a large number behind the scenes have 
done (and continue to do) a great service... not just to Mailman but to 
users all over the world who have no idea of the dedication and effort 
of those of you below their radar. Thank you all.

Best Regards,

Mike
-- 
Mike Starr, Writer
Technical Writer   -    Online Help Developer   -   WordPress Websites
Graphic Designer - Desktop Publisher - Custom Microsoft Word templates
(262) 694-1028   -  mike at writestarr.com   -  http://www.writestarr.com
President - Working Writers of Wisconsin http://www.workingwriters.org/

On 5/3/2014 12:03 PM, Mark Sapiro wrote:
>> >(And while I'm at it, thank you to those who have worked on the DMARC "enhancements.")
> Thanks from all of us for your appreciation. It's been an exciting month ...

From rob at colorist.org  Sat May  3 19:55:51 2014
From: rob at colorist.org (Rob Lingelbach)
Date: Sat, 3 May 2014 12:55:51 -0500
Subject: [Mailman-Users] Parallel list question
In-Reply-To: <53652167.8080600@msapiro.net>
References: <AFA52B44-9531-4CB1-8D04-08B34AF18F96@colorist.org>
 <53652167.8080600@msapiro.net>
Message-ID: <103F2683-555B-47A6-977F-42FC6E442EF1@colorist.org>


> On May 3, 2014, at 12:03 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
>> On 05/02/2014 03:41 PM, Rob Lingelbach wrote:
>> 
>> Want to have all subscribers to list A receive from, and be able to post to, list B. Purpose is to change the list title shown in the Subject: field, and have different admin options for list B. 
> 
> 
> Since you want the list A subscribers to get the list A subject_prefix
> for posts to list B,

I should have been clearer that I do want list B's subject_prefix to change.  I think I can work it out now based on your suggestions...

Incidentally, this brings up (what might be considered) a sophomoric question: how to copy a list's config over to a test version of that list, without copying over the member list?  Probably a FAQ that I should be aware of...

Now back to understanding the conditions I should implement for an active 2000+ member list on the anvil of DMARC. 

Thanks again
--
Rob Lingelbach
http://colorist.org

From mark at msapiro.net  Sat May  3 20:30:36 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 03 May 2014 11:30:36 -0700
Subject: [Mailman-Users] Mailman 2.1.18 final release
Message-ID: <536535CC.9080908@msapiro.net>

I'm pleased to announce the final release for Mailman 2.1.18.

This release has new features to help with mitigation of the impacts of
DMARC on mailing lists as well as fixing several bugs.

Python 2.4 is the minimum supported, but Python 2.7 is recommended.

There are significant new i18n strings associated with the DMARC
mitigation features. If you are interested in helping with the
translations of these strings, see <http://wiki.list.org/x/MQ>.

There is also a new dependency associated with these features. Namely,
the new Privacy options -> Sender filters -> dmarc_moderation_action
feature requires that the dnspython <http://www.dnspython.org/> package
be available in Python.

See the attached README for more details.

Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, please see:

http://www.list.org
http://www.gnu.org/software/mailman
http://mailman.sourceforge.net/

Mailman 2.1.18 can be downloaded from

https://launchpad.net/mailman/2.1/
http://ftp.gnu.org/gnu/mailman/
https://sourceforge.net/projects/mailman/

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
2.1.18 (03-May-2014)

  Dependencies

    - There is a new dependency associated with the new Privacy options ->
      Sender filters -> dmarc_moderation_action feature discussed below.
      This requires that the dnspython <http://www.dnspython.org/> package
      be available in Python.  This package can be downloaded from the above
      site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
      or installed with pip.

  New Features

    - The from_is_list feature introduced in 2.1.16 is now unconditionally
      available to list owners.  There is also, a new Privacy options ->
      Sender filters -> dmarc_moderation_action feature which applies to list
      messages where the From: address is in a domain which publishes a DMARC
      policy of reject or possibly quarantine.  This is a list setting with
      values of Accept, Wrap Message, Munge From, Reject or Discard. There is
      a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
      default for this, and the list admin UI is not able to set an action
      which is 'less' than the default.  The prior ALLOW_FROM_IS_LIST setting
      has been removed and is effectively always Yes. There is a new
      dmarc_quarantine_moderation_action list setting with default set by a
      new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
      which in turn defaults to Yes.  The list setting can be set to No to
      exclude domains with DMARC policy of quarantine from
      dmarc_moderation_action.

      dmarc_moderation_action and from_is_list interact in the following way.
      If the message is From: a domain to which dmarc_moderation_action applies
      and if dmarc_moderation_action is other than Accept,
      dmarc_moderation_action applies to that message.  Otherwise the
      from_is_list action applies.

      Also associated with dmarc_moderation_action are configuration settings
      DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described
      in more detail in Defaults.py.  There are also new vette log entries
      written when dmarc_moderation_action is found to apply to a post.

  i18n

    - Added missing <mm-digest-question-start> tag to French listinfo template.
      (LP: #1275964)

  Bug Fixes and other patches

    - Removed HTML tags from the title of a couple of rmlist.py pages because
      browsers don't render tags in the title.  (LP: #265848)

    - Most Mailman generated notices to list owners and moderators are now
      sent as Precedence: list instead of bulk.  (LP: #1313146)

    - The Reply-To: munging options weren't honored if there was no
      from_is_list action.  (LP: #1313010)

    - Changed from_is_list actions to insert the list address in Cc: if the
      list is fully personalized.  Otherwise, the list address is only in
      From: and Reply-To: overrides it.  (LP: #1312970)

    - Fixed the Munge From action to only Munge the From: and/or Reply-To: in
      the outgoing message and not in archives, digests and messages sent via
      the usenet gateway.  (LP: #1311431)

    - Fixed a long standing issue in which a notice sent to a user whose
      language is other than that of the list can cause subsequent things
      which should be in the list's language to be in the user's language
      instead.  (LP: #1308655)

    - Fixed the admin Membership List so a search string if any is not lost
      when visiting subsequent fragments of a chunked list.  (LP: #1307454)

    - For from_is_list feature, use email address from original From: if
      original From: has no display name and strip domain part from resultant
      names that look like email addresses.  (LP: #1304511)

    - Added the list name to the vette log "held message approved" entry.
      (LP: 1295875)

    - Added the CGI module name to various "No such list" error log entries.
      (LP: 1295875)

    - Modified contrib/mmdsr to report module name if present in "No such list
      error log entries.

    - Fixed a NameError exception in cron/nightly_gzip when it tries to print
      the usage message.  (LP: #1291038)

    - Fixed a bug in ListAdmin._handlepost that would crash when trying to
      preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
      is False.  (LP: #1282365)

    - The from_is_list header munging feature introduced in Mailman 2.1.16 is
      no longer erroneously applied to Mailman generated notices.
      (LP: #1279667)

    - Changed the message from the confirm CGI to not indicate approval is
      required for an acceptance of an invitation.  (LP: #1277744)

    - Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
      (LP: #1267003)

    - Added recognition for another simple warning to bounce processing.
      (LP: #1263247)

    - Fixed a few failing tests in tests/test_handlers.py.  (LP: #1262950)

    - Fixed bin/arch to not create scrubbed attachments for messages skipped
      when processing the --start= option.  (LP: #1260883)

    - Fixed email address validation to do a bit better in obscure cases.
      (LP: #1258703)

    - Fixed a bug which caused some authentication cookies to expire too soon
      if AUTHENTICATION_COOKIE_LIFETIME is non-zero.  (LP: #1257112)
 
    - Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
      (LP: #1243343)

  Miscellaneous

    - Added to the contrib directory, a script from Alain Williams to count
      posts in a list's archive.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20140503/fddbe41e/attachment.sig>

From mark at msapiro.net  Sat May  3 20:48:23 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 03 May 2014 11:48:23 -0700
Subject: [Mailman-Users] Parallel list question
In-Reply-To: <103F2683-555B-47A6-977F-42FC6E442EF1@colorist.org>
References: <AFA52B44-9531-4CB1-8D04-08B34AF18F96@colorist.org>
 <53652167.8080600@msapiro.net>
 <103F2683-555B-47A6-977F-42FC6E442EF1@colorist.org>
Message-ID: <536539F7.9020505@msapiro.net>

On 05/03/2014 10:55 AM, Rob Lingelbach wrote:
> 
> Incidentally, this brings up (what might be considered) a sophomoric question: how to copy a list's config over to a test version of that list, without copying over the member list?  Probably a FAQ that I should be aware of...


Use Mailman's bin/config_list to dump the list's configuration to a
file; edit the file to remove or change list specific things like
real_name and maybe subject_prefix, etc, and then use config_list again
to apply the settings to the test list.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sat May  3 23:55:09 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 03 May 2014 14:55:09 -0700
Subject: [Mailman-Users] new users added to custom MemberAdaptor don't
 get emails
In-Reply-To: <53651DEA.4010909@msapiro.net>
References: <53651DEA.4010909@msapiro.net>
Message-ID: <536565BD.7010903@msapiro.net>

Mark Sapiro wrote:

> On 05/02/2014 08:07 AM, Viktor Dick wrote:
>> Hi folks,
>> I have a setup where lists are not open to be joined by anyone but are
>> managed by an LDAP database. The database is queried once an hour and
>> the members of each list are written to a file which is then read in
>> whenever anything is posted to a list.
> 
> I can't say more about what to do without actually seeing your
> MemberAdaptor, however you might look at
> <https://bugs.launchpad.net/mailman/+bug/558106> for an alternative.


OK, I took a quick look at your stuff from
<http://sourceforge.net/projects/ldapsync/files/>.

I think your issue is you rely on extend.py to instantiate
FileMemberships and reload the member data when the list is instantiated.

I suspect your Mailman is 2.1.14 or older which maintains a list cache
in the qrunners so the list gets instantiated and cached and further
references to the list object retrieve it from the cache and update it
as needed, but it is never again actually instantiated so extend.py is
never called again.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From anotheranne at fables.co.za  Sun May  4 17:44:29 2014
From: anotheranne at fables.co.za (Anne Wainwright)
Date: Sun, 4 May 2014 17:44:29 +0200
Subject: [Mailman-Users] accessing relay mailman server from its
	own	network
In-Reply-To: <5362E497.3040605@msapiro.net>
References: <PC19932013041116023107503ba5250d@MSAPIRO>
 <PC1993201304121335340591f62fe871@MSAPIRO>
 <20130414171357.GA20342@fables.co.za> <516B3858.2090004@msapiro.net>
 <20140501183132.GA22946@fables.co.za> <5362E497.3040605@msapiro.net>
Message-ID: <20140504154429.GA17157@fables.co.za>

if this is a duplicate, my error, don't see my post anywhere.
see below

On Thu, May 01, 2014 at 05:19:35PM -0700, Mark Sapiro wrote:
> On 05/01/2014 11:31 AM, Anne Wainwright wrote:
> > 
> > I still have dyndns addresses showing on the numeric/alpha address
> > listing both locally and from outside
> 
> 
> I do not understand "the numeric/alpha address listing"
The 0-9A-Z table of members under Membership Management - sorry if
unclear.

> 
> Where specifically do you see these?
> 
> 
> > I have changed DEFAULT_URL_HOST in mm_cfg.py appropriately, cleared the
> > browser caches. Where can this be dyndns be hiding, or is it time to run 
> > the fix_url script?
> 
> 
> Probably. See the FAQ at <http://wiki.list.org/x/mIA9>.
This did however resolve the issue

with thanks
Anne
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/anotheranne%40fables.co.za

From fmouse at fmp.com  Sun May  4 22:07:44 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sun, 04 May 2014 15:07:44 -0500
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
Message-ID: <1399234064.48411.198.camel@pudina.fmp.com>

$ dig +short -t txt _dmarc.paypal.com
"v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"

This probably is a problem of lesser magnitude than Yahoo! and AOL since
few list posts will come from PayPal, or be delivered to such an address
from a list.  It might, however, occur by accident, or by a future
change whereby PayPal account holders to use their DN, and although I
can't imagine PayPal doing this, nothing seems to be sacrosanct or
certain in the Wild, Wild West that is the Internet.  

It's more likely that a list might add a PayPal general customer
notifications address of some sort to a list, with nomail set, for the
benefit of other list subscribers.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From finches at portadmiral.org  Sun May  4 22:14:23 2014
From: finches at portadmiral.org (Larry Finch)
Date: Sun, 4 May 2014 16:14:23 -0400
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <1399234064.48411.198.camel@pudina.fmp.com>
References: <1399234064.48411.198.camel@pudina.fmp.com>
Message-ID: <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>



On May 4, 2014, at 4:07 PM, Lindsay Haisley <fmouse at fmp.com> wrote:

> $ dig +short -t txt _dmarc.paypal.com
> "v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"
> 
> This probably is a problem of lesser magnitude than Yahoo! and AOL since
> few list posts will come from PayPal, or be delivered to such an address
> from a list.  It might, however, occur by accident, or by a future
> change whereby PayPal account holders to use their DN, and although I
> can't imagine PayPal doing this, nothing seems to be sacrosanct or
> certain in the Wild, Wild West that is the Internet.  
> 
> It's more likely that a list might add a PayPal general customer
> notifications address of some sort to a list, with nomail set, for the
> benefit of other list subscribers.

This is probably the first actual practical application of DMARC p=reject that I have seen. Unfortunately, Yahoo?s and AOL?s abuse of DMARC will tend to neutralize the benefit of DMARC to financial institutions who have a really serious spoofing problem.

best regards,
Larry

--
Larry Finch
finches at portadmiral.org




From fmouse at fmp.com  Sun May  4 22:34:40 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sun, 04 May 2014 15:34:40 -0500
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
Message-ID: <1399235680.48411.203.camel@pudina.fmp.com>

On Sun, 2014-05-04 at 16:14 -0400, Larry Finch wrote:
> 
> On May 4, 2014, at 4:07 PM, Lindsay Haisley <fmouse at fmp.com> wrote:
> 
> > $ dig +short -t txt _dmarc.paypal.com
> > "v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"
> > 
> > This probably is a problem of lesser magnitude than Yahoo! and AOL since
> > few list posts will come from PayPal, or be delivered to such an address
> > from a list.  It might, however, occur by accident, or by a future
> > change whereby PayPal account holders to use their DN, and although I
> > can't imagine PayPal doing this, nothing seems to be sacrosanct or
> > certain in the Wild, Wild West that is the Internet.  
> > 
> > It's more likely that a list might add a PayPal general customer
> > notifications address of some sort to a list, with nomail set, for the
> > benefit of other list subscribers.
> 
> This is probably the first actual practical application of DMARC
> p=reject that I have seen. Unfortunately, Yahoo?s and AOL?s abuse of
> DMARC will tend to neutralize the benefit of DMARC to financial
> institutions who have a really serious spoofing problem.

Add also:

chasebank.com
bankone.com
jpmorgan.com

... just random hits checking on financial institutions.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From fmouse at fmp.com  Sun May  4 23:34:16 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sun, 04 May 2014 16:34:16 -0500
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <20140504205814.2696.qmail@joyce.lan>
References: <20140504205814.2696.qmail@joyce.lan>
Message-ID: <1399239256.48411.206.camel@pudina.fmp.com>

On Sun, 2014-05-04 at 20:58 +0000, John Levine wrote:
> >$ dig +short -t txt _dmarc.paypal.com
> >"v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"
> 
> I'm on lots of lists with Paypal employees, who consistently use
> paypal-inc.com addresses, specicially to avoid DMARC problems.

$ dig +short -t txt _dmarc.paypal-inc.com
"v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"

No joy :(

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From pshute at nuw.org.au  Mon May  5 00:24:47 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Mon, 5 May 2014 08:24:47 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>

Larry Finch wrote:
 
> This is probably the first actual practical application of 
> DMARC p=reject that I have seen. Unfortunately, Yahoo's and 
> AOL's abuse of DMARC will tend to neutralize the benefit of 
> DMARC to financial institutions who have a really serious 
> spoofing problem.

How does Yahoo's DMARC policy reduce the benefit of Paypal's? Because servers can't follow the reject recommendation without 

And does the emergence of legitimate p=reject policies mean it's now less likely Yahoo and AOL will back down?

Here's a cpanel forum thread about the problem, discussing when cpanel's version of mailman will incorporate the features necessary to deal with the problem:
http://forums.cpanel.net/f43/yahoos-new-dmarc-policy-causing-mailman-bounces-402751.html

Peter Shute

From stephen at xemacs.org  Mon May  5 08:47:59 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 05 May 2014 15:47:59 +0900
Subject: [Mailman-Users]  Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <1399234064.48411.198.camel@pudina.fmp.com>
References: <1399234064.48411.198.camel@pudina.fmp.com>
Message-ID: <87zjiwk9gg.fsf@uwakimon.sk.tsukuba.ac.jp>

Lindsay Haisley writes:

 > $ dig +short -t txt _dmarc.paypal.com
 > "v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"
 > 
 > This probably is a problem of lesser magnitude than Yahoo! and AOL

FWIW, I don't consider it a "problem" at all (most definitely YMMV, of
course).  I think this is what DMARC *should* be used for.

My interpretation is that this is a particular author (a corporate
one) allowing her MTA to digitally sign "her" mail, and soliciting the
help of "email for those who can't implement Diffie-Hellman off the
top of their heads" email providers' MTAs in the effort to protect the
author's customers from 3rd party fraud.

I don't know what "paypal-inc.com" is for, so I can't speak to that
one.

Steve

From stephen at xemacs.org  Mon May  5 08:59:22 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 05 May 2014 15:59:22 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
Message-ID: <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > How does Yahoo's DMARC policy reduce the benefit of Paypal's?
 > Because servers can't follow the reject recommendation without

No, it's because users get used to ignoring warnings about DMARC
issues.  If it was *only* your bank, you'd learn to pay attention to
them.  But when you (FVO "you" susceptible to phishing in the first
place, of course!) see a pile of DMARC workarounds every day for 70%
of your correspondents, how do you respond to this?

    All of our mail to you have come back to us due to DMARC rejects,
    so we need to use this unusual address.

    Please confirm your blah-blah-blah by clicking <here> and logging
    in to our secure site.

2% of AOL customers will respond by clicking, at last report. :-(

Let's put it this way: When was the last time you saw an "unvalidated
SSL certificate"?  Is that timestamp equal to the last time you
followed up by checking the root cert's fingerprint on the authority's
secure site?  Or is the latter equal to -1? ;-)

 > And does the emergence of legitimate p=reject policies mean it's
 > now less likely Yahoo and AOL will back down?

What makes you think the banks didn't start doing this ages ago?
Apparently they merely haven't made an explicit announcement.


From pshute at nuw.org.au  Mon May  5 10:24:59 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Mon, 5 May 2014 18:24:59 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>

> On 5 May 2014, at 4:59 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Peter Shute writes:
> 
>> How does Yahoo's DMARC policy reduce the benefit of Paypal's?
>> Because servers can't follow the reject recommendation without
> 
> No, it's because users get used to ignoring warnings about DMARC
> issues.  If it was *only* your bank, you'd learn to pay attention to
> them.  But when you (FVO "you" susceptible to phishing in the first
> place, of course!) see a pile of DMARC workarounds every day for 70%
> of your correspondents, how do you respond to this?

Sorry, what does FVO stand for?

>    All of our mail to you have come back to us due to DMARC rejects,
>    so we need to use this unusual address.
> 
>    Please confirm your blah-blah-blah by clicking <here> and logging
>    in to our secure site.
> 
> 2% of AOL customers will respond by clicking, at last report. :-(

They get a warning? I thought it just bounced, and the intended recipient never knew.
> 
>> And does the emergence of legitimate p=reject policies mean it's
>> now less likely Yahoo and AOL will back down?
> 
> What makes you think the banks didn't start doing this ages ago?
> Apparently they merely haven't made an explicit announcement.
> 
I wondered about that. Anyone know?

Peter Shute

From malcolm.austen at weald.org.uk  Mon May  5 11:47:38 2014
From: malcolm.austen at weald.org.uk (Malcolm Austen)
Date: Mon, 05 May 2014 10:47:38 +0100
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
Message-ID: <op.xfdr5okjg14ka7@mavivo>

On Mon, 05 May 2014 09:24:59 +0100, Peter Shute <pshute at nuw.org.au> wrote:

> They get a warning? I thought it just bounced, and the intended  
> recipient never knew.

That was how I (thought I) understood it but I have heard of mailman  
distributed messages from AOL & Yahoo addresses being put into spam rather  
than rejected by Gmail.

= Malcolm.

-- 
Malcolm Austen <malcolm.austen at weald.org.uk>

From johnl at taugh.com  Sun May  4 22:58:14 2014
From: johnl at taugh.com (John Levine)
Date: 4 May 2014 20:58:14 -0000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <1399234064.48411.198.camel@pudina.fmp.com>
Message-ID: <20140504205814.2696.qmail@joyce.lan>

>$ dig +short -t txt _dmarc.paypal.com
>"v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"

I'm on lots of lists with Paypal employees, who consistently use
paypal-inc.com addresses, specicially to avoid DMARC problems.

They realized it was a problem about a year ago, and dealt with it in
a reasonable way.

R's,
John

From johnl at taugh.com  Mon May  5 00:07:26 2014
From: johnl at taugh.com (John Levine)
Date: 4 May 2014 22:07:26 -0000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <1399239256.48411.206.camel@pudina.fmp.com>
Message-ID: <20140504220726.2982.qmail@joyce.lan>

>> I'm on lots of lists with Paypal employees, who consistently use
>> paypal-inc.com addresses, specicially to avoid DMARC problems.
>
>$ dig +short -t txt _dmarc.paypal-inc.com
>"v=DMARC1\; p=reject\; rua=mailto:d at rua.agari.com\; ruf=mailto:dk at bounce.paypal.com,mailto:d at ruf.agari.com"
>
>No joy :(

Phoo.  That's new, and surprisingly foolish of them.

Perhaps this is management's way of telling the staff not to waste
time on mailing lists while they're at work.

R's,
John

From jdanield at free.fr  Mon May  5 18:22:46 2014
From: jdanield at free.fr (jdd)
Date: Mon, 05 May 2014 18:22:46 +0200
Subject: [Mailman-Users] inn gateway
Message-ID: <5367BAD6.5050805@free.fr>

Hello,

I have now a running mailman and a running inn news server - only for mailing 
lists access (news.culte.org)

I try to setup the gateway.

in mailman, I wrote localhost as news server (the two apps are on the same 
machine) and "test" as test list.

test list works
test newsgroup works

when I send a post to the test list, I see it in the news group

but when I post in the newsgroup, I don't see it in the list! "gateway to 
mail" is ticked in the two lines in the administrative interface

fromusenet log:

s-r:~ # tail /var/lib/mailman/logs/fromusenet
May 05 18:10:02 2014 (12680) test watermark: 31
May 05 18:10:02 2014 (12682) test: [1..0]
May 05 18:10:02 2014 (12682) nothing new for list test
May 05 18:10:02 2014 (12682) test watermark: 31

(there is nothing in the inn logs)

the cron job is active

,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/bin/python 
/usr/lib/mailman/cron/gate_news

any idea? It should be something obvious I miss :-(

thanks
jdd
-- 
http://www.dodin.org

From mark at msapiro.net  Tue May  6 01:42:22 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 05 May 2014 16:42:22 -0700
Subject: [Mailman-Users] inn gateway
In-Reply-To: <5367BAD6.5050805@free.fr>
References: <5367BAD6.5050805@free.fr>
Message-ID: <536821DE.4080101@msapiro.net>

On 05/05/2014 09:22 AM, jdd wrote:
> 
> but when I post in the newsgroup, I don't see it in the list! "gateway
> to mail" is ticked in the two lines in the administrative interface
> 
> fromusenet log:
> 
> s-r:~ # tail /var/lib/mailman/logs/fromusenet
> May 05 18:10:02 2014 (12680) test watermark: 31
> May 05 18:10:02 2014 (12682) test: [1..0]
> May 05 18:10:02 2014 (12682) nothing new for list test
> May 05 18:10:02 2014 (12682) test watermark: 31


The test list's high watermark for the newsgroup is 31. This means no
posts prior to #32 in the newsgroup will be gated to the list.

Use bin/withlist and do the following

$ bin/withlist -l test
Loading list test (locked)
The variable `m' is the test MailList instance
>>> m.usenet_watermark = None
>>> m.Save()
>>>                      <- Cntrl-D to exit
Unlocking (but not saving) list: test
Finalizing
$

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From guest2 at sgeinc.com  Tue May  6 03:47:00 2014
From: guest2 at sgeinc.com (Richard Shetron)
Date: Mon, 05 May 2014 21:47:00 -0400
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <20140504205814.2696.qmail@joyce.lan>
References: <20140504205814.2696.qmail@joyce.lan>
Message-ID: <53683F14.30606@sgeinc.com>

I looked through the list admin manual and didn't see anything about
reconfirming a list.  Is there an easy way to have mailman reconfirm a list?

I have a list that has been in use for 5+years and all of a sudden maps
is saying I'm hitting a spam trap.  The list has not been added to in at
least 3+years.  Actually I have 2 lists that maps claims is hitting spam
traps, but neither list has been added to in at least 3+ years.  New
subscribers are asked to subscribe to a yahoo group instead.

From mark at msapiro.net  Tue May  6 05:30:24 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 05 May 2014 20:30:24 -0700
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <53683F14.30606@sgeinc.com>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
Message-ID: <53685750.9040802@msapiro.net>

On 05/05/2014 06:47 PM, Richard Shetron wrote:
> I looked through the list admin manual and didn't see anything about
> reconfirming a list.  Is there an easy way to have mailman reconfirm a list?


What does "reconfirm a list" mean to you?

Do you perhaps mean get a list of the list's members? If so, see the FAQ
at <http://wiki.list.org/x/aYA9>.


> I have a list that has been in use for 5+years and all of a sudden maps
> is saying I'm hitting a spam trap.  The list has not been added to in at
> least 3+years.  Actually I have 2 lists that maps claims is hitting spam
> traps, but neither list has been added to in at least 3+ years.  New
> subscribers are asked to subscribe to a yahoo group instead.


There are other ways your list can hit a spam trap, e.g. a non-member
post spoofs the spam trap address and thee list sends an autoresponse.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May  6 05:39:49 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 05 May 2014 20:39:49 -0700
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
Message-ID: <53685985.8030401@msapiro.net>

On 05/05/2014 08:33 PM, Keith Bierman wrote:
> 
> Wouldn't this be likely to be another DMARC victim? 


Perhaps you can imagine such a scenario. I don't see it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From khbkhb at gmail.com  Tue May  6 05:33:09 2014
From: khbkhb at gmail.com (Keith Bierman)
Date: Mon, 5 May 2014 21:33:09 -0600
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <53685750.9040802@msapiro.net>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
Message-ID: <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>

On Mon, May 5, 2014 at 9:30 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/05/2014 06:47 PM, Richard Shetron wrote:
> > I looked through the list admin manual and didn't see anything about
> > reconfirming a list.  Is there an easy way to have mailman reconfirm a
> list?
>
>
> What does "reconfirm a list" mean to you?
> ?...
> > traps, but neither list has been added to in at least 3+ years.  New
> > subscribers are asked to subscribe to a yahoo group instead.
>
>
> There are other ways your list can hit a spam trap, e.g. a non-member
> post spoofs the spam trap address and thee list sends an autoresponse.


Wouldn't this be likely to be another DMARC victim?

From khbkhb at gmail.com  Tue May  6 05:43:51 2014
From: khbkhb at gmail.com (Keith Bierman)
Date: Mon, 5 May 2014 21:43:51 -0600
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <53685985.8030401@msapiro.net>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
 <53685985.8030401@msapiro.net>
Message-ID: <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>

On Mon, May 5, 2014 at 9:39 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/05/2014 08:33 PM, Keith Bierman wrote:
> >
> > Wouldn't this be likely to be another DMARC victim?
>
>
> Perhaps you can imagine such a scenario. I don't see it.
>

?I defer to your much greater wisdom in the area. I naively thought that a
formerly well functioning list having a number of yahoo members might have
resulted in enough rejection/bounces that some "anti-spam bot" might
declare the list itself forbidden ;>?

>
>

From mark at msapiro.net  Tue May  6 05:58:59 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 05 May 2014 20:58:59 -0700
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
 <53685985.8030401@msapiro.net>
 <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>
Message-ID: <53685E03.2010303@msapiro.net>

On 05/05/2014 08:43 PM, Keith Bierman wrote:
> 
> I naively thought that
> a formerly well functioning list having a number of yahoo members might
> have resulted in enough rejection/bounces that some "anti-spam bot"
> might declare the list itself forbidden ;>?


I don't discount this possibility, but the rejections just go back to
the Mailman server and the list, and reports of the rejections go to the
people publishing the DMARC p=reject policy for their domain. I don't
see how any of this winds up being delivered to some third party's spam
trap address.

I.e., the people (or bots) at Yahoo receiving reports of your DMARC
failures might decide to take some action against your server, but that
would be Yahoo blacklisting you for excessive DMARC failures
"impersonating" their domain. It wouldn't be maps saying you're sending
mail to their spam traps.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From khbkhb at gmail.com  Tue May  6 06:25:09 2014
From: khbkhb at gmail.com (Keith Bierman)
Date: Mon, 5 May 2014 22:25:09 -0600
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <53685E03.2010303@msapiro.net>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
 <53685985.8030401@msapiro.net>
 <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>
 <53685E03.2010303@msapiro.net>
Message-ID: <CAHSokPzc8ngc4Xm3N5cL0vGseK+sWmcjt4tJyuXFhN5g62e4eg@mail.gmail.com>

>
>
> ?...
>
>
> I don't discount this possibility, but the rejections just go back to
> the Mailman server and the list, and reports of the rejections go to the
> people publishing the DMARC p=reject policy for their domain. I don't
> see how any of this winds up being delivered to some third party's spam
> trap address.
>
> I.e., the people (or bots) at Yahoo receiving reports of your DMARC
> failures might decide to take some action against your server, but that
> would be Yahoo blacklisting you for excessive DMARC failures
> "impersonating" their domain. It wouldn't be maps saying you're sending
> mail to their spam traps.


?But since the OP said
".  New
subscribers are asked to subscribe to a yahoo group instead."

I assumed it was really Yahoo (perhaps under a mask as mail provider for
some other named service, ala comcast ;>) who was doing the blacklisting...
who else would be recommending yahoo groups as an alternative??

From pshute at nuw.org.au  Tue May  6 06:59:53 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Tue, 6 May 2014 14:59:53 +1000
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <CAHSokPzc8ngc4Xm3N5cL0vGseK+sWmcjt4tJyuXFhN5g62e4eg@mail.gmail.com>
References: <20140504205814.2696.qmail@joyce.lan>
 <53683F14.30606@sgeinc.com> <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
 <53685985.8030401@msapiro.net>
 <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>
 <53685E03.2010303@msapiro.net>
 <CAHSokPzc8ngc4Xm3N5cL0vGseK+sWmcjt4tJyuXFhN5g62e4eg@mail.gmail.com>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FD1B@nuwvicms2>

Keith Bierman wrote:
> 
> ?But since the OP said
> ".  New
> subscribers are asked to subscribe to a yahoo group instead."
> 
> I assumed it was really Yahoo (perhaps under a mask as mail 
> provider for some other named service, ala comcast ;>) who 
> was doing the blacklisting...
> who else would be recommending yahoo groups as an alternative?

I took that to mean that these lists are no longer accepting new members, and that prospective members are being advised to join some particular yahoo groups instead. I.e. they're gradually migrating to yahoo groups.

Peter Shute

From stephen at xemacs.org  Tue May  6 07:15:27 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Tue, 06 May 2014 14:15:27 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
Message-ID: <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:
 > > On 5 May 2014, at 4:59 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:

 > > them.  But when you (FVO "you" susceptible to phishing in the first

 > Sorry, what does FVO stand for?

Ah, excuse my abbreviations.  FVO = "for values of"; the intended
implication is that the "you" reading my post isn't the kind of "you"
who gets taken in by phishing emails.

 > >    All of our mail to you have come back to us due to DMARC rejects,
 > >    so we need to use this unusual address.
 > > 
 > >    Please confirm your blah-blah-blah by clicking <here> and logging
 > >    in to our secure site.
 > > 
 > > 2% of AOL customers will respond by clicking, at last report. :-(
 > 
 > They get a warning? I thought it just bounced, and the intended
 > recipient never knew.

No, the point is that a phishing mail with

    From: Chase Bank Customer Service <service at chase.com.invalid>

will sail right past DMARC, as currently set up.  In the message, the
complaint about the "DMARC rejects" was written by the phisherman, and
the strange address is explained by that preamble.  Thus reassured,
the victim then clicks.  Don't ask me to explain why they do that, I
don't really understand (I'm almost tempted to quote Niven and
Pournelle, "think of it as evolution in action"), but it's an
empirical fact that real people lose real money to these scams ("2% of
AOLers" click, according to AOL).

Now, it's *possible* that ".invalid" will trigger the latent common
sense in the 2%.  But I think that pretty unlikely to be completely
effective, and I suspect it won't be effective at all in the presence
of a disclaimer about the "unusual" address.  If ".invalid" can't
get by the victim's common sense, ".REMOVE-THIS" etc probably will.

The thing is that a bit of common sense will save you from any of
these scams.  But that's not enough to create good policies, because
it's very hard is to think of all the ways to abuse a very naive
victim, or a very young one, or an elderly one who's lost a step
mentally -- it takes a devious mind just to think of one!

Regards,


From mark at msapiro.net  Tue May  6 08:11:38 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 05 May 2014 23:11:38 -0700
Subject: [Mailman-Users] Mailman 2.1.18 final release
In-Reply-To: <536535CC.9080908@msapiro.net>
References: <536535CC.9080908@msapiro.net>
Message-ID: <53687D1A.5030302@msapiro.net>

On 05/03/2014 11:30 AM, Mark Sapiro wrote:
> I'm pleased to announce the final release for Mailman 2.1.18.


It appears that the from_is_list and dmarc_moderation_actions Wrap
Message actions may run afoul of this issue
<http://bugs.python.org/issue7970> in the Python email library in
versions older than 2.6.x where x is some number < 5. I.e. I know the
bug is fixed in Python 2.7 and 2.6.5 and not in any 2.5.x or older. I'm
not sure about 2.6.1 - 2.6.4.

I have attached a patch to Mailman/Message.py which I think will fix
this issue if you have it. You will know if you do because all outgoing
mail will be shunted with the exception "TypeError: Expected list, got
<type 'str'>" when SMTPDirect.py invokes the as_string() method on the
message object.

I think this will only occur with those older Pythons and when a Wrap
Message action is applied.

As soon as I get confirmation from the original reporter that the patch
solves the problem, I will release a fixed version.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
--- /var/MM/2.1/Mailman/Message.py	2014-04-26 21:29:42.282766984 -0700
+++ /var/MM/21/Mailman/Message.py	2014-05-05 22:40:32.412348756 -0700
@@ -59,6 +59,25 @@
         return self.__class__(fp, self._mangle_from_,
                 self.__children_maxheaderlen, self.__children_maxheaderlen)
 
+    # This is the _handle_message method with the fix for bug 7970.
+    def _handle_message(self, msg):
+        s = StringIO()
+        g = self.clone(s)
+        # The payload of a message/rfc822 part should be a multipart sequence
+        # of length 1.  The zeroth element of the list should be the Message
+        # object for the subpart.  Extract that object, stringify it, and
+        # write it out.
+        # Except, it turns out, when it's a string instead, which happens when
+        # and only when HeaderParser is used on a message of mime type
+        # message/rfc822.  Such messages are generated by, for example,
+        # Groupwise when forwarding unadorned messages.  (Issue 7970.)  So
+        # in that case we just emit the string body.
+        payload = msg.get_payload()
+        if isinstance(payload, list):
+            g.flatten(msg.get_payload(0), unixfrom=False)
+            payload = s.getvalue()
+        self._fp.write(payload)
+
 
 

 class Message(email.Message.Message):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20140505/130222ae/attachment-0001.sig>

From jdanield at free.fr  Tue May  6 08:18:21 2014
From: jdanield at free.fr (jdd)
Date: Tue, 06 May 2014 08:18:21 +0200
Subject: [Mailman-Users] inn gateway
In-Reply-To: <536821DE.4080101@msapiro.net>
References: <5367BAD6.5050805@free.fr> <536821DE.4080101@msapiro.net>
Message-ID: <53687EAD.2020701@free.fr>

Le 06/05/2014 01:42, Mark Sapiro a ?crit :

> The test list's high watermark for the newsgroup is 31. This means no
> posts prior to #32 in the newsgroup will be gated to the list.

ok. I suspected some sort of thing like this

>
> Use bin/withlist and do the following
>
> $ bin/withlist -l test
> Loading list test (locked)
> The variable `m' is the test MailList instance
>>>> m.usenet_watermark = None
>>>> m.Save()
>>>>                       <- Cntrl-D to exit
> Unlocking (but not saving) list: test
> Finalizing
> $
>
ouch. I wouldn't have find this myself, great thanks, I will save this for 
future use also

jdd

-- 
http://www.dodin.org

From jdanield at free.fr  Tue May  6 08:52:53 2014
From: jdanield at free.fr (jdd)
Date: Tue, 06 May 2014 08:52:53 +0200
Subject: [Mailman-Users] inn gateway
In-Reply-To: <536821DE.4080101@msapiro.net>
References: <5367BAD6.5050805@free.fr> <536821DE.4080101@msapiro.net>
Message-ID: <536886C5.2050100@free.fr>

Le 06/05/2014 01:42, Mark Sapiro a ?crit :

> $ bin/withlist -l test

well...I'm cursed :-(

this worked with the test list, but not with the main list!

same symptoms: list is "linux-31"

linux-31 newsgroup works
linux-31 mailman list works

post to the list go to the newsgroup

but posts to the newsgroup do not reach the list

fromusenet logs

May 06 08:43:47 2014 (27035) linux-31: [1..12]
May 06 08:43:47 2014 (27035) gating linux-31 articles [12..12]
May 06 08:43:47 2014 (27035) posted to list linux-31:      12
May 06 08:43:47 2014 (27035) linux-31 watermark: 12

but

/usr/lib/mailman/bin/withlist -l linux-31

do not fix the problem

sorry :-(
jdd

-- 
http://www.dodin.org

From her at adm.ku.dk  Tue May  6 11:04:34 2014
From: her at adm.ku.dk (Henrik Rasmussen)
Date: Tue, 6 May 2014 09:04:34 +0000
Subject: [Mailman-Users] Changes to archive templates have no effect
Message-ID: <6DCC3E5DA06FE346B4DE4876C4F2713DBAE9837E@P1KITMBX05WC03.unicph.domain>

I am running Mailman version 2.1.12.

When I change my templates in /usr/lib/mailman/templates/site/da/ (like admlogin.html) I see the changes taking effect (immediately, even though I didn't restart Mailman), but any changes I make to the Archive templates located in the same directory doesn't seem to have any effect.

According to /usr/lib/mailman/Mailman/Archiver/HyperArch.py line 799 Mailman uses archtoc.html in case of a Private list or archtocnombox.html in case of a public list. The changes doesn't take effect regardless of whether the list is private or public. But I'm not sure if this the decision is made from the default (PUBLIC_MBOX) variable in the mm_cfg.py or Default.py files since the HyperArch.py file refers to the mm_cfg.

To debug, I tried make a change in the default /usr/lib/mailman/templates/da/ archtoc.html file, but this does not have any effect either.

Changing the archliststart.html, archlistend.html, archtocentry.html, archidxfoot.html, archidxhead.html have no effect either.

I did remember to restart Mailman both (just in case) using "service mailman restart" and "mailmanctl restart".

Henrik Rasmussen <her at adm.ku.dk>

From pshute at nuw.org.au  Tue May  6 14:04:52 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Tue, 6 May 2014 22:04:52 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <B291DF78-D8CA-462B-A96D-5616D883B747@nuw.org.au>

I understand now, fake warnings for phishing. As for not being taken in, I haven't yet, but I'm sure it would be possible to create one that I would assume to be genuine.

Peter Shute

Sent from my iPad

> On 6 May 2014, at 3:15 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Peter Shute writes:
>>> On 5 May 2014, at 4:59 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
>>> them.  But when you (FVO "you" susceptible to phishing in the first
> 
>> Sorry, what does FVO stand for?
> 
> Ah, excuse my abbreviations.  FVO = "for values of"; the intended
> implication is that the "you" reading my post isn't the kind of "you"
> who gets taken in by phishing emails.
> 
>>>   All of our mail to you have come back to us due to DMARC rejects,
>>>   so we need to use this unusual address.
>>> 
>>>   Please confirm your blah-blah-blah by clicking <here> and logging
>>>   in to our secure site.
>>> 
>>> 2% of AOL customers will respond by clicking, at last report. :-(
>> 
>> They get a warning? I thought it just bounced, and the intended
>> recipient never knew.
> 
> No, the point is that a phishing mail with
> 
>    From: Chase Bank Customer Service <service at chase.com.invalid>
> 
> will sail right past DMARC, as currently set up.  In the message, the
> complaint about the "DMARC rejects" was written by the phisherman, and
> the strange address is explained by that preamble.  Thus reassured,
> the victim then clicks.  Don't ask me to explain why they do that, I
> don't really understand (I'm almost tempted to quote Niven and
> Pournelle, "think of it as evolution in action"), but it's an
> empirical fact that real people lose real money to these scams ("2% of
> AOLers" click, according to AOL).
> 
> Now, it's *possible* that ".invalid" will trigger the latent common
> sense in the 2%.  But I think that pretty unlikely to be completely
> effective, and I suspect it won't be effective at all in the presence
> of a disclaimer about the "unusual" address.  If ".invalid" can't
> get by the victim's common sense, ".REMOVE-THIS" etc probably will.
> 
> The thing is that a bit of common sense will save you from any of
> these scams.  But that's not enough to create good policies, because
> it's very hard is to think of all the ways to abuse a very naive
> victim, or a very young one, or an elderly one who's lost a step
> mentally -- it takes a devious mind just to think of one!
> 
> Regards,
> 

From guest2 at sgeinc.com  Tue May  6 15:06:12 2014
From: guest2 at sgeinc.com (Richard Shetron)
Date: Tue, 06 May 2014 09:06:12 -0400
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD1B@nuwvicms2>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
 <53685985.8030401@msapiro.net>
 <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>
 <53685E03.2010303@msapiro.net>
 <CAHSokPzc8ngc4Xm3N5cL0vGseK+sWmcjt4tJyuXFhN5g62e4eg@mail.gmail.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD1B@nuwvicms2>
Message-ID: <5368DE44.7030408@sgeinc.com>

That is correct.  The lists are current news announcements so only the
list owner posts to the list.  The sample headers I got look legit as
far as I can tell.  They redacted all the email/destination information
that would id the receiving system/email.

The original lists are old enough to not have been confirmed.  The goal
would be to send a confirmation email to everyone on the list and
unsubscribe anyone who does not re-confirm within a reasonable time, say
1 week.

On 5/6/2014 12:59 AM, Peter Shute wrote:
> Keith Bierman wrote:
>>
>> ?But since the OP said
>> ".  New
>> subscribers are asked to subscribe to a yahoo group instead."
>>
>> I assumed it was really Yahoo (perhaps under a mask as mail 
>> provider for some other named service, ala comcast ;>) who 
>> was doing the blacklisting...
>> who else would be recommending yahoo groups as an alternative?
> 
> I took that to mean that these lists are no longer accepting new members, and that prospective members are being advised to join some particular yahoo groups instead. I.e. they're gradually migrating to yahoo groups.
> 
> Peter Shute
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/guest2%40sgeinc.com
> 

From barry at list.org  Tue May  6 16:30:28 2014
From: barry at list.org (Barry Warsaw)
Date: Tue, 6 May 2014 10:30:28 -0400
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <20140506103028.1fe05538@anarchist.wooz.org>

On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote:

>No, the point is that a phishing mail with
>
>    From: Chase Bank Customer Service <service at chase.com.invalid>
>
>will sail right past DMARC, as currently set up.

So too will service at chase.com.ru without Mailman ever getting involved, and I
bet that will be just as effective at phishing as .invalid.

Cheers,
-Barry

From mark at msapiro.net  Tue May  6 17:10:16 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 08:10:16 -0700
Subject: [Mailman-Users] inn gateway
In-Reply-To: <536886C5.2050100@free.fr>
References: <5367BAD6.5050805@free.fr> <536821DE.4080101@msapiro.net>
 <536886C5.2050100@free.fr>
Message-ID: <5368FB58.408@msapiro.net>

On 05/05/2014 11:52 PM, jdd wrote:
> 
> but posts to the newsgroup do not reach the list
> 
> fromusenet logs
> 
> May 06 08:43:47 2014 (27035) linux-31: [1..12]
> May 06 08:43:47 2014 (27035) gating linux-31 articles [12..12]
> May 06 08:43:47 2014 (27035) posted to list linux-31:      12
> May 06 08:43:47 2014 (27035) linux-31 watermark: 12
> 
> but
> 
> /usr/lib/mailman/bin/withlist -l linux-31
> 
> do not fix the problem

There is no problem with gate_news. gate_news says it delivered all 12
messages from the news group to the list.

What's in Mailman's other logs? Were these posts to news that didn't
come from the list in the first place?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May  6 18:52:55 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 09:52:55 -0700
Subject: [Mailman-Users] best way to reconfirm a list
In-Reply-To: <5368DE44.7030408@sgeinc.com>
References: <20140504205814.2696.qmail@joyce.lan> <53683F14.30606@sgeinc.com>
 <53685750.9040802@msapiro.net>
 <CAHSokPzwKKcis3bjUyd3rkcmyCRA0tuFbPrudsFt5NYed8YnWA@mail.gmail.com>
 <53685985.8030401@msapiro.net>
 <CAHSokPxgVheWEbhXY9onOY_CoTpmsCMwa8m0Oorb7Bc_zGrNSg@mail.gmail.com>
 <53685E03.2010303@msapiro.net>
 <CAHSokPzc8ngc4Xm3N5cL0vGseK+sWmcjt4tJyuXFhN5g62e4eg@mail.gmail.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD1B@nuwvicms2>
 <5368DE44.7030408@sgeinc.com>
Message-ID: <53691367.6000709@msapiro.net>

On 05/06/2014 06:06 AM, Richard Shetron wrote:
> 
> The original lists are old enough to not have been confirmed.  The goal
> would be to send a confirmation email to everyone on the list and
> unsubscribe anyone who does not re-confirm within a reasonable time, say
> 1 week.


You would have to do that manually.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From brennan at columbia.edu  Tue May  6 18:30:08 2014
From: brennan at columbia.edu (Joseph Brennan)
Date: Tue, 06 May 2014 12:30:08 -0400
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <A34A2E96E401732B01DE492E@sodor.cc.columbia.edu>


"Stephen J. Turnbull" <stephen at xemacs.org> wrote:

> No, the point is that a phishing mail with
>
>     From: Chase Bank Customer Service <service at chase.com.invalid>
>
> will sail right past DMARC, as currently set up


It will sail past people using modern mail clients, too, by which I include 
web mail and Outlook, since those people will see some variation on this--

  From: Chase Bank Customer Service

--so that it hardly matters what address is in the From line. This rewrite--

  From: "Chase Bank Customer Service service at chase.com" 
<service at chase.com.invalid>

--would produce a more informative result, and just about honor RFC 5322 
where it says the mailbox of the author of the message should be in the 
"From:" field.

But this is the Mailman discussion list.

Joseph Brennan
Columbia University Information Technology






From mark at msapiro.net  Tue May  6 19:37:58 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 10:37:58 -0700
Subject: [Mailman-Users] Mailman 2.1.18 final release
Message-ID: <53691DF6.1040101@msapiro.net>

A critical incompatibility between the Mailman 2.1.18 final release and
Python versions older than 2.6.5 or thereabouts affecting the DMARC Wrap
Message action was discovered and fixed. This incompatibility also
existed in the 2.1.16 and 2.1.17 releases.

Thus, I have released Mailman 2.1.18-1 with a fix for this
incompatibility. Please use 2.1.18-1 and not 2.1.18.

These releases have new features to help with mitigation of the impacts
of DMARC on mailing lists as well as fixing several bugs.

Python 2.4 is the minimum supported, but Python 2.7 is recommended.

There are significant new i18n strings associated with the DMARC
mitigation features. If you are interested in helping with the
translations of these strings, see <http://wiki.list.org/x/MQ>.

There is also a new dependency associated with these features. Namely,
the new Privacy options -> Sender filters -> dmarc_moderation_action
feature requires that the dnspython <http://www.dnspython.org/> package
be available in Python.

See the attached README for more details.

Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, please see:

http://www.list.org
http://www.gnu.org/software/mailman
http://mailman.sourceforge.net/

Mailman 2.1.18-1 can be downloaded from

https://launchpad.net/mailman/2.1/
http://ftp.gnu.org/gnu/mailman/
https://sourceforge.net/projects/mailman/

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
2.1.18-1 (06-May-2014)

  Bug fixes and other patches

    - A critical incompatibility between the DMARC Wrap Message action and
      Python versions older than 2.6.x for some x <= 5 existed and caused
      Wrapped message to be shunted.  This is fixed.  (LP: #1316682)

    - Sender: headers are no longer removed in from_is_list Munge From
      actions.  (LP: #1315970)

2.1.18 (03-May-2014)

  Acknowledgements

    - Thanks to Jim Popovitch and Phil Pennock for the branch that formed the
      basis of the dmarc_moderation_action feature.

    - Thanks to Franck Martin et al for the branch that formed the basis of
      the from_is_list feature.

  Dependencies

    - There is a new dependency associated with the new Privacy options ->
      Sender filters -> dmarc_moderation_action feature discussed below.
      This requires that the dnspython <http://www.dnspython.org/> package
      be available in Python.  This package can be downloaded from the above
      site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
      or installed with pip.

  New Features

    - The from_is_list feature introduced in 2.1.16 is now unconditionally
      available to list owners.  There is also, a new Privacy options ->
      Sender filters -> dmarc_moderation_action feature which applies to list
      messages where the From: address is in a domain which publishes a DMARC
      policy of reject or possibly quarantine.  This is a list setting with
      values of Accept, Wrap Message, Munge From, Reject or Discard. There is
      a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
      default for this, and the list admin UI is not able to set an action
      which is 'less' than the default.  The prior ALLOW_FROM_IS_LIST setting
      has been removed and is effectively always Yes. There is a new
      dmarc_quarantine_moderation_action list setting with default set by a
      new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
      which in turn defaults to Yes.  The list setting can be set to No to
      exclude domains with DMARC policy of quarantine from
      dmarc_moderation_action.

      dmarc_moderation_action and from_is_list interact in the following way.
      If the message is From: a domain to which dmarc_moderation_action applies
      and if dmarc_moderation_action is other than Accept,
      dmarc_moderation_action applies to that message.  Otherwise the
      from_is_list action applies.

      Also associated with dmarc_moderation_action are configuration settings
      DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described
      in more detail in Defaults.py.  There are also new vette log entries
      written when dmarc_moderation_action is found to apply to a post.

  i18n

    - Added missing <mm-digest-question-start> tag to French listinfo template.
      (LP: #1275964)

  Bug Fixes and other patches

    - Removed HTML tags from the title of a couple of rmlist.py pages because
      browsers don't render tags in the title.  (LP: #265848)

    - Most Mailman generated notices to list owners and moderators are now
      sent as Precedence: list instead of bulk.  (LP: #1313146)

    - The Reply-To: munging options weren't honored if there was no
      from_is_list action.  (LP: #1313010)

    - Changed from_is_list actions to insert the list address in Cc: if the
      list is fully personalized.  Otherwise, the list address is only in
      From: and Reply-To: overrides it.  (LP: #1312970)

    - Fixed the Munge From action to only Munge the From: and/or Reply-To: in
      the outgoing message and not in archives, digests and messages sent via
      the usenet gateway.  (LP: #1311431)

    - Fixed a long standing issue in which a notice sent to a user whose
      language is other than that of the list can cause subsequent things
      which should be in the list's language to be in the user's language
      instead.  (LP: #1308655)

    - Fixed the admin Membership List so a search string if any is not lost
      when visiting subsequent fragments of a chunked list.  (LP: #1307454)

    - For from_is_list feature, use email address from original From: if
      original From: has no display name and strip domain part from resultant
      names that look like email addresses.  (LP: #1304511)

    - Added the list name to the vette log "held message approved" entry.
      (LP: 1295875)

    - Added the CGI module name to various "No such list" error log entries.
      (LP: 1295875)

    - Modified contrib/mmdsr to report module name if present in "No such list
      error log entries.

    - Fixed a NameError exception in cron/nightly_gzip when it tries to print
      the usage message.  (LP: #1291038)

    - Fixed a bug in ListAdmin._handlepost that would crash when trying to
      preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
      is False.  (LP: #1282365)

    - The from_is_list header munging feature introduced in Mailman 2.1.16 is
      no longer erroneously applied to Mailman generated notices.
      (LP: #1279667)

    - Changed the message from the confirm CGI to not indicate approval is
      required for an acceptance of an invitation.  (LP: #1277744)

    - Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
      (LP: #1267003)

    - Added recognition for another simple warning to bounce processing.
      (LP: #1263247)

    - Fixed a few failing tests in tests/test_handlers.py.  (LP: #1262950)

    - Fixed bin/arch to not create scrubbed attachments for messages skipped
      when processing the --start= option.  (LP: #1260883)

    - Fixed email address validation to do a bit better in obscure cases.
      (LP: #1258703)

    - Fixed a bug which caused some authentication cookies to expire too soon
      if AUTHENTICATION_COOKIE_LIFETIME is non-zero.  (LP: #1257112)

    - Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
      (LP: #1243343)

  Miscellaneous

    - Added to the contrib directory, a script from Alain Williams to count
      posts in a list's archive.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20140506/1e4118d3/attachment-0001.sig>

From jdanield at free.fr  Tue May  6 19:58:49 2014
From: jdanield at free.fr (jdd)
Date: Tue, 06 May 2014 19:58:49 +0200
Subject: [Mailman-Users] inn gateway
In-Reply-To: <5368FB58.408@msapiro.net>
References: <5367BAD6.5050805@free.fr> <536821DE.4080101@msapiro.net>
 <536886C5.2050100@free.fr> <5368FB58.408@msapiro.net>
Message-ID: <536922D9.5030002@free.fr>

Le 06/05/2014 17:10, Mark Sapiro a ?crit :

> There is no problem with gate_news. gate_news says it delivered all 12
> messages from the news group to the list.

well... where are them?

>
> What's in Mailman's other logs? Were these posts to news that didn't
> come from the list in the first place?
>

I post on news group and expect posts to show on list. works for test, not for 
linux-31

jdd

-- 
http://www.dodin.org

From mark at msapiro.net  Tue May  6 20:01:02 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 11:01:02 -0700
Subject: [Mailman-Users] Changes to archive templates have no effect
In-Reply-To: <6DCC3E5DA06FE346B4DE4876C4F2713DBAE9837E@P1KITMBX05WC03.unicph.domain>
References: <6DCC3E5DA06FE346B4DE4876C4F2713DBAE9837E@P1KITMBX05WC03.unicph.domain>
Message-ID: <5369235E.3030801@msapiro.net>

On 05/06/2014 02:04 AM, Henrik Rasmussen wrote:
> 
> When I change my templates in /usr/lib/mailman/templates/site/da/ (like admlogin.html) I see the changes taking effect (immediately, even though I didn't restart Mailman), but any changes I make to the Archive templates located in the same directory doesn't seem to have any effect.


The archives are static HTML pages built using the templates that were
in effect when they were built. The table of contents and the current
index pages will be rebuilt when a new message is archived, but the
older index pages and the archived message pages will never be rebuilt.

If you want to update the entire archive to use your new templates, you
have to rebuild it with bin/arch --wipe for each list.

You may also be interested in the script at
<http://www.msapiro.net/scripts/update_archive_mtime>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May  6 20:30:14 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 11:30:14 -0700
Subject: [Mailman-Users] inn gateway
In-Reply-To: <536922D9.5030002@free.fr>
References: <5367BAD6.5050805@free.fr> <536821DE.4080101@msapiro.net>
 <536886C5.2050100@free.fr> <5368FB58.408@msapiro.net>
 <536922D9.5030002@free.fr>
Message-ID: <53692A36.4040001@msapiro.net>

On 05/06/2014 10:58 AM, jdd wrote:
> Le 06/05/2014 17:10, Mark Sapiro a ?crit :
> 
>> There is no problem with gate_news. gate_news says it delivered all 12
>> messages from the news group to the list.
> 
> well... where are them?


Actually, I was mistaken. The log messages you posted say only that it
delivered message #12.

Have you looked at Mailman's vette, error and qrunner logs for clues as
to what may have happened to it?

Note that the log message

May 06 08:43:47 2014 (27035) posted to list linux-31:      12

was written immediately after that message was queued by gate_news in
Mailman's incoming queue, so it was "delivered" to the list.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jimpop at gmail.com  Tue May  6 20:43:28 2014
From: jimpop at gmail.com (Jim Popovitch)
Date: Tue, 6 May 2014 14:43:28 -0400
Subject: [Mailman-Users] [Mailman-Developers] Mailman 2.1.18 final
	release
In-Reply-To: <53691DF6.1040101@msapiro.net>
References: <53691DF6.1040101@msapiro.net>
Message-ID: <CAGfsgR3cvFQ8qAc10MaajppVsyPJhAt5XONaGtmMES54CCtN0A@mail.gmail.com>

On Tue, May 6, 2014 at 1:37 PM, Mark Sapiro <mark at msapiro.net> wrote:
> A critical incompatibility between the Mailman 2.1.18 final release and
> Python versions older than 2.6.5 or thereabouts affecting the DMARC Wrap
> Message action was discovered and fixed. This incompatibility also
> existed in the 2.1.16 and 2.1.17 releases.
>
> Thus, I have released Mailman 2.1.18-1 with a fix for this
> incompatibility. Please use 2.1.18-1 and not 2.1.18.

Thank you Mark, and thank you for the huge effort in getting the
Mailman 2.18.x release out the door.  I know everyone thinks this, I
just felt it needed to be stated.

-Jim P.

From ges+lists at wingfoot.org  Tue May  6 21:47:31 2014
From: ges+lists at wingfoot.org (Glenn Sieb)
Date: Tue, 06 May 2014 15:47:31 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
Message-ID: <53693C53.4030306@wingfoot.org>

Greetings...

So I run a bunch of mailing lists, with a bunch of people who are not
technically adept whatsoever. ("I am not getting list posts! "That's
because you set yourself to no mail" "What's no mail?" "It means you set
yourself to be a member of the list, but not to get any email from it."
"Oh that's good." "So we're good then?" "But why am I not getting any
emails from the list?" *headdesk*--yes this was an actual conversation
with a user.)

People are, of course, bitching about the from_is_list setting removing
the email addresses of people who are sending email to the lists. (And
people aren't quite understanding that it's helpful to sign one's
emails, etc.

So I updated to 2.1.18-1 today. Now we have a Reply-To that has the
poster's email and the list's email address.

A few of the lists I run block emails with more than one recipient, so
now this is going to be an adventure. (Ok, more like a nightmare, as
right now it appears my choices are "make reply-to only the list"
("anonymous_list") or "make reply-to the poster and the list.")

I wonder if this solution might be more helpful here--something like
what Google Groups is doing. Changing the From line to this:

'First Last <firstlast at domain.com>' via List Title
<list-address at googlegroups.com>

This still shows the poster's email address (as the Real Name), which
makes it easier for people to reply privately if they choose, and still
addresses the DMARC issue.

Thoughts? Ideas?

Best,
--Glenn

From mark at msapiro.net  Tue May  6 22:29:15 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 13:29:15 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <53693C53.4030306@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
Message-ID: <5369461B.80208@msapiro.net>

On 05/06/2014 12:47 PM, Glenn Sieb wrote:
> 
> So I updated to 2.1.18-1 today. Now we have a Reply-To that has the
> poster's email and the list's email address.
> 
> A few of the lists I run block emails with more than one recipient,


Do you mean Privacy options... -> Recipient filters ->
max_num_recipients = 2

If so, ouch, but what do you do now when people reply-all to posts.
Don't those replies get held?


> I wonder if this solution might be more helpful here--something like
> what Google Groups is doing. Changing the From line to this:
> 
> 'First Last <firstlast at domain.com>' via List Title
> <list-address at googlegroups.com>


This is specifically advised against by the DMARC community. See the
NOTE: in the Requirements: section at
<http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From ges+lists at wingfoot.org  Tue May  6 23:17:47 2014
From: ges+lists at wingfoot.org (Glenn Sieb)
Date: Tue, 06 May 2014 17:17:47 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <5369461B.80208@msapiro.net>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
Message-ID: <5369517B.8050306@wingfoot.org>

On 5/6/14, 4:29 PM, Mark Sapiro wrote:
> Do you mean Privacy options... -> Recipient filters ->
> max_num_recipients = 2
> 
> If so, ouch, but what do you do now when people reply-all to posts.
> Don't those replies get held?

Indeed. They get rejected. Policy on a couple particular lists. No cc's,
no using the address on web-forms (i.e. "greeting card sites") etc.

> This is specifically advised against by the DMARC community. See the
> NOTE: in the Requirements: section at
> <http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html>.

Fair enough. So, basically I'm fsck'd. Set the lists to be
"anonymous_list" or set an explicit reply-to to be the lists and hope
that strips out the extraneous reply-to entry.

Or, as you said above, "ouch" and having to deal with a metric crapton
of ID-10t users not cleaning up the To: line when they reply and dealing
with clearing the moderation queue since we can't edit posts held for
moderation easily.

Best,
--G.


From mark at msapiro.net  Tue May  6 23:31:16 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 14:31:16 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <5369517B.8050306@wingfoot.org>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org>
Message-ID: <536954A4.2040904@msapiro.net>

On 05/06/2014 02:17 PM, Glenn Sieb wrote:
> 
> Fair enough. So, basically I'm fsck'd. Set the lists to be
> "anonymous_list" or set an explicit reply-to to be the lists and hope
> that strips out the extraneous reply-to entry.


I went back and forth with this. Initially, if first_strip_reply_to was
Yes and reply_goes_to_list was This list or Explicit address, I didn't
put the poster's address in Reply-To:

I finally decided it was of overriding importance to expose the posters
address to enable off list (or non-list member) replies, and this
warranted breaking the previous Reply-To: header munging options semantics.

I am willing to consider changing this, either to treat Reply-To:
differently for Wrap Message since the original headers are in the
wrapped message in that case, or to just go back to not adding the
poster's address to Reply-To: as in my initial paragraph above.

However, I need more feedback from the community before making changes.
I could always add yet another setting, but I hate that idea for
multiple reasons.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From ges+lists at wingfoot.org  Tue May  6 23:36:18 2014
From: ges+lists at wingfoot.org (Glenn Sieb)
Date: Tue, 06 May 2014 17:36:18 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <536954A4.2040904@msapiro.net>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org> <536954A4.2040904@msapiro.net>
Message-ID: <536955D2.3070104@wingfoot.org>

On 5/6/14, 5:31 PM, Mark Sapiro wrote:
> I went back and forth with this. Initially, if first_strip_reply_to was
> Yes and reply_goes_to_list was This list or Explicit address, I didn't
> put the poster's address in Reply-To:
> 
> I finally decided it was of overriding importance to expose the posters
> address to enable off list (or non-list member) replies, and this
> warranted breaking the previous Reply-To: header munging options semantics.
> 
> I am willing to consider changing this, either to treat Reply-To:
> differently for Wrap Message since the original headers are in the
> wrapped message in that case, or to just go back to not adding the
> poster's address to Reply-To: as in my initial paragraph above.
> 
> However, I need more feedback from the community before making changes.
> I could always add yet another setting, but I hate that idea for
> multiple reasons.
> 

Can there be an option somewhere in between "anonymous_list" and
"reply_goes_to_list?" One where it can strip the poster's email from the
reply-to, but leave the other headers alone?

Best,
--Glenn


From fmouse at fmp.com  Tue May  6 23:42:43 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Tue, 06 May 2014 16:42:43 -0500
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <536954A4.2040904@msapiro.net>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org> <536954A4.2040904@msapiro.net>
Message-ID: <1399412563.34620.6.camel@pudina.fmp.com>

On Tue, 2014-05-06 at 14:31 -0700, Mark Sapiro wrote:
> I am willing to consider changing this, either to treat Reply-To:
> differently for Wrap Message since the original headers are in the
> wrapped message in that case, or to just go back to not adding the
> poster's address to Reply-To: as in my initial paragraph above.
> 
> However, I need more feedback from the community before making changes.
> I could always add yet another setting, but I hate that idea for
> multiple reasons. 

It's ugly, but having yet another switch seems to me to be the only way
to handle this.  Having the poster's address in Reply-To: is the only
way to address the information loss implied by the necessary change to
the From: header, especially for MUAs that expose only the address
comment and not the actual address, and especially for subscribers who
are not technically inclined and wish to simply hit "reply" and get a
reply to the original author.

This _should_ be a matter of choice for list admins, even if it seems
that they're already overloaded with choices pursuant to addressing the
DMARC issue.  Until something better comes along, we're just going to
have to deal with it.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From mark at msapiro.net  Tue May  6 23:48:36 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 14:48:36 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <536955D2.3070104@wingfoot.org>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org> <536954A4.2040904@msapiro.net>
 <536955D2.3070104@wingfoot.org>
Message-ID: <536958B4.1090903@msapiro.net>

On 05/06/2014 02:36 PM, Glenn Sieb wrote:
> On 5/6/14, 5:31 PM, Mark Sapiro wrote:

>> I could always add yet another setting, but I hate that idea for
>> multiple reasons.
>>
> 
> Can there be an option somewhere in between "anonymous_list" and
> "reply_goes_to_list?" One where it can strip the poster's email from the
> reply-to, but leave the other headers alone?


That's covered in my sentence above.

Anyway, that's a decision for the next release, which hopefully isn't
'imminent'.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From rclemings at gmail.com  Tue May  6 23:52:58 2014
From: rclemings at gmail.com (Russell Clemings)
Date: Tue, 6 May 2014 14:52:58 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <536958B4.1090903@msapiro.net>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org> <536954A4.2040904@msapiro.net>
 <536955D2.3070104@wingfoot.org> <536958B4.1090903@msapiro.net>
Message-ID: <CAN7RX0YM-AcXmaEMNzAqXGXdeJsQenUWGnjMvBRdv=D6VUCv7A@mail.gmail.com>

Is the existing change (making sure the poster's address is in the
reply-to) available in a patch? I checked launchpad but if it's there I
couldn't find it. I'd like to see if I can apply it to 2.1.17 while waiting
for cPanel to upgrade to 2.1.18.

FWIW, I'd vote against a rollback to the earlier behavior. I got several
complaints about the poster's email address going missing. So I ended up
setting first_strip_reply_to to "No," which of course is also a problem
because I have max_num_recipients set pretty low (4).

rac


On Tue, May 6, 2014 at 2:48 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/06/2014 02:36 PM, Glenn Sieb wrote:
> > On 5/6/14, 5:31 PM, Mark Sapiro wrote:
>
> >> I could always add yet another setting, but I hate that idea for
> >> multiple reasons.
> >>
> >
> > Can there be an option somewhere in between "anonymous_list" and
> > "reply_goes_to_list?" One where it can strip the poster's email from the
> > reply-to, but leave the other headers alone?
>
>
> That's covered in my sentence above.
>
> Anyway, that's a decision for the next release, which hopefully isn't
> 'imminent'.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/rclemings%40gmail.com
>

From mark at msapiro.net  Wed May  7 00:13:09 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 06 May 2014 15:13:09 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <CAN7RX0YM-AcXmaEMNzAqXGXdeJsQenUWGnjMvBRdv=D6VUCv7A@mail.gmail.com>
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org> <536954A4.2040904@msapiro.net>
 <536955D2.3070104@wingfoot.org> <536958B4.1090903@msapiro.net>
 <CAN7RX0YM-AcXmaEMNzAqXGXdeJsQenUWGnjMvBRdv=D6VUCv7A@mail.gmail.com>
Message-ID: <53695E75.5070701@msapiro.net>

On 05/06/2014 02:52 PM, Russell Clemings wrote:
> Is the existing change (making sure the poster's address is in the
> reply-to) available in a patch? I checked launchpad but if it's there I
> couldn't find it. I'd like to see if I can apply it to 2.1.17 while
> waiting for cPanel to upgrade to 2.1.18.


The actual change is the CookHeaders.py diff at
<http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1476>,
but there are other changes in CookHeaders.py and other modules since
2.1.17 that impact this as well so you can't just apply that patch. In
fact, the stuff that's being changed isn't even there in 2.1.17.

It's very convoluted and fragile and touches things like new list
settings as well, and I don't know how it plays with cPanel's mods. It
would almost turn into a full upgrade to 2.1.18.

I'm advising you to not try it.


> FWIW, I'd vote against a rollback to the earlier behavior. I got several
> complaints about the poster's email address going missing. So I ended up
> setting first_strip_reply_to to "No," which of course is also a problem
> because I have max_num_recipients set pretty low (4).


Thanks for voting.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From barry at python.org  Wed May  7 03:06:49 2014
From: barry at python.org (Barry Warsaw)
Date: Tue, 6 May 2014 21:06:49 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
References: <53693C53.4030306@wingfoot.org> <5369461B.80208@msapiro.net>
 <5369517B.8050306@wingfoot.org>
Message-ID: <20140506210649.480fb6ca@anarchist.wooz.org>

On May 06, 2014, at 05:17 PM, Glenn Sieb wrote:

>Fair enough. So, basically I'm fsck'd. Set the lists to be
>"anonymous_list" or set an explicit reply-to to be the lists and hope
>that strips out the extraneous reply-to entry.

Yes, and sadly it's forced on us by external policies.

I must admit that I'm sympathetic to John Levine's solution over in
mailman-developers.  His implementation adds `.invalid` to the domain in the
From header.  Yes it breaks the standards and you'd still have to explicitly
modify the headers in the reply (the ease of which depends on your MUA), but
it avoids tricky interactions with the already fragile and overloaded Reply-To
header munging, and points the finger in the direction of the original problem.

I need to read that whole thread and think about it some more.  It's painfully
clear that DMARC as defined and implemented today is poison to mailing lists,
and it's a shame that you, our dear users, are the canaries.  I hope we can
have some constructive discussions with the DMARC advocates about how to
restore usability to mailing lists in a DMARC pervasive world.

Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20140506/b09a110a/attachment-0001.sig>

From stephen at xemacs.org  Wed May  7 05:46:32 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 07 May 2014 12:46:32 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <20140506103028.1fe05538@anarchist.wooz.org>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
Message-ID: <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>

Barry Warsaw writes:
 > On May 06, 2014, at 02:15 PM, Stephen J. Turnbull wrote:
 > 
 > >No, the point is that a phishing mail with
 > >
 > >    From: Chase Bank Customer Service <service at chase.com.invalid>
 > >
 > >will sail right past DMARC, as currently set up.
 > 
 > So too will service at chase.com.ru without Mailman ever getting
 > involved, and I bet that will be just as effective at phishing as
 > .invalid.

Et tu, FLUFL?

The point is that if Mailman provides this, it becomes a "standard"
way to get a DMARC p=reject address past DMARC p=reject, and people
*may* develop an "it may say .INVALID, but it's OK" reflex.

As I wrote to John Levine on mailman-developers, if operators want to
experiment with it, that's one thing.  But does *Mailman* want to take
part in encouraging that "it's OK *because* it's .INVALID" meme?  Do
we want to encourage phishers to use something that looks like a
Mailman feature, and have the DMARC WG come back with something that
involves "anything that looks like my domain"?

The DMARC WG advocates putting list-post in "From" in place of a DMARC
p=reject address.  I advocate accepting their advice for stock Mailman,
and avoiding other non-conforming workarounds until the market demands
them.  If it gets noisy, feel free to cave in faster than you did on
Reply-To munging.<wink />

Steve

From stephen at xemacs.org  Wed May  7 06:08:16 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 07 May 2014 13:08:16 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list munging.
In-Reply-To: <53693C53.4030306@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
Message-ID: <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>

Glenn Sieb writes:

 > So I updated to 2.1.18-1 today. Now we have a Reply-To that has the
 > poster's email and the list's email address.
 > 
 > A few of the lists I run block emails with more than one recipient, so
 > now this is going to be an adventure. (Ok, more like a nightmare, as
 > right now it appears my choices are "make reply-to only the list"
 > ("anonymous_list") or "make reply-to the poster and the list.")

What is the intent of the restriction?  Are you trying to get the
users to use "reply to author" by punishing them with a black hole if
they don't, and then set Reply-To to list-post so that nobody ever
gets a personal reply?  Or is this intended to prevent people from
including 3rd parties in the OP (of course, you can't -- they can
always BCC and you'll never know)?

I suppose your users would get upset if you used
dmarc_moderation_action = 'Wrap Message' instead of whichever_option =
'Mung From'?

Given Mark's reply, probably you'll need use a custom Handler,
whatever the requirements.  Is that acceptable (ie, you have the
necessary accesses)?  N.B. It's possible to restrict use of Handlers
to particular lists by giving them list-specific pipelines.

Steve

From pshute at nuw.org.au  Wed May  7 06:25:13 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Wed, 7 May 2014 14:25:13 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>


Stephen J. Turnbull wrote:

> The DMARC WG advocates putting list-post in "From" in place 
> of a DMARC p=reject address.  I advocate accepting their 
> advice for stock Mailman, and avoiding other non-conforming 
> workarounds until the market demands them.  If it gets noisy, 
> feel free to cave in faster than you did on Reply-To munging.<wink />

Can you explain that for the uneducated, please? What do you mean by "list-post"? Is that the list address?

Peter Shute

From stephen at xemacs.org  Wed May  7 08:07:16 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 07 May 2014 15:07:16 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
Message-ID: <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:
 > 
 > Stephen J. Turnbull wrote:
 > 
 > > The DMARC WG advocates putting list-post in "From" in place 
 > > of a DMARC p=reject address.  I advocate accepting their 
 > > advice for stock Mailman, and avoiding other non-conforming 
 > > workarounds until the market demands them.  If it gets noisy, 
 > > feel free to cave in faster than you did on Reply-To munging.<wink />
 > 
 > Can you explain that for the uneducated, please?

Ouch!  Sorry for the tech talk, often it's a useful habit, but not
always.

 > What do you mean by "list-post"? Is that the list address?

There are several addresses that Mailman uses that might plausibly be
called "the list address".  The one you are thinking of is often
called "List-Post" because there is a header, hidden by most mail
clients, by that name, to allow mail clients to automatically
recognize the posting address (some provide a separate command for
reply-to-list).  It is the address where members send posts.

But there's also the list owner's address (one might think of that as
"headquarters", and therefore "the list address").


From fil at rezo.net  Wed May  7 08:44:42 2014
From: fil at rezo.net (Fil)
Date: Wed, 7 May 2014 08:44:42 +0200
Subject: [Mailman-Users] MM-2.1.15: Small bug regarding the "request
 forgery check"
In-Reply-To: <CAAdA2WOHiB5a3SAdmMfEGjWu4z-sb5susnPQVaORV9KiLsFX0Q@mail.gmail.com>
References: <20121111103717.GB30392@charite.de> <509FBD4B.2020408@msapiro.net>
 <20121111173812.GF18233@charite.de>
 <CAAdA2WOHiB5a3SAdmMfEGjWu4z-sb5susnPQVaORV9KiLsFX0Q@mail.gmail.com>
Message-ID: <CAERh8-kmMe7ZjdAVX2=3VX5WHADW_85hHU_XJCGUzwkJmwyWJQ@mail.gmail.com>

Hi everyone,

I had this issue with MM 2.1.16 and the listname/members?start=(email) URL:
it would display the message "Error: The form lifetime has expired. (request
forgery check)" at the top of the page.

Dug in my archives and found this reference:

On Sun, Nov 11, 2012 at 7:09 PM, Odhiambo Washington <odhiambo at gmail.com>wrote:

> > > > Error: The form lifetime has expired. (request forgery check)
> > >
> > >
> > > I found and fixed this several days ago. See
> > > <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1366
> >.
> >



My problem was fixed by adding the parameter 'start' to the list of safe
params on hte very same line of Cgi/admin.py


-- Fil

From pshute at nuw.org.au  Wed May  7 10:34:08 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Wed, 7 May 2014 18:34:08 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>

> On 7 May 2014, at 4:07 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Peter Shute writes:
>> 
>> Stephen J. Turnbull wrote:
>> 
>>> The DMARC WG advocates putting list-post in "From" in place 
>>> of a DMARC p=reject address.  I advocate accepting their 
>>> advice for stock Mailman, and avoiding other non-conforming 
>>> workarounds until the market demands them.  If it gets noisy, 
>>> feel free to cave in faster than you did on Reply-To munging.<wink />
>> 
>> Can you explain that for the uneducated, please?
> 
> Ouch!  Sorry for the tech talk, often it's a useful habit, but not
> always.
> 
>> What do you mean by "list-post"? Is that the list address?
> 
> There are several addresses that Mailman uses that might plausibly be
> called "the list address".  The one you are thinking of is often
> called "List-Post" because there is a header, hidden by most mail
> clients, by that name, to allow mail clients to automatically
> recognize the posting address (some provide a separate command for
> reply-to-list).  It is the address where members send posts.
> 
> But there's also the list owner's address (one might think of that as
> "headquarters", and therefore "the list address")

Thanks, I understand now. If the result of this is that replies go to everyone on the list, this is something we don't want for our list. Private replies becoming public means trouble, and we have enough of it already when people Reply All by accident.

We've been getting by rejecting then manually forwarding yahoo and aol emails to the list. At least then accidental replies only come to us instead of everyone, and there's an obvious cue for the senders to get new addresses.

Peter Shute

From jdanield at free.fr  Wed May  7 10:43:38 2014
From: jdanield at free.fr (jdd)
Date: Wed, 07 May 2014 10:43:38 +0200
Subject: [Mailman-Users] inn gateway
In-Reply-To: <53692A36.4040001@msapiro.net>
References: <5367BAD6.5050805@free.fr> <536821DE.4080101@msapiro.net>
 <536886C5.2050100@free.fr> <5368FB58.408@msapiro.net>
 <536922D9.5030002@free.fr> <53692A36.4040001@msapiro.net>
Message-ID: <5369F23A.50503@free.fr>

Le 06/05/2014 20:30, Mark Sapiro a ?crit :

> was written immediately after that message was queued by gate_news in
> Mailman's incoming queue, so it was "delivered" to the list.
>
I don't understand what happened really, because the messages where *archived* 
but not d?livered to the list!!

as the newsgroup was nearly empty, I could use m.usenet_watermark = 0 and this 
seems to have solved the problem

some notes about it here:

http://dodin.info/wiki/index.php?n=Doc.Mailman#toc13

thanks

-- 
http://www.dodin.org

From stephen at xemacs.org  Wed May  7 15:59:35 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 07 May 2014 22:59:35 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
Message-ID: <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > Thanks, I understand now. If the result of this is that replies go
 > to everyone on the list, this is something we don't want for our
 > list. Private replies becoming public means trouble, and we have
 > enough of it already when people Reply All by accident.

In that case, in Mailman 2.1.18-1, you probably get the best of all
worlds by setting

    'from_is_list' to 'Munge From'

which puts the list in "From", deleting any other addresses from
"From" (thus disabling DMARC), and then puts the poster in "Reply-To",

    'reply_to_list' to 'Poster'

which leaves the "Reply-To" header as it finds it.  Finally, set

    'personalize' to 'Full Personalization'

which puts the recipient in "To".  The first two are on the General
Options page, the last on the Nondigest Options page.

The rules for these options are complicated, but if I've thought
correctly about this, in most cases the header of the post as
distributed to subscribers will say

    To: each-subscriber at home
    From: the-list at your-org
    Reply-To: the-poster at home

Although "the-list" is *visible* in "From", conforming mail clients
will *not* pay attention to it (the "rules" say Reply-To takes
precedence over From as the author's address), and even a Reply All
will produce a message addressed as

    To: the-poster at home
    From: each-subscriber at home

In order to also CC the list, the replying subscriber would have to
deliberately copy/paste the list address into "To", "Cc", or "Bcc".
This depends on the replying subscriber's mail program, so there are
no guarantees, but it seems very unlikely to me that any of your
subscribers will inadvertantly CC the list with that configuration.

The only downsides are that (1) the list appears to claims to be
authoring all the posts, and send each privately to each subscriber
(but I wouldn't be surprised if few subscribers notice more than
"something changed") and (2) full personalization uses more resources,
potentially a lot more.  On the other hand, with reasonably modern
equipment and say 5 lists each with 500 subscribers and 10 posts each
per day, the server will literally spend more time waiting for the
next post than it does delivering them.

Network bandwidth is a more important consideration, because if you
have many subscribers at one domain, you can tell that domain to
deliver to a long list of those subscribers, and then send the message
once.  But if you personalize, then each message is (slightly)
different, and must be sent separately.  If you want advice about
resource usage in your situation, don't hesitate to ask here.  I have
no experience with that configuration, but I suspect Mark has the
numbers on tap, and I'm sure many of our lurkers do.

Hope this helps,

Steve


From ubuntu at fachschaft.physik.uni-bielefeld.de  Wed May  7 16:15:59 2014
From: ubuntu at fachschaft.physik.uni-bielefeld.de (Viktor)
Date: Wed, 07 May 2014 16:15:59 +0200
Subject: [Mailman-Users] new users added to custom MemberAdaptor don't
 get emails
In-Reply-To: <536565BD.7010903@msapiro.net>
References: <53651DEA.4010909@msapiro.net> <536565BD.7010903@msapiro.net>
Message-ID: <536A401F.1060707@fachschaft.physik.uni-bielefeld.de>

On 2014-05-03 23:55, Mark Sapiro wrote:

>> I can't say more about what to do without actually seeing your
>> MemberAdaptor, however you might look at
>> <https://bugs.launchpad.net/mailman/+bug/558106> for an alternative.

That was actually my starting point to develop my MemberAdapter. I did
not use it directly because the LDAP server might be down sometimes and
I still wanted mails to be delivered. I did not want to try LDAP
replication, partly because it seems complicated and partly because I do
not want the LDAP database on the webserver (even if the login passwords
are hashed).

> OK, I took a quick look at your stuff from
> <http://sourceforge.net/projects/ldapsync/files/>.
> 
> I think your issue is you rely on extend.py to instantiate
> FileMemberships and reload the member data when the list is instantiated.
> 
> I suspect your Mailman is 2.1.14 or older which maintains a list cache
> in the qrunners so the list gets instantiated and cached and further
> references to the list object retrieve it from the cache and update it
> as needed, but it is never again actually instantiated so extend.py is
> never called again.
> 

You are right, it is mailman 2.1.13-5, I am running a debian server.
After upgrading to debian wheezy with mailman 2.1.15-1, the problem
seems fixed.

Thanks.

regards,
Viktor

P.S: It is not wise to register to a mailing list using the address of
another mailing list. I actually replied a few days ago, but I used
'reply to all' and that only send an e-mail to myself and the other
administrator.

From mark at msapiro.net  Wed May  7 16:18:51 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 07:18:51 -0700
Subject: [Mailman-Users] MM-2.1.15: Small bug regarding the "request
 forgery check"
In-Reply-To: <CAERh8-kmMe7ZjdAVX2=3VX5WHADW_85hHU_XJCGUzwkJmwyWJQ@mail.gmail.com>
References: <20121111103717.GB30392@charite.de> <509FBD4B.2020408@msapiro.net>
 <20121111173812.GF18233@charite.de>
 <CAAdA2WOHiB5a3SAdmMfEGjWu4z-sb5susnPQVaORV9KiLsFX0Q@mail.gmail.com>
 <CAERh8-kmMe7ZjdAVX2=3VX5WHADW_85hHU_XJCGUzwkJmwyWJQ@mail.gmail.com>
Message-ID: <536A40CB.9060506@msapiro.net>

On 05/06/2014 11:44 PM, Fil wrote:
> Hi everyone,
> 
> I had this issue with MM 2.1.16 and the listname/members?start=(email)
> URL: it would display the message "Error: The form lifetime has expired.
> (request forgery check)" at the top of the page.


And what generates that URL? Do you have a local mod for this? I don't
see where in the admin UI such a URL is generated or recognized.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From rob at colorist.org  Wed May  7 16:21:56 2014
From: rob at colorist.org (Rob Lingelbach)
Date: Wed, 7 May 2014 09:21:56 -0500
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <31828755-6515-4F1B-A86B-22B990A23EE9@colorist.org>


On May 7, 2014, at 8:59 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> which leaves the "Reply-To" header as it finds it.  Finally, set
> 
>    'personalize' to 'Full Personalization'
> 
> which puts the recipient in "To".  The first two are on the General
> Options page, the last on the Nondigest Options page.

Is it possible the ?personalize? option moved elsewhere in 2.1.18-1?  I?ve just updated to that version and don?t see it on the Nondigest Options page.

Thank you for these suggestions.

Rob

--
Rob Lingelbach  http://rob.colorist.org


From mark at msapiro.net  Wed May  7 16:27:27 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 07:27:27 -0700
Subject: [Mailman-Users] new users added to custom MemberAdaptor don't
 get emails
In-Reply-To: <536A401F.1060707@fachschaft.physik.uni-bielefeld.de>
References: <53651DEA.4010909@msapiro.net> <536565BD.7010903@msapiro.net>
 <536A401F.1060707@fachschaft.physik.uni-bielefeld.de>
Message-ID: <536A42CF.7090705@msapiro.net>

On 05/07/2014 07:15 AM, Viktor wrote:
> 
> You are right, it is mailman 2.1.13-5, I am running a debian server.
> After upgrading to debian wheezy with mailman 2.1.15-1, the problem
> seems fixed.


Good.


> P.S: It is not wise to register to a mailing list using the address of
> another mailing list. I actually replied a few days ago, but I used
> 'reply to all' and that only send an e-mail to myself and the other
> administrator.


It should be OK. Whatever reply issue you had must have been due to some
idiosyncrasy in your MUA (Mail client).

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Wed May  7 16:56:16 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 07 May 2014 23:56:16 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <31828755-6515-4F1B-A86B-22B990A23EE9@colorist.org>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <31828755-6515-4F1B-A86B-22B990A23EE9@colorist.org>
Message-ID: <87mwetiqnj.fsf@uwakimon.sk.tsukuba.ac.jp>

Rob Lingelbach writes:

 > Is it possible the ?personalize? option moved elsewhere in
 > 2.1.18-1?  I?ve just updated to that version and don?t see it on
 > the Nondigest Options page.

Sorry, I haven't updated to 2.1.18-1 yet, I'm reading source and
missed a crucial qualification at the top of the suite.

Because personalization can consume a lot of resources, the site admin
needs to enable personalization with OWNERS_CAN_ENABLE_PERSONALIZATION
in mm_cfg.py, then it will show up on the admin site.

Steve

From rob at colorist.org  Wed May  7 17:12:15 2014
From: rob at colorist.org (Rob Lingelbach)
Date: Wed, 7 May 2014 10:12:15 -0500
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87mwetiqnj.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <31828755-6515-4F1B-A86B-22B990A23EE9@colorist.org>
 <87mwetiqnj.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <0AF81E56-67F0-4F48-BE09-D3FD5B925581@colorist.org>


On May 7, 2014, at 9:56 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> Because personalization can consume a lot of resources, the site admin
> needs to enable personalization with OWNERS_CAN_ENABLE_PERSONALIZATION
> in mm_cfg.py, then it will show up on the admin site.

Thanks.  Impressive.


--
Rob Lingelbach  http://rob.colorist.org


From ges+lists at wingfoot.org  Wed May  7 21:45:08 2014
From: ges+lists at wingfoot.org (Glenn Sieb)
Date: Wed, 07 May 2014 15:45:08 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <536A8D44.80500@wingfoot.org>

On 5/7/14, 12:08 AM, Stephen J. Turnbull wrote:
> What is the intent of the restriction?  Are you trying to get the
> users to use "reply to author" by punishing them with a black hole if
> they don't, and then set Reply-To to list-post so that nobody ever
> gets a personal reply?  Or is this intended to prevent people from
> including 3rd parties in the OP (of course, you can't -- they can
> always BCC and you'll never know)?

What my list owners want out of my lists, and what rules they decide on
for their lists, is not my business. By extension, it is not yours. I
provide them email lists, they ask for things that seem reasonable to
me. When those things suddenly are yanked away, they complain, and I'm
left holding the bag of trying to answer "why."

Your attempt to "explain away" the request by making it sound like some
kind of absurd policy is disingenuous at best.

> I suppose your users would get upset if you used
> dmarc_moderation_action = 'Wrap Message' instead of whichever_option =
> 'Mung From'?

Some use mobile devices. So there's the answer to that question.

> Given Mark's reply, probably you'll need use a custom Handler,
> whatever the requirements.  Is that acceptable (ie, you have the
> necessary accesses)?  N.B. It's possible to restrict use of Handlers
> to particular lists by giving them list-specific pipelines.

I'm just trying to see if there are better options out there. This DMARC
stuff is ridiculous. The providers aren't being blamed for this, we (the
mailing-list providers) are. Doesn't help that the users on services
responsible for the DMARC p=reject stuff aren't getting the bounces,
it's other people whose ISPs are respecting it who are, and they're the
ones who get bounced off of lists because it's *their* bounce score that
gets increased.

It's ridiculous. And I want to know why, exactly, Yahoo Groups isn't
being affected by this. They're not doing the "via YahooGroup" bit, or
wrapping their mails. :-\ I'm betting they're not even honoring the
DMARC from other providers.

*sigh* I hate this frustration.

Best,
--Glenn

From jsetton at waycast.com  Wed May  7 22:16:20 2014
From: jsetton at waycast.com (Jacques Setton)
Date: Wed, 7 May 2014 22:16:20 +0200
Subject: [Mailman-Users] Q : Is there a possibility to localize /
	customize the standard Mailman lists home page / UI look ?
Message-ID: <005a01cf6a31$3724bcd0$a56e3670$@waycast.com>

Mark Sapiro Wed, 30 Apr 2014 08:22:28 -0700 

 

> On 04/30/2014 04:35 AM, Jacques Setton wrote:

> Currently, when choosing a specific local language (French in our case)
for

> Mailman' lists user interface, I have noticed that the standard home page

> (for example the one depicted by 'lists.domain.org/mailman/listinfo')

> remains in the English language. Would there be a possibility to localize

> that page as well ? 

 

>> Set DEFAULT_SERVER_LANGUAGE = 'fr' in mm_cfg.py.

 

Thanks for this hint. After applying such setting, the default home page was
successfully displayed in the French language.

 

> While being on this topic, I'd like also to know if it is possible to

> customize the general look & feel of the display UI say, at the minimum,

> eventually replace or add a custom logo at the level of the Mailman/Python

> logos appearing at the bottom of each page ?

 

>> See Mailman/htmlformat.py, in particular the section beginning with

>> # Logo constants

 

I did look at the 'htmlformat.py' and was able to tailor it by adding the
logo 
reference of the organization which will be using the operational Mailman 
system. Thanks again for this very useful guidance in this respect !

 

- - - - 

 Jacques Setton

 <mailto:jsetton at waycast.com> jsetton at waycast.com


From pshute at nuw.org.au  Wed May  7 22:34:10 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Thu, 8 May 2014 06:34:10 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>

> On 7 May 2014, at 11:59 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Peter Shute writes:
> 
>> Thanks, I understand now. If the result of this is that replies go
>> to everyone on the list, this is something we don't want for our
>> list. Private replies becoming public means trouble, and we have
>> enough of it already when people Reply All by accident.
> 
> In that case, in Mailman 2.1.18-1, you probably get the best of all
> worlds by setting
> 
>  'from_is_list' to 'Munge From'
> 
> which puts the list in "From", deleting any other addresses from
> "From" (thus disabling DMARC), and then puts the poster in "Reply-To",
> 
>  'reply_to_list' to 'Poster'
> 
> which leaves the "Reply-To" header as it finds it.  Finally, set
> 
>  'personalize' to 'Full Personalization'
> 
> which puts the recipient in "To".  The first two are on the General
> Options page, the last on the Nondigest Options page.
> 
> The rules for these options are complicated, but if I've thought
> correctly about this, in most cases the header of the post as
> distributed to subscribers will say
> 
>  To: each-subscriber at home
>  From: the-list at your-org
>  Reply-To: the-poster at home
> 
> Although "the-list" is *visible* in "From", conforming mail clients
> will *not* pay attention to it (the "rules" say Reply-To takes
> precedence over From as the author's address), and even a Reply All
> will produce a message addressed as
> 
>  To: the-poster at home
>  From: each-subscriber at home
> 
> In order to also CC the list, the replying subscriber would have to
> deliberately copy/paste the list address into "To", "Cc", or "Bcc".
> This depends on the replying subscriber's mail program, so there are
> no guarantees, but it seems very unlikely to me that any of your
> subscribers will inadvertantly CC the list with that configuration.

This fixes the accidental private reply to the list problem, but makes it hard to reply to the list, which is what our members normally want to do. The list would probably stop functioning for lack of public discussion.

Am I correct in believing that there is now an option to have these modified behaviours only apply to messages from p=reject senders? Maybe that's a decent compromise, as the rest of the messages can be treated normally, and the p=reject senders will be punished for not getting new addresses by not having their questions discussed by the whole group. So long as gmail and hotmail don't start doing it too, as then a majority of our members will be affected (and will consider they have nowhere left to go).

So does this mean that any solution is going to be a choice between ease of replying to the list and ease of accidental replying to the list?

Peter Shute

From jon.1234 at hotmail.co.uk  Thu May  8 00:41:34 2014
From: jon.1234 at hotmail.co.uk (Jon 1234)
Date: Wed, 7 May 2014 23:41:34 +0100
Subject: [Mailman-Users] Mirror mailing list with web forum
In-Reply-To: <8D5B20FB-9A34-4796-8A99-FDC66371FF5D@yingtong.co.uk>
References: <DUB122-W51A6AA87B81FD7ACB338E0D3530@phx.gbl>, ,
 <534F3F1B.1030700@Damon-Family.org>,
 <DUB122-W7409776B80BF2B1C5D2BED3520@phx.gbl>,
 <8D5B20FB-9A34-4796-8A99-FDC66371FF5D@yingtong.co.uk>
Message-ID: <DUB122-W16BCB8256FFD5C511DCCE1D34E0@phx.gbl>

> From: tim at yingtong.co.uk
> Date: Thu, 17 Apr 2014 19:46:03 +0100
> I have it working with Fudforum and although the fudforum integration was (to me) poorly documented I got it working and has been stable / rock solid for a couple of years now.
> 
> It would be nice to get things like membership linked between the two and to more easily identify forum posters (when their mail hits the list) but that is just a comment not a request (unless someone has worked it out!)



I think
I have got Mailman and FUDforum to work well together by writing two FUDforum
plugins. One uses Mailman?s email/password list for logins to the forum (calling,
using php?s shell_exec() command, two separate withlist scripts based on the
example in the withlist documentation). The other unsets a user?s Mailman
moderation bit (by calling Mark Sapiro?s set_mod withlist script) just before the user?s
first post is approved via FUDforum. 

 

I?ll
post the plugins to the FUDforum website when I?m finished, but in the meantime
I?d be very grateful for comments on the Mailman withlist scripts I?ve used:
(a) will they still work when I upgrade to 2.1.18-1? and (b) is there a better
way of doing it? Thanks in advance, and feel free to ask for further information!

 

#! /path/to/bin/python

from Mailman.Errors import
NotAMemberError

def get_name(mlist, member):

   
try:


                print
'%s' % (mlist.getMemberName(member))

   
except NotAMemberError:

       
print 'No address matched:', member

 

#! /path/to/bin/python

from Mailman.Errors import
NotAMemberError

def get_password(mlist, member):

   
try:

                print
'%s' % (mlist.getMemberPassword(member))

   
except NotAMemberError:

       
print 'No address matched:', member

  		 	   		  

From mark at msapiro.net  Thu May  8 00:47:13 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 15:47:13 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <536A8D44.80500@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
Message-ID: <536AB7F1.9020202@msapiro.net>

On 05/07/2014 12:45 PM, Glenn Sieb wrote:
> 
> It's ridiculous. And I want to know why, exactly, Yahoo Groups isn't
> being affected by this. They're not doing the "via YahooGroup" bit, or
> wrapping their mails. :-\ I'm betting they're not even honoring the
> DMARC from other providers.


Yahoo groups doesn't have problems with mail From: yahoo.com because
they send the mail with envelope from ... at returns.groups.yahoo.com which
passes SPF and aligns with the domain in From:, but the interesting
question is what do they do with a post From: aol.com. I haven't had
time to test that yet.

Note that google groups does the same From: munging that Mailman does,
and only for From: domains that publish DMARC p=reject.


> *sigh* I hate this frustration.


So do we all. The Mailman development community resents as much as
anyone being forced into this "here's what *we're* doing, now *you* have
to figure out how to deal with it" bind, but that's where we are. We are
trying to talk with DMARC proponents, and we're trying to figure out how
to mitigate the effects with the least possible disruption to users and
to long term, established standards and practices.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  8 00:52:00 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 15:52:00 -0700
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
Message-ID: <536AB910.7040102@msapiro.net>

On 05/07/2014 01:34 PM, Peter Shute wrote:
> 
> Am I correct in believing that there is now an option to have these modified behaviours only apply to messages from p=reject senders?


Yes. At least in the latest release (2.1.18-1), there is
dmarc_moderation_action which selects an action to apply only to
messages From: domains that publish DMARC p=reject or optionally
p=quarantine policies.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jimpop at gmail.com  Thu May  8 00:58:37 2014
From: jimpop at gmail.com (Jim Popovitch)
Date: Wed, 7 May 2014 18:58:37 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <536AB7F1.9020202@msapiro.net>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org> <536AB7F1.9020202@msapiro.net>
Message-ID: <CAGfsgR3pwa=VtcdG+s6ZpTFiip1mKNGknJRQOhjP6jNvOzWtVw@mail.gmail.com>

On Wed, May 7, 2014 at 6:47 PM, Mark Sapiro <mark at msapiro.net> wrote:
> We are trying to talk with DMARC proponents,

You won't be successful until those people themselves figure out what
they are doing (and then they agree to quit using the Internet as a
testbed)  :-)   Honestly, they (one of the principal DMARC spec
authors works for Yahoo) ignored their own advice, imagine how well
that would go over in some other industries.

-Jim P.

From mark at msapiro.net  Thu May  8 01:50:59 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 16:50:59 -0700
Subject: [Mailman-Users] Mirror mailing list with web forum
In-Reply-To: <DUB122-W16BCB8256FFD5C511DCCE1D34E0@phx.gbl>
References: <DUB122-W51A6AA87B81FD7ACB338E0D3530@phx.gbl>, ,
 <534F3F1B.1030700@Damon-Family.org>,
 <DUB122-W7409776B80BF2B1C5D2BED3520@phx.gbl>,
 <8D5B20FB-9A34-4796-8A99-FDC66371FF5D@yingtong.co.uk>
 <DUB122-W16BCB8256FFD5C511DCCE1D34E0@phx.gbl>
Message-ID: <536AC6E3.3050400@msapiro.net>

On 05/07/2014 03:41 PM, Jon 1234 wrote:

> 
> I?d be very grateful for comments on the Mailman withlist scripts I?ve used:
> (a) will they still work when I upgrade to 2.1.18-1? and (b) is there a better
> way of doing it? Thanks in advance, and feel free to ask for further information!
> 
>  
> 
> #! /path/to/bin/python
> 
> from Mailman.Errors import
> NotAMemberError
> 
> def get_name(mlist, member):
> 
>    
> try:
> 
> 
>                 print
> '%s' % (mlist.getMemberName(member))
> 
>    
> except NotAMemberError:
> 
>        
> print 'No address matched:', member
> 
>  
> 
> #! /path/to/bin/python
> 
> from Mailman.Errors import
> NotAMemberError
> 
> def get_password(mlist, member):
> 
>    
> try:
> 
>                 print
> '%s' % (mlist.getMemberPassword(member))
> 
>    
> except NotAMemberError:
> 
>        
> print 'No address matched:', member


I'll assume that all the spacing and indentation anomalies are due to
mangling by your email client and try to ignore them, so your question
boils down to

Do the list methods getMemberName(member) and getMemberPassword(member)
work the same in 2.1.18-1 and throw the same NotAMemberError exception
if member is not a member?

The answer is an unequivocal Yes.

Note that the shebang line "#! /path/to/bin/python" is unnecessary since
these can't and don't run standalone.

On the other hand, it is a bit of overkill to do these as withlist
scripts because of the withlist setup and takedown. You could, e.g., do
something like

#! /path/to/bin/python
import sys
import paths
from Mailman import MailList
from Mailman.Errors import MMUnknownListError, NotAMemberError
try:
    mlist = MailList.MailList(sys.argv[1])
except MMUnknownListError:
    print 'No such list: %s' % sys.argv[1]
    sys.exit(1)
try:
    print mlist.getMemberName(sys.argv[2])
except NotAMemberError:
    print 'No address matched: %s' % member

as a standalone script to be run as

/path/to/mailman/bin/get_name listname memberaddress

and similarly for the password. Note this would need to be run from
Mailman's bin/ directory for import paths to work and get all the other
paths.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  8 02:31:32 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 17:31:32 -0700
Subject: [Mailman-Users] Mirror mailing list with web forum
In-Reply-To: <536AC6E3.3050400@msapiro.net>
References: <DUB122-W51A6AA87B81FD7ACB338E0D3530@phx.gbl>, ,
 <534F3F1B.1030700@Damon-Family.org>,
 <DUB122-W7409776B80BF2B1C5D2BED3520@phx.gbl>,
 <8D5B20FB-9A34-4796-8A99-FDC66371FF5D@yingtong.co.uk>
 <DUB122-W16BCB8256FFD5C511DCCE1D34E0@phx.gbl> <536AC6E3.3050400@msapiro.net>
Message-ID: <536AD064.6050705@msapiro.net>

On 05/07/2014 04:50 PM, Mark Sapiro wrote:
> 
> On the other hand, it is a bit of overkill to do these as withlist
> scripts because of the withlist setup and takedown. You could, e.g., do
> something like
> 
> #! /path/to/bin/python
> import sys
> import paths
> from Mailman import MailList
> from Mailman.Errors import MMUnknownListError, NotAMemberError
> try:
>     mlist = MailList.MailList(sys.argv[1])
> except MMUnknownListError:
>     print 'No such list: %s' % sys.argv[1]
>     sys.exit(1)
> try:
>     print mlist.getMemberName(sys.argv[2])
> except NotAMemberError:
>     print 'No address matched: %s' % member
> 

There are two errors in the above.

The 7th line should be

    mlist = MailList.MailList(sys.argv[1], lock=False)

and the last line should be

    print 'No address matched: %s' % sys.argv[2]

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Thu May  8 02:41:13 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Thu, 8 May 2014 10:41:13 +1000
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <536AB910.7040102@msapiro.net>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
 <536AB910.7040102@msapiro.net>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>

 Mark Sapiro wrote:
> > Am I correct in believing that there is now an option to 
> have these modified behaviours only apply to messages from 
> p=reject senders?
> 
> 
> Yes. At least in the latest release (2.1.18-1), there is 
> dmarc_moderation_action which selects an action to apply only 
> to messages From: domains that publish DMARC p=reject or 
> optionally p=quarantine policies.

If it means that Reply vs Reply All work differently for list messages from different domains, will it only lead to users becoming hopelessly confused? Is there anyone who's already using this who could report on the reactions from users?

Peter Shute

From stephen at xemacs.org  Thu May  8 04:36:55 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 08 May 2014 11:36:55 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <536A8D44.80500@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org>
Message-ID: <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp>

Glenn Sieb writes:

 > What my list owners want out of my lists, and what rules they
 > decide on for their lists, is not my business. By extension, it is
 > not yours.

If you just want to vent, please say so.  I thought you were asking
for help.

If you want help, then the questions I asked are essential to doing a
good job for your list owners.  There are two reasons for that.

(1) Users often request a feature that they believe accomplishes a
    certain goal, but it does not.  All too often implementing that
    feature does not satisfy their need, with attendant frustration
    all around.  Letting the developer design the feature to achieve
    the goal often (although not always) does a better job of
    satisfying needs.

(2) Often either the current implementation of the program or the
    nature of the world means that not all needs can be satisfied, and
    a compromise must be suggested.  Knowing the goals (reasons why)
    can help the designer suggest a better (accomplishes more goals
    more fully) or more palatable (emphasizes more important goals)
    compromise.

See my dialog with Peter Shute for an example of how such design can
succeed.  It's rare that we get 95%[1] success that way because of (2),
but my lack of understanding of his lists' requirements displayed at
the start is the usual case.

 > I'm just trying to see if there are better options out there.

And I'm just trying to understand what "better" means to you and your
list owners and subscribers.


Footnotes: 
[1]  Not yet 100% success because of the increased resource
requirement, which can be a blocker.


From stephen at xemacs.org  Thu May  8 04:46:28 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 08 May 2014 11:46:28 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <CAGfsgR3pwa=VtcdG+s6ZpTFiip1mKNGknJRQOhjP6jNvOzWtVw@mail.gmail.com>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org> <536AB7F1.9020202@msapiro.net>
 <CAGfsgR3pwa=VtcdG+s6ZpTFiip1mKNGknJRQOhjP6jNvOzWtVw@mail.gmail.com>
Message-ID: <87ha51htrv.fsf@uwakimon.sk.tsukuba.ac.jp>

Jim Popovitch writes:
 > On Wed, May 7, 2014 at 6:47 PM, Mark Sapiro <mark at msapiro.net> wrote:
 > > We are trying to talk with DMARC proponents,
 > 
 > You won't be successful until those people themselves figure out what
 > they are doing

That's true, but those folks (or, more accurately, their bosses) have
their shorts in a knot over the recent attacks.  I don't have a lot of
sympathy for the corporations which have a long history of half-baked
implementations, but our best bet is to help them figure it out.

 > (and then they agree to quit using the Internet as a testbed)  :-)

But there is no other.  I can't really blame them for eventually going
live, I just wish they tried harder to work and play well with others.

 > Honestly, they (one of the principal DMARC spec authors works for
 > Yahoo) ignored their own advice, imagine how well that would go
 > over in some other industries.

Happens all the time.  Ford Pinto gas tanks, space shuttle O-rings,
the list goes on.  Let's have some perspective: nobody died this time.
And I doubt the principal authors ignored their own advice; some PHB
did it.

From turnbull at sk.tsukuba.ac.jp  Thu May  8 04:55:20 2014
From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 08 May 2014 11:55:20 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
Message-ID: <87fvklhtd3.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > So does this mean that any solution is going to be a choice between
 > ease of replying to the list and ease of accidental replying to the
 > list?

Yes, and that's an unsolvable problem.  Some replies should be public,
some should be private, and only the user can know which is which.  We
can bias things one way or the other, but we can't really do much on
the list side to improve accuracy of addressing.

MUAs could help a bit more than they do, but they're just programs,
too.  In the end, you have to assume the user knows what she's doing,
and that isn't always true.




From stephen at xemacs.org  Thu May  8 04:59:10 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 08 May 2014 11:59:10 +0900
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
 <536AB910.7040102@msapiro.net>
 <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>
Message-ID: <87eh05ht6p.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > If it means that Reply vs Reply All work differently for list
 > messages from different domains,

It does.

 > will it only lead to users becoming hopelessly confused? Is there
 > anyone who's already using this who could report on the reactions
 > from users?

Good question.  Anybody?

From khbkhb at gmail.com  Thu May  8 05:05:51 2014
From: khbkhb at gmail.com (Keith Bierman)
Date: Wed, 7 May 2014 21:05:51 -0600
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <87eh05ht6p.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
 <536AB910.7040102@msapiro.net>
 <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>
 <87eh05ht6p.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <CAHSokPyF5iz8XUYx5EWK+ud1Xw_1HwbB=Eb_sSEoX0=X_KFHPw@mail.gmail.com>

My experience is that for most lists, the members are chronically confused
about nearly everything having to do with addressing. Since very few list
members are going to be subscribed from different ISPs at the same time
(and those are apt to be the most expert) I don't expect this change (when
I can upgrade, I'm hostage to my ISP's cPanel support) will create any
*additional* confusion in the minds of the easily confused.

Keith Bierman
khbkhb at gmail.com
kbiermank AIM
303 997 2749


On Wed, May 7, 2014 at 8:59 PM, Stephen J. Turnbull <stephen at xemacs.org>wrote:

> Peter Shute writes:
>
>  > If it means that Reply vs Reply All work differently for list
>  > messages from different domains,
>
> It does.
>
>  > will it only lead to users becoming hopelessly confused? Is there
>  > anyone who's already using this who could report on the reactions
>  > from users?
>
> Good question.  Anybody?
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/khbkhb%40gmail.com
>

From cgtyoder at alum.mit.edu  Thu May  8 05:26:33 2014
From: cgtyoder at alum.mit.edu (Conrad G T Yoder)
Date: Wed, 7 May 2014 23:26:33 -0400
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <CAHSokPyF5iz8XUYx5EWK+ud1Xw_1HwbB=Eb_sSEoX0=X_KFHPw@mail.gmail.com>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
 <536AB910.7040102@msapiro.net>
 <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>
 <87eh05ht6p.fsf@uwakimon.sk.tsukuba.ac.jp>
 <CAHSokPyF5iz8XUYx5EWK+ud1Xw_1HwbB=Eb_sSEoX0=X_KFHPw@mail.gmail.com>
Message-ID: <F6BE0274-2941-4543-850B-3ABAD3E0398D@alum.mit.edu>

What Keith said.  Either users are curious about this and will take the time to understand, or they throw up their hands and ?Computers!? and they will do the minimum to get things working, which is how it was before.

My hosting provider, Dreamhost, just upgraded from 2.1.14 to 2.1.17 mere hours ago.  (Apparently weren?t willing to wait to do testing on 2.1.18-1.)  So we will squint thoughtfully at the monitor, nod almost imperceptibly, pick a setting which is the least egregious to fix this problem, and then have some scotch.

-Conrad


On May 7, 2014, at 11:05 PM, Keith Bierman <khbkhb at gmail.com> wrote:

> My experience is that for most lists, the members are chronically confused
> about nearly everything having to do with addressing. Since very few list
> members are going to be subscribed from different ISPs at the same time
> (and those are apt to be the most expert) I don't expect this change (when
> I can upgrade, I'm hostage to my ISP's cPanel support) will create any
> *additional* confusion in the minds of the easily confused.
> 
> Keith Bierman
> khbkhb at gmail.com
> kbiermank AIM
> 303 997 2749
> 
> 
> On Wed, May 7, 2014 at 8:59 PM, Stephen J. Turnbull <stephen at xemacs.org>wrote:
> 
>> Peter Shute writes:
>> 
>>> If it means that Reply vs Reply All work differently for list
>>> messages from different domains,
>> 
>> It does.
>> 
>>> will it only lead to users becoming hopelessly confused? Is there
>>> anyone who's already using this who could report on the reactions
>>> from users?
>> 
>> Good question.  Anybody?
>> ------------------------------------------------------
>> Mailman-Users mailing list Mailman-Users at python.org
>> https://mail.python.org/mailman/listinfo/mailman-users
>> Mailman FAQ: http://wiki.list.org/x/AgA3
>> Security Policy: http://wiki.list.org/x/QIA9
>> Searchable Archives:
>> http://www.mail-archive.com/mailman-users%40python.org/
>> Unsubscribe:
>> https://mail.python.org/mailman/options/mailman-users/khbkhb%40gmail.com
>> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/cgtyoder%40alum.mit.edu

--
Suspicion breeds confidence.


From mark at msapiro.net  Thu May  8 06:11:39 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 07 May 2014 21:11:39 -0700
Subject: [Mailman-Users] Add PayPal to DNs publishing DMARC p=reject
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>
References: <1399234064.48411.198.camel@pudina.fmp.com>
 <BD51BD9F-1EE1-4C01-A3D2-0D3E2CB299E6@portadmiral.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FCEB@nuwvicms2>
 <87y4ygk8xh.fsf@uwakimon.sk.tsukuba.ac.jp>
 <8E555B06-D445-458D-8861-B79B5C6B73A3@nuw.org.au>
 <87sionjxn4.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20140506103028.1fe05538@anarchist.wooz.org>
 <874n12jlnr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <C2F1879073AE7347BAB44065F143E1700156F3FD32@nuwvicms2>
 <87siomi0kr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <E67944DC-893D-4B8E-B60F-095DBFDF07FD@nuw.org.au>
 <87oaz9ita0.fsf@uwakimon.sk.tsukuba.ac.jp>
 <34AFAE01-D6EE-4EAB-A3AB-1B8A31DFCF5A@nuw.org.au>
 <536AB910.7040102@msapiro.net>
 <C2F1879073AE7347BAB44065F143E1700156F3FD3D@nuwvicms2>
Message-ID: <536B03FB.8030609@msapiro.net>

On 05/07/2014 05:41 PM, Peter Shute wrote:
> 
> If it means that Reply vs Reply All work differently for list messages from different domains, will it only lead to users becoming hopelessly confused? Is there anyone who's already using this who could report on the reactions from users?


It depends. If your MUA offers 'reply to list' that works in all cases
to just reply to the list.

Otherwise, if first_strip_reply-to is No and reply_goes_to_list is
Poster, in the case of From: munging or wrapping, reply will go to the
poster and the poster's original Reply-To: and reply-all will go to the
list. This is slightly different from the un-munged/wrapped case in that
if the poster had an original Reply-To: with a different address, the
poster's From: will be included in 'reply', but basically it's unchanged
in spirit - reply is to the poster and reply-all includes the list.

In the other cases, it is similar except, e.g. if reply_goes_to_list is
This list, simple reply will address the poster as well as the list, but
in most cases, the poster is a list member and would have gotten it anyway.

The intent is to make munged/wrapped behavior as close as possible to
the un-munged/wrapped behavior except that exposing the poster's address
takes priority.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From sylvain at opensource-expert.com  Thu May  8 08:43:51 2014
From: sylvain at opensource-expert.com (Sylvain Viart)
Date: Thu, 08 May 2014 08:43:51 +0200
Subject: [Mailman-Users] count members?
Message-ID: <536B27A7.8020301@opensource-expert.com>

document.write('927');

Hi,

Is there some simple way to just get a counter of the number member 
subscribed in a list?

So it can be put back in some html content.

I've a script for another tool which outputs JavaScript for example:

document.write('927');


(not related, searching the word "counter" gave me this page : 
http://wiki.list.org/display/~valium I suppose you can safely remove it)


Regards,
Sylvain.

From sylvain at opensource-expert.com  Thu May  8 14:53:55 2014
From: sylvain at opensource-expert.com (Sylvain Viart)
Date: Thu, 08 May 2014 14:53:55 +0200
Subject: [Mailman-Users] count members?
In-Reply-To: <536B575C.6060009@parikh.io>
References: <536B27A7.8020301@opensource-expert.com>
 <536B575C.6060009@parikh.io>
Message-ID: <536B7E63.4030904@opensource-expert.com>

On 08/05/2014 12:07, Sajan Parikh wrote:
> You could on a cron write the output of the following command to a 
> file somewhere in your web root, then use your Javascript to read the 
> contents of that file.
>
> root at mailman:/var/lib/mailman# ./bin/list_members discuss | wc -l
> 16
> root at mailman:/var/lib/mailman#
>

Thanks.

I also found:

http://literalbarrage.org/blog/2011/11/14/export-mailman-subscriber-address-lists-without-sshshell-access/

And:

https://mail.python.org/pipermail/mailman-users/2010-October/070389.html

>> Is there some simple way to just get a counter of the number member 
>> subscribed in a list?
>>

I don't have shell access on the mailman server, me neither.

So I wrote:

wget -O - --post-data "adminpw=${adminpw}"  \
     "${listserv}/cgi-bin/mailman/admin/${listname}/members" > out

And started to hack with sed?

This gives some partial result:

sed -n '/<td COLSPAN="11" BGCOLOR="#dddddd"><center><em>/ { 
s/<[^>]\+>//g  ; s/[^0-9 ]\+//g p }' out | awk '{print $2}'
927

The output stored in "out" have some accentuated character not matching 
the current locale of my bash session. So it seems complicated to 
perform the match with sed only?

I've rewritten it in PHP for the web purpose. It is simpler to match number.
I share it here, in case of some interest:

https://gist.github.com/Sylvain303/e012b2a0beec0ffbb6f0


Regards,
Sylvain.

From brennan at columbia.edu  Thu May  8 15:30:30 2014
From: brennan at columbia.edu (Joseph Brennan)
Date: Thu, 08 May 2014 09:30:30 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with
 from_is_list	munging.
In-Reply-To: <87ha51htrv.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <536AB7F1.9020202@msapiro.net>
 <CAGfsgR3pwa=VtcdG+s6ZpTFiip1mKNGknJRQOhjP6jNvOzWtVw@mail.gmail.com>
 <87ha51htrv.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <F818C8A2690997275D36CB00@sodor.cc.columbia.edu>


"Stephen J. Turnbull" <stephen at xemacs.org> wrote:

>  > Honestly, they (one of the principal DMARC spec authors works for
>  > Yahoo) ignored their own advice, imagine how well that would go
>  > over in some other industries.

Let's not overlook Agari, which has a financial stake in offering a 
solution to the problem they helped create. Notice how many dmarc domains 
direct the reports to agari, from which, for a fee, they will get nice 
reports and metrics for their CIO to show around, reports that will show 
how many times their domain was "faked". Agari has an interest in making 
those numbers big, and mailing lists help them do it. The Agari web page 
boasts how many users they "protect", and it features the kind of slick 
writing that impresses people who don't know nuts and bolts.

One of the great failings on Yahoo's part was introducing a Change without 
notice to those affected, not even their own customers (to my knowledge). 
Even sloppy business owners should know not to do that.

Agari introduced "Agari PRO" April 1. Dmarc was pulled from standards track 
April 2. Yahoo implemented dmarc April 4. What was the rush?


> Let's have some perspective: nobody died this time.

So true. In 100 years who will know the difference.


Joseph Brennan
Manager, Email and Systems Applications
Columbia University Information Technology





From sylvain at opensource-expert.com  Thu May  8 15:47:21 2014
From: sylvain at opensource-expert.com (Sylvain Viart)
Date: Thu, 08 May 2014 15:47:21 +0200
Subject: [Mailman-Users] web search members criteria mod
Message-ID: <536B8AE9.9070300@opensource-expert.com>

Hi,

Is it possible to use the member management form, or some tricks, to 
filter members authorized to post to an announce list?

newsletter : How do I create a newsletter/announcement/one-way list?
http://wiki.list.org/pages/viewpage.action?pageId=4030685


May be not?
Should I use : accept_these_nonmembers  and moderate everyone including 
the poster?


I know the trick about

   Approved: <password>

But I'm sure every post will bounce once, and the poster will forget it 
every time? :-\

Regards,
Sylvain.

From sylvain at opensource-expert.com  Thu May  8 16:06:42 2014
From: sylvain at opensource-expert.com (Sylvain Viart)
Date: Thu, 08 May 2014 16:06:42 +0200
Subject: [Mailman-Users] web search members criteria mod
In-Reply-To: <536B8AE9.9070300@opensource-expert.com>
References: <536B8AE9.9070300@opensource-expert.com>
Message-ID: <536B8F72.2080606@opensource-expert.com>

On 08/05/2014 15:47, Sylvain Viart wrote:
> Is it possible to use the member management form, or some tricks, to 
> filter members authorized to post to an announce list?
>
> newsletter : How do I create a newsletter/announcement/one-way list?
> http://wiki.list.org/pages/viewpage.action?pageId=4030685

Self reply of the question above, it seems you cant:

http://www.mail-archive.com/mailman-users%40python.org/msg55941.html
http://www.mail-archive.com/mailman-users%40python.org/msg42090.html

Only, form command line?

Good keywords: mod or moderator

May be by hacking the cgi with curl? (sick)

Sylvain.

From Morgan.Ecklund at state.vt.us  Thu May  8 16:51:25 2014
From: Morgan.Ecklund at state.vt.us (Ecklund, Morgan)
Date: Thu, 8 May 2014 14:51:25 +0000
Subject: [Mailman-Users] mailman processor sponge?
Message-ID: <AD6D633DB8E1824EA912E136D870AE3C1ED2A175@ENT-EXDAG3.vsms.state.vt.us>

Hello Listers,
I migrated to a VMware ESXI environment  from an old P3/512 MB mailman server (RedHat/sendmail, mailman had been upgraded to 2.1.x (I think)).
The new environment is CentoOS 6.2 Postfix Mailman 2.1.16rc2.
Anyway the old server was a rock!
The new mailman environment is a processor sponge (clearly not an all-natural hand collected sponge either)
I will go over the entire process.
After quite a bit of work with the migration (mostly because my learning curve with postfix)  I got Mailman working.
So we noticed right off the bat that Mailman was maxing the processor and filling memory and later I found that it was filling up the hard drive...
So I had the ESXI admin add another processor and memory.
Fixed the memory problem.
Then all the sudden messages stopped going out to lists ( that was when I found out the drive was filling up).
I found that the data directory was large,  dare I say bloated beyond recognition.
Looked like old held messages were filling up the drive (I think from my Postfix testing, maybe).
I went in and ran "bin/discard data/heldmsg-mailman-1*" restarted mailman. Seemed to fix the problem.
I also noticed there was a  owner-bounces.mbox
-rw-------.  1 mailman mailman 51198511 May  8 10:25 owner-bounces.mbox
The drive filling issue appears to under control now.
Further trouble shooting and a report that we were getting bounce reports saying that google was not allowing more message per smtp connection.
Led me to add these lines to my mm_cfg.py file.
SMTP_MAX_RCPTS = 1
VERP_CONFIRMATIONS = Yes
Now the processor is close to 100%. Messages are going out slow.
I followed some trouble shooting guides to many to mention.

So I put it to you ohh masters of the Mailman universe..
Thanks for any help you can provide.
Morgan Ecklund



From stephen at xemacs.org  Thu May  8 17:44:20 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 09 May 2014 00:44:20 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with
 from_is_list	munging.
In-Reply-To: <F818C8A2690997275D36CB00@sodor.cc.columbia.edu>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org> <536AB7F1.9020202@msapiro.net>
 <CAGfsgR3pwa=VtcdG+s6ZpTFiip1mKNGknJRQOhjP6jNvOzWtVw@mail.gmail.com>
 <87ha51htrv.fsf@uwakimon.sk.tsukuba.ac.jp>
 <F818C8A2690997275D36CB00@sodor.cc.columbia.edu>
Message-ID: <878uqci8bv.fsf@uwakimon.sk.tsukuba.ac.jp>

Joseph Brennan writes:
 > 
 > "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
 > 
 > >  > Honestly, they (one of the principal DMARC spec authors works for
 > >  > Yahoo) ignored their own advice, imagine how well that would go
 > >  > over in some other industries.

I didn't write that, and I dissent from the implied sentiment.

Cheers


From jimpop at gmail.com  Thu May  8 17:46:24 2014
From: jimpop at gmail.com (Jim Popovitch)
Date: Thu, 8 May 2014 11:46:24 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <878uqci8bv.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org> <536AB7F1.9020202@msapiro.net>
 <CAGfsgR3pwa=VtcdG+s6ZpTFiip1mKNGknJRQOhjP6jNvOzWtVw@mail.gmail.com>
 <87ha51htrv.fsf@uwakimon.sk.tsukuba.ac.jp>
 <F818C8A2690997275D36CB00@sodor.cc.columbia.edu>
 <878uqci8bv.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <CAGfsgR2SoBF=ftPbY-W=E2T1bJ33QdRBVC3xNUKrSGCVNHhAeg@mail.gmail.com>

On Thu, May 8, 2014 at 11:44 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Joseph Brennan writes:
>  >
>  > "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
>  >
>  > >  > Honestly, they (one of the principal DMARC spec authors works for
>  > >  > Yahoo) ignored their own advice, imagine how well that would go
>  > >  > over in some other industries.
>
> I didn't write that, and I dissent from the implied sentiment.

I wrote it, and I have no idea why you need to sound like a lawyer
just to tell someone you didn't write something.  :-)   Or at least
you could have just said "Jim wrote that, not me"  :-)

-Jim P.

From drsmith at fsu.edu  Thu May  8 14:14:00 2014
From: drsmith at fsu.edu (Dave Smith)
Date: Thu, 8 May 2014 08:14:00 -0400
Subject: [Mailman-Users] count members?
In-Reply-To: <536B27A7.8020301@opensource-expert.com>
References: <536B27A7.8020301@opensource-expert.com>
Message-ID: <536B7508.2090302@fsu.edu>

from a command line in the mailman/bin directory

-bash-4.1$ ./list_members LISTNAME | wc -l
2



On 05/08/2014 02:43 AM, Sylvain Viart wrote:
> document.write('927');
>
> Hi,
>
> Is there some simple way to just get a counter of the number member 
> subscribed in a list?
>
> So it can be put back in some html content.
>
> I've a script for another tool which outputs JavaScript for example:
>
> document.write('927');
>
>
> (not related, searching the word "counter" gave me this page : 
> http://wiki.list.org/display/~valium I suppose you can safely remove it)
>
>
> Regards,
> Sylvain.
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: 
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-users/drsmith%40fsu.edu
>

-- 
Thanks for your attention in this matter!

Dave Smith
Unix Admin - Information Technology Services
645-8024



From Kevin at RawFedDogs.net  Wed May  7 22:14:13 2014
From: Kevin at RawFedDogs.net (Kevin Monceaux)
Date: Wed, 7 May 2014 15:14:13 -0500
Subject: [Mailman-Users] Private Archives Aren't Private
Message-ID: <20140507201413.GA327@RawFedDogs.net>

Fellow Mailman Users,

I'm considering switching from Ecartis to Mailman to use some of Mailman's
new features for dealing with DMARC.  I have 2.1.18 installed via FreeBSD
ports and have set up a test list.  The list archives are set to private.
When I visit the list info page it displays (The current archive is only
available to the list members.) next to the archive link, but I can click
the link and view the archives without being prompted to log in first.  I'm
probably overlooking something simple.  




-- 

Kevin
http://www.RawFedDogs.net
http://Lassie.RawFedDogs.net
http://www.WacoAgilityGroup.org
Bruceville, TX

What's the definition of a legacy system? One that works!
Errare humanum est, ignoscere caninum.

From Kevin at RawFedDogs.net  Thu May  8 15:44:49 2014
From: Kevin at RawFedDogs.net (Kevin Monceaux)
Date: Thu, 8 May 2014 08:44:49 -0500
Subject: [Mailman-Users] Private Archives Aren't Private
In-Reply-To: <20140507201413.GA327@RawFedDogs.net>
References: <20140507201413.GA327@RawFedDogs.net>
Message-ID: <20140508134449.GA17418@RawFedDogs.net>

On Wed, May 07, 2014 at 03:14:13PM -0500, Kevin Monceaux wrote:

> I have 2.1.18 installed via FreeBSD ports and have set up a test list.
> The list archives are set to private.  When I visit the list info page it
> displays (The current archive is only available to the list members.) next
> to the archive link, but I can click the link and view the archives
> without being prompted to log in first.  I'm probably overlooking
> something simple.  

I was overlooking something simple.  I had an Alias in my Apache virtual
host configuration that was bypassing the mailman CGI script when accessing
the private archives.  I think it was something I added when trying to
figure out a private archive directory permission problem.  Sorry for the
unnecessary noise.



-- 

Kevin
http://www.RawFedDogs.net
http://Lassie.RawFedDogs.net
http://www.WacoAgilityGroup.org
Bruceville, TX

What's the definition of a legacy system? One that works!
Errare humanum est, ignoscere caninum.

From billc_lists at greenbuilder.com  Thu May  8 18:31:14 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Thu, 08 May 2014 11:31:14 -0500
Subject: [Mailman-Users] Subscription flood
Message-ID: <536BB152.10007@greenbuilder.com>

Hi all,

I've got a problem with one of my lists where it's being flooded with 
spurious subscription requests.

The list was set to require subscription confirmation; the innocent 
victims whose addresses were used for the subscription requests started 
complaining, as they'd get anywhere from 2 to 400 (!) confirmation 
requests in a day from a list they'd never even heard of.

About 12 hrs ago I switched it to require Admin approval.  500+ 
subscription requests - mostly in batches of 5-10 from the same address 
- have come through since then.

I attempted requiring both confirmation and admin approval, but the 
order of operations is that the admin isn't asked to approve until a 
confirmation comes through.  That's no help to the victims receiving the 
confirm requests.

Question 1: Is it possible to reverse the order of approval and 
confirmation when requiring both?  The admin then can reject all those 
with duplicates, only allowing the (presumably real) single subscription 
requests to send out a confirmation request.

If so, how would that be done?

Question 2: Any other suggestions on how to handle this?

Currently running mailman 2.1.13_0 (Next stop is to MacPorts list to see 
if the maintainer will update the port to the latest version)

From mark at msapiro.net  Thu May  8 18:37:25 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 08 May 2014 09:37:25 -0700
Subject: [Mailman-Users] web search members criteria mod
In-Reply-To: <536B8AE9.9070300@opensource-expert.com>
References: <536B8AE9.9070300@opensource-expert.com>
Message-ID: <536BB2C5.7010709@msapiro.net>

On 05/08/2014 06:47 AM, Sylvain Viart wrote:
> 
> Is it possible to use the member management form, or some tricks, to
> filter members authorized to post to an announce list?
> 
> newsletter : How do I create a newsletter/announcement/one-way list?
> http://wiki.list.org/pages/viewpage.action?pageId=4030685


>From your followup, you know it is easy from the command line. Since you
don't have that access, see the script at
<http://www.msapiro.net/scripts/mailman-subscribers.py> which you can
use to screen-scrape the wed admin UI and get the membership including
flags in a CSV file which you can filter on mod bit.


> May be not?
> Should I use : accept_these_nonmembers  and moderate everyone including
> the poster?


If the poster is a member, that won't work as the post will be held as
from a moderated member and *_these_nonmembers won't be consulted.


> I know the trick about
> 
>   Approved: <password>
> 
> But I'm sure every post will bounce once, and the poster will forget it
> every time? :-\


This is the ONLY secure way to post to an announce list. Without this,
anyone on the list knows who an authorized poster is as soon as they
receive a post, and can spoof that address if they want to post.

Well maybe not the ONLY way. You can always moderate everyone and hold
moderated posts and then approve the ones you want, but that is a lot of
work for a moderator.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  8 19:02:41 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 08 May 2014 10:02:41 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536BB152.10007@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com>
Message-ID: <536BB8B1.4040808@msapiro.net>

On 05/08/2014 09:31 AM, Bill Christensen wrote:
> 
> Question 1: Is it possible to reverse the order of approval and
> confirmation when requiring both?  The admin then can reject all those
> with duplicates, only allowing the (presumably real) single subscription
> requests to send out a confirmation request.


It would require significant code changes.


> If so, how would that be done?
> 
> Question 2: Any other suggestions on how to handle this?
> 
> Currently running mailman 2.1.13_0 (Next stop is to MacPorts list to see
> if the maintainer will update the port to the latest version)


There are mitigations which may help in Mailman 2.1.16. See
<https://bugs.launchpad.net/mailman/+bug/1082746>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May  8 19:19:06 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 08 May 2014 10:19:06 -0700
Subject: [Mailman-Users] mailman processor sponge?
In-Reply-To: <AD6D633DB8E1824EA912E136D870AE3C1ED2A175@ENT-EXDAG3.vsms.state.vt.us>
References: <AD6D633DB8E1824EA912E136D870AE3C1ED2A175@ENT-EXDAG3.vsms.state.vt.us>
Message-ID: <536BBC8A.8030900@msapiro.net>

On 05/08/2014 07:51 AM, Ecklund, Morgan wrote:

> Now the processor is close to 100%. Messages are going out slow.
> I followed some trouble shooting guides to many to mention.


What does 'top' show about the processes using the CPU? If the
process(es) is/are python processes, do 'ps -fw' on their PIDs to see
exactly which runners they are.

Is your 'out' queue backlogged? The symptoms are a lot of files in
qfiles/out (if this is the CentOS/RedHat package that's probably
/var/spool/mailman/out).

Also, Mailman's 'smtp' log which contains entries like

May 08 08:39:11 2014 (5288) <message_id> smtp to listname for nnn
recips, completed in tt.ttt seconds

If the queue is backlogged, each timestamp will be tt.ttt seconds
following the preceding entry.

If the queue is backlogged, see some results of
<https://www.google.com/#q=site:mail.python.org+inurl:mailman+out+queue+backlogged>
including
<https://mail.python.org/pipermail/mailman-users/2012-January/072778.html>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From adam-mailman at amyl.org.uk  Thu May  8 19:14:18 2014
From: adam-mailman at amyl.org.uk (Adam McGreggor)
Date: Thu, 8 May 2014 18:14:18 +0100
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536BB152.10007@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com>
Message-ID: <20140508171418.GI17313@hendricks.amyl.org.uk>

On Thu, May 08, 2014 at 11:31:14AM -0500, Bill Christensen wrote:
> I've got a problem with one of my lists where it's being flooded
> with spurious subscription requests.

[?]

> About 12 hrs ago I switched it to require Admin approval.  500+
> subscription requests - mostly in batches of 5-10 from the same
> address - have come through since then.

[?]

> Question 2: Any other suggestions on how to handle this?

I use fail2ban against Mailman's logs (and sometimes rate-limiting
with iptables based on apache logs).


A

-- 
"Computer games don't affect kids. I mean, if Pac-Man affected us as
 kids, we'd all be running around in darkened rooms, munching pills
 and listening to repetitive music."
    -- Marcus Brigstocke

From heller at deepsoft.com  Thu May  8 21:11:51 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 8 May 2014 15:11:51 -0400
Subject: [Mailman-Users] Private Archives Aren't Private
In-Reply-To: <20140507201413.GA327@RawFedDogs.net>
References: <20140507201413.GA327@RawFedDogs.net>
Message-ID: <201405081911.s48JBpLF014588@sharky2.deepsoft.com>

At Wed, 7 May 2014 15:14:13 -0500 Kevin at RawFedDogs.net wrote:

> 
> Fellow Mailman Users,
> 
> I'm considering switching from Ecartis to Mailman to use some of Mailman's
> new features for dealing with DMARC.  I have 2.1.18 installed via FreeBSD
> ports and have set up a test list.  The list archives are set to private.
> When I visit the list info page it displays (The current archive is only
> available to the list members.) next to the archive link, but I can click
> the link and view the archives without being prompted to log in first.  I'm
> probably overlooking something simple.  

Are you logged in as the list admin?  That is, is the cookie that was created 
the last time you logged in still active?

> 
> 
> 
> 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                           

From ges+lists at wingfoot.org  Thu May  8 21:42:46 2014
From: ges+lists at wingfoot.org (Glenn Sieb)
Date: Thu, 08 May 2014 15:42:46 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <536BDE36.2090509@wingfoot.org>

It is not necessary to cc: me. I get list emails. Emails can go to the
list, unless you wish to take something private. Thank you.

On 5/7/14, 10:36 PM, Stephen J. Turnbull wrote:
> If you just want to vent, please say so.  I thought you were asking
> for help.

Then please work on your phrasing. You sounded very judgmental. "Are
you...*snip*...punishing them with a black hole" "They can always BCC
and you'll never know!"

They apparently set the max_num_recipients to 2 to help prevent spam
from making it onto the lists, as SA is fine and all, but is generally
crap for catching short URI spam.

And, again, what rules my list owners choose to have on their lists is
not my business, but frankly, I see nothing *wrong* with this, and it
makes a metric f*ckton of sense to me given the number of AOL and Yahoo
subscribers on some of the lists. Which makes this whole DMARC stuff
such an effing joke.

> If you want help, then the questions I asked are essential to doing a
> good job for your list owners.  There are two reasons for that.

If I felt what my users were asking for was unreasonable, I wouldn't
have bothered to bring it here. They'd *like* to see who's posting so if
they *choose* to reply privately they can. In the past, this was easy
enough. The From: line was there with the OP's email address. Now, as
far as I can tell, depending on the MUA the *poster* uses, there *might*
be two Reply-Tos--one with the OP email, one with the list address. But
that's not reliable, as it doesn't happen for ALL posters.

Hell, even a munged From: like:

"ges+lists at wingfoot dot org via Mailman-Users <mailman-users at python.org>"

would be a vast improvement over:

"ges+lists--- via Mailman-Users <mailman-users at python.org>"


Best,
--Glenn


From mark at msapiro.net  Thu May  8 21:54:30 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 08 May 2014 12:54:30 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <536BDE36.2090509@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp> <536BDE36.2090509@wingfoot.org>
Message-ID: <536BE0F6.3070809@msapiro.net>

On 05/08/2014 12:42 PM, Glenn Sieb wrote:
> 
> In the past, this was easy
> enough. The From: line was there with the OP's email address. Now, as
> far as I can tell, depending on the MUA the *poster* uses, there *might*
> be two Reply-Tos--one with the OP email, one with the list address. But
> that's not reliable, as it doesn't happen for ALL posters.


There will only be one Reply-To: header in outgoing mail from Mailman
per RFC 822/2822/5322.

With the DMARC mitigations, at least as of 2.1.18, this Reply-To: will
always contain the posters original From: address. Depending on the
first_strip_reply_to and reply_goes_to_list settings of the list and
whether or not there was a Reply-To: in the incoming mail, it may
contain other addresses too. It will never contain duplicate addresses.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From turnbull at sk.tsukuba.ac.jp  Fri May  9 03:39:15 2014
From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Fri, 09 May 2014 10:39:15 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines
	with	from_is_list	munging.
In-Reply-To: <536BDE36.2090509@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536BDE36.2090509@wingfoot.org>
Message-ID: <87y4ybhgsc.fsf@uwakimon.sk.tsukuba.ac.jp>

Glenn Sieb writes:

 > Then please work on your phrasing.

That times time and effort, which I will start saving right now.


From sherwindu at att.net  Fri May  9 09:08:19 2014
From: sherwindu at att.net (sherwin)
Date: Fri, 09 May 2014 02:08:19 -0500
Subject: [Mailman-Users] Can Someone Explain This?
Message-ID: <536C7EE3.5030100@att.net>

I am recently having trouble posting messages to Ibiblio from my
AT&T mail account.  There have been issues lately with AOL and
Yahoo changing their headers, but I was not affected by this.

My email postings to Ibiblio are being rejected with the following error:

This is the mail system at host lists.ibiblio.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<midfex at lists.ibiblio.org>: Command died with status 2:
     "/usr/lib/mailman/mail/mailman post midfex". Command output: Group mismatch
     error.  Mailman expected the mail wrapper script to be executed as group
     "mailman", but the system's mail server executed the mail script as group
     "nobody".  Try tweaking the mail server to run the script as group
     "mailman", or re-run configure,  providing the command line option
     `--with-mail-gid=nobody'.



Reporting-MTA: dns; lists.ibiblio.org
X-Postfix-Queue-ID: 0CFE6235EE
X-Postfix-Sender: rfc822;sherwindu at att.net
Arrival-Date: Fri,  9 May 2014 02:48:43 -0400 (EDT)

Final-Recipient: rfc822;midfex at lists.ibiblio.org
Action: failed
Status: 5.3.0
Diagnostic-Code: x-unix; Group mismatch error.  Mailman expected the mail
     wrapper script to be executed as group "mailman", but the system's mail
     server executed the mail script as group "nobody".  Try tweaking the mail
     server to run the script as group "mailman", or re-run configure,
     providing the command line option `--with-mail-gid=nobody'.


How can this be fixed?

                   Sherwin Dubren

From turnbull at sk.tsukuba.ac.jp  Fri May  9 10:47:24 2014
From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Fri, 09 May 2014 17:47:24 +0900
Subject: [Mailman-Users]  Can Someone Explain This?
In-Reply-To: <536C7EE3.5030100@att.net>
References: <536C7EE3.5030100@att.net>
Message-ID: <87ppjngwyr.fsf@uwakimon.sk.tsukuba.ac.jp>

sherwin writes:

 > <midfex at lists.ibiblio.org>: Command died with status 2:
 >      "/usr/lib/mailman/mail/mailman post midfex". Command output: Group mismatch
 >      error.  Mailman expected the mail wrapper script to be executed as group
 >      "mailman", but the system's mail server executed the mail script as group
 >      "nobody".  Try tweaking the mail server to run the script as group
 >      "mailman", or re-run configure,  providing the command line option
 >      `--with-mail-gid=nobody'.

I would bet a week's worth of beer that the Mailman installation has
been upgraded recently, and they forgot to give the wrapper program
sgid privilege and/or forgot to give it group "mailman".

It's also possible that the actual problem is with the mail server,
but usually mail servers are not given sufficient permissions to run
other programs as arbitrary users or groups.

To fix it, run the bin/check_perms program in the Mailman installation
to see if I'm correct.  If I am, run "bin/check_perms -f" to actually
make the necessary changes.

Of course you need to have root permission on the Mailman host to do
this.

From lstone19 at stonejongleux.com  Fri May  9 13:36:44 2014
From: lstone19 at stonejongleux.com (Larry Stone)
Date: Fri, 9 May 2014 06:36:44 -0500
Subject: [Mailman-Users] Can Someone Explain This?
In-Reply-To: <536C7EE3.5030100@att.net>
References: <536C7EE3.5030100@att.net>
Message-ID: <52D9A48E-B1D9-4B4D-BCE0-72C20161A6FA@stonejongleux.com>


On May 9, 2014, at 2:08 AM, sherwin <sherwindu at att.net> wrote:

> I am recently having trouble posting messages to Ibiblio from my
> AT&T mail account.  There have been issues lately with AOL and
> Yahoo changing their headers, but I was not affected by this.
> 
> My email postings to Ibiblio are being rejected with the following error:

?

> <midfex at lists.ibiblio.org>: Command died with status 2:
>    "/usr/lib/mailman/mail/mailman post midfex". Command output: Group mismatch
>    error.  Mailman expected the mail wrapper script to be executed as group
>    "mailman", but the system's mail server executed the mail script as group
>    "nobody".  Try tweaking the mail server to run the script as group
>    "mailman", or re-run configure,  providing the command line option
>    `--with-mail-gid=nobody'.
> 
> How can this be fixed?

I assume you are just a user of a list at ibiblio.org? If so, you can?t fix it. Ibiblio.org has Mailman installed incorrectly. They need to install it correctly. This problem affects all lists managed by this Mailman installation so I assume you have also not been receiving any postings from this list.

-- 
Larry Stone
lstone19 at stonejongleux.com
http://www.stonejongleux.com/




From jdanield at free.fr  Fri May  9 14:29:39 2014
From: jdanield at free.fr (jdd)
Date: Fri, 09 May 2014 14:29:39 +0200
Subject: [Mailman-Users] Can Someone Explain This?
In-Reply-To: <52D9A48E-B1D9-4B4D-BCE0-72C20161A6FA@stonejongleux.com>
References: <536C7EE3.5030100@att.net>
 <52D9A48E-B1D9-4B4D-BCE0-72C20161A6FA@stonejongleux.com>
Message-ID: <536CCA33.1040602@free.fr>

Le 09/05/2014 13:36, Larry Stone a ?crit :

> I assume you are just a user of a list at ibiblio.org? If so, you can?t fix
> it. Ibiblio.org has Mailman installed incorrectly. They need to install it
> correctly. This problem affects all lists managed by this Mailman
> installation so I assume you have also not been receiving any postings from
> this list.
>
ibiblio admins use to be very reactive, open a ticket...

jdd

-- 
http://www.dodin.org

From Kevin at RawFedDogs.net  Fri May  9 16:03:28 2014
From: Kevin at RawFedDogs.net (Kevin Monceaux)
Date: Fri, 9 May 2014 09:03:28 -0500
Subject: [Mailman-Users] Private Archives Aren't Private
In-Reply-To: <201405081911.s48JBpLF014588@sharky2.deepsoft.com>
References: <20140507201413.GA327@RawFedDogs.net>
 <201405081911.s48JBpLF014588@sharky2.deepsoft.com>
Message-ID: <20140509140328.GB11077@RawFedDogs.net>

On Thu, May 08, 2014 at 03:11:51PM -0400, Robert Heller wrote:
 
> Are you logged in as the list admin?  That is, is the cookie that was created 
> the last time you logged in still active?

No.  I had an Alias in my Apache virtual host configuration that was
bypassing the mailman CGI script when accessing the private archives.  I
think it was something I added when trying to figure out a private archive
directory permission problem.  Removing the Alias fixed the problem.



-- 

Kevin
http://www.RawFedDogs.net
http://Lassie.RawFedDogs.net
http://www.WacoAgilityGroup.org
Bruceville, TX

What's the definition of a legacy system? One that works!
Errare humanum est, ignoscere caninum.

From fmouse at fmp.com  Fri May  9 18:08:07 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Fri, 09 May 2014 11:08:07 -0500
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <536BDE36.2090509@wingfoot.org>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp> <536BDE36.2090509@wingfoot.org>
Message-ID: <1399651687.2307.52.camel@ubuntu>

On Thu, 2014-05-08 at 15:42 -0400, Glenn Sieb wrote:
> If I felt what my users were asking for was unreasonable, I wouldn't
> have bothered to bring it here. They'd *like* to see who's posting so if
> they *choose* to reply privately they can. In the past, this was easy
> enough. The From: line was there with the OP's email address. Now, as
> far as I can tell, depending on the MUA the *poster* uses, there *might*
> be two Reply-Tos--one with the OP email, one with the list address. But
> that's not reliable, as it doesn't happen for ALL posters.
> 
> Hell, even a munged From: like:
> 
> "ges+lists at wingfoot dot org via Mailman-Users
> <mailman-users at python.org>"
> 
> would be a vast improvement over:
> 
> "ges+lists--- via Mailman-Users <mailman-users at python.org>"

I'm not as knowledgeable as Stephen or Mark, but I've been working with
Internet email since the early 90s or so and have read the founding
RFCs.  One of the principles underlying the design of the Internet email
system is that information should never be intentionally abandoned.
Nothing gets dumped into the cosmic bit bucket, neither header
information nor content, and NDRs and DSNs keep the sender appraised of
problems with delivery.  This has been a strong argument against munging
of Reply-To headers going back quite a few years.  Information may be
_added_ by a component in the delivery chain (and generally is) but not
deleted.

Arguably, the correct response to DMARC filtering _should_ be the MIME
encapsulation of list mail, with appropriate RFC 2369 headers added to
the enclosing MIME structure leaving the content un-munged, with all
information from the original poster intact.  Arguably, MUAs should be
transparent to this.  Arguably, this would have been the best design for
the operation of mailing lists in email-space from the git-go.

We're stuck in the Real World, however, where Apple and probably other
MUA authors and designers have cut corners in design and we're forced
into a corner where information loss of some sort is imposed on us.
From: header munging is decidedly ugly!  It's perhaps the least ugly
solution that still works reliably to deliver content to _everyone_ even
though the information loss limits choice on the receiving end.

Your suggested partial solution ("ges+lists at wingfoot dot org via
Mailman-Users ...") is also ugly, but given the situation we're in at
this point, IMHO it has merit and should be worth some consideration in
the design of Mailman.  What goes into an address comment is, or should
be, purely informational on a human level, and ignored on a
computational level.  Whether or not it would would confuse people is
another matter.  It ain't the kinder, gentler Internet I jumped into
back in 1994!

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |




From dave.lists at nathanson.org  Thu May  8 23:34:16 2014
From: dave.lists at nathanson.org (Dave Nathanson)
Date: Thu, 8 May 2014 14:34:16 -0700
Subject: [Mailman-Users] Reply-To Munging - Feature Request
In-Reply-To: <536BE0F6.3070809@msapiro.net>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp> <536BDE36.2090509@wingfoot.org>
 <536BE0F6.3070809@msapiro.net>
Message-ID: <2E95A207-3042-4711-AD69-35D50EF668B7@nathanson.org>

I appreciate that the MailMan team is awesome & doing the best that can be expected given the new DMARC restrictions being forced on us all. Thanks guys! 

FEATURE REQUEST: 
A setting to configure the new "From" line. Instead of 
FROM: Author_Name via ListName <ListName at lists.example.com>

I want to request that MailMan let the list admin config the text after the author's name in the FROM line. I would use this setting to say:
FROM: Author_Name via Club Name <ListName at example.com>   
 * substituted test string "Club Name" for "List Name"
 * substituted explicit reply_to_address instead of list address. 

More details: 

DreamHost just installed 2.1.17 so that's what I have to work with. I don't know why they didn't go all the way to the newest version this week. 

My email lists are served from a sub-domain that I don't use for anything except lists. lists.example.com That is a given, not my option. 

I have things figured out as well as can be for my situation. 
The settings we are going to use are:
   reply_goes_to_list = Explicit address
   reply_to_address = everybody at example.com  (as opposed to everybody at lists.example.com )
   from_is_list  = Mung From
   first_strip_reply_to  = Yes

The only difference is from_is_list = Mung From. The other settings are the same as before DEMARC. 

This makes it almost as good as before Yahoo ruined all mailing lists worldwide. 


Differences before & After DEMARC
BEFORE:
FROM: Author_Name <Author at example.com>
TO: ListName <everybody at example.com>
REPLY-TO: ListName <everybody at example.com>

We liked it like that. Everything was fine. 

AFTER DEMARC, using the best settings for us that we can:

FROM: Author_Name via ListName <everybody at lists.example.com>
TO: ListName <everybody at example.com>
REPLY-TO: ListName <everybody at example.com>

This is *pretty good* except that 
* I don't like the "via list name" in the from header, even though I understand that is the new reality. 
* I don't like the lack of an author email address. 

I also tried: 
first_strip_reply_to  = No
But that means a normal reply will go to both the list & the author. So the author will get 2 copies, and I don't feel that is desirable, even though it seems to be the only way to include the author's email address. 

FEATURE REQUEST: 
A setting to control the new "From" line. Instead of FROM: Author_Name via ListName <everybody at lists.example.com>
I want to request that it offer the option to let the list admin config what goes there after the author's name. I would use this setting to say:
FROM: Author_Name via Club Name <everybody at example.com>   
  substituted "Club Name" for "List Name", and used 
  explicit reply_to_address instead of list address. 

Best, 
 Dave Nathanson
 Mac Medix


From billc_lists at greenbuilder.com  Fri May  9 19:46:42 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Fri, 09 May 2014 12:46:42 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536BB8B1.4040808@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
Message-ID: <536D1482.5000006@greenbuilder.com>

On 5/8/14 12:02 PM, Mark Sapiro wrote:
> On 05/08/2014 09:31 AM, Bill Christensen wrote:
>> Question 1: Is it possible to reverse the order of approval and
>> confirmation when requiring both?  The admin then can reject all those
>> with duplicates, only allowing the (presumably real) single subscription
>> requests to send out a confirmation request.
>
> It would require significant code changes.
>
>
>> If so, how would that be done?
>>
>> Question 2: Any other suggestions on how to handle this?
>>
>> Currently running mailman 2.1.13_0 (Next stop is to MacPorts list to see
>> if the maintainer will update the port to the latest version)
>
> There are mitigations which may help in Mailman 2.1.16. See
> <https://bugs.launchpad.net/mailman/+bug/1082746>.
>
Ok, great.

I temporarily removed the signup form from the listinfo page in hopes of 
stemming the tide, and replaced it with a request to use the site's 
contact form so that we can manually add interested subscribers.  I 
purposely don't have a subscribe email address set up for this list.  
But somehow they're still coming in - another 1300+ since yesterday.

What other holes can I plug?

Thanks.

From mark at msapiro.net  Fri May  9 20:25:38 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 09 May 2014 11:25:38 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D1482.5000006@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com>
Message-ID: <536D1DA2.3050609@msapiro.net>

On 05/09/2014 10:46 AM, Bill Christensen wrote:
> 
> I temporarily removed the signup form from the listinfo page in hopes of
> stemming the tide, and replaced it with a request to use the site's
> contact form so that we can manually add interested subscribers.  I
> purposely don't have a subscribe email address set up for this list. 
> But somehow they're still coming in - another 1300+ since yesterday.


They probably aren't using the subscribe form on the listinfo page but
rather posting the data directly to the subscribe CGI. Try moving
mailman's cgi-bin/subscribe aside to totally disable web subscribe.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Fri May  9 21:01:16 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 10 May 2014 04:01:16 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <1399651687.2307.52.camel@ubuntu>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536BDE36.2090509@wingfoot.org> <1399651687.2307.52.camel@ubuntu>
Message-ID: <87fvkihj43.fsf@uwakimon.sk.tsukuba.ac.jp>

Lindsay Haisley writes:

 > What goes into an address comment is, or should be, purely
 > informational on a human level, and ignored on a computational
 > level.

Unfortunately, we can't depend on that:

   There are a few possible mechanisms that attempt mitigation of
   [display name] attacks, such as:

   o  If the display name is found to include an email address (as
      specified in [MAIL]), execute the DMARC mechanism on the domain
      name found there rather than the domain name discovered
      originally.

DMARC draft, sec. 15.2.  This is discussion of matters outside the
scope of DMARC itself, not a normative specification, and the document
itself says there are legitimate uses of email addresses in display
names (or comments).  But that hasn't stopped the spam-fighters in the
past; it may not stop them this time.  AFAICS, putting an address from
a DMARC domain anywhere in the mail leaves you subject to a possible
DMARC reject unless you satisfy "from alignment" for that domain
exactly as specified in DMARC.

That's not implemented by anyone now, and may never be.  And
obfuscating the address as in the OP may help, but for my previous
work address that would be

    stephen dot turnbull dot 1 at econ dot ohio-state dot edu

which is 57 characters.  You pays your money and you takes your
choice, I guess.


From stephen at xemacs.org  Fri May  9 21:10:53 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 10 May 2014 04:10:53 +0900
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D1DA2.3050609@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
Message-ID: <87eh02hio2.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > They probably aren't using the subscribe form on the listinfo page but
 > rather posting the data directly to the subscribe CGI. Try moving
 > mailman's cgi-bin/subscribe aside to totally disable web subscribe.

Yeah, this seems like a different attack from the last one I heard
about (a CGI on a 3rd party site that would sign the victim up for
about 400 *different* MLs), but that one also hit the subscribe URL
directly.

How hard would it be to use security-by-obscurity, ie, to just move
the subscribe URL to a different location and change the links on the
subscribe pages?

From billc_lists at greenbuilder.com  Fri May  9 21:12:57 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Fri, 09 May 2014 14:12:57 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D1DA2.3050609@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
Message-ID: <536D28B9.3060209@greenbuilder.com>

On 5/9/14 1:25 PM, Mark Sapiro wrote:
> On 05/09/2014 10:46 AM, Bill Christensen wrote:
>> I temporarily removed the signup form from the listinfo page in hopes of
>> stemming the tide, and replaced it with a request to use the site's
>> contact form so that we can manually add interested subscribers.  I
>> purposely don't have a subscribe email address set up for this list.
>> But somehow they're still coming in - another 1300+ since yesterday.
>
> They probably aren't using the subscribe form on the listinfo page but
> rather posting the data directly to the subscribe CGI. Try moving
> mailman's cgi-bin/subscribe aside to totally disable web subscribe.
>
I expect that will affect my other lists as well, no?

Is there a way that I can just have it affect this one problematic 
list?  If I change the name of cgi-bin/subscribe and any references to 
it (at least until the next update), do you think that will make a 
difference?

From fmouse at fmp.com  Fri May  9 21:54:24 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Fri, 09 May 2014 14:54:24 -0500
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <87fvkihj43.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp> <536BDE36.2090509@wingfoot.org>
 <1399651687.2307.52.camel@ubuntu>
 <87fvkihj43.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <1399665264.2730.22.camel@ubuntu>

On Sat, 2014-05-10 at 04:01 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
> 
>  > What goes into an address comment is, or should be, purely
>  > informational on a human level, and ignored on a computational
>  > level.
> 
> Unfortunately, we can't depend on that:

The operational term is "or should be" :/

> DMARC draft, sec. 15.2.  This is discussion of matters outside the
> scope of DMARC itself, not a normative specification, and the document
> itself says there are legitimate uses of email addresses in display
> names (or comments).  But that hasn't stopped the spam-fighters in the
> past; it may not stop them this time.  AFAICS, putting an address from
> a DMARC domain anywhere in the mail leaves you subject to a possible
> DMARC reject unless you satisfy "from alignment" for that domain
> exactly as specified in DMARC.
> 
> That's not implemented by anyone now, and may never be.  And
> obfuscating the address as in the OP may help, but for my previous
> work address that would be
> 
>     stephen dot turnbull dot 1 at econ dot ohio-state dot edu
> 
> which is 57 characters.  You pays your money and you takes your
> choice, I guess.

DMARC is ugly, as AOL and Yahoo are using it.  From: header munging is
ugly.  Ugly begets ugly when agreements start to break down.  All we can
do is ride with it and hope that smart people with cool heads and a
sense of the real value of a smoothly working Internet to the larger
community will ultimately prevail.  I'm not overly optimistic at this
point.  AFAICS, this just another aspect of the general abandonment of
net neutrality, one which has come in under the radar of the nightly
news.

A nice fix, albeit probably total pie-in-the-sky, would be the
establishment of a MIME Content-Type: multipart/list-post, a variation
on (or extension of) mulpart/mixed.  MUAs SHOULD (in the RFC 2119 sense)
effectively hide the outermost enclosing MIME envelope with this
Content-Type and present the contents according to rules that would
apply were the enclosing MIME envelope not there.  As far as the mail
system is concerned, the headers on the envelope are the effective ones.
As far as the MUA is concerned, for presentation purposes, the envelope
content is what counts.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From heller at deepsoft.com  Fri May  9 22:01:49 2014
From: heller at deepsoft.com (Robert Heller)
Date: Fri, 9 May 2014 16:01:49 -0400
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D1482.5000006@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com> 
 <536BB8B1.4040808@msapiro.net> <536D1482.5000006@greenbuilder.com>
Message-ID: <201405092001.s49K1nnB028467@sharky2.deepsoft.com>

At Fri, 09 May 2014 12:46:42 -0500 Bill Christensen <billc_lists at greenbuilder.com> wrote:

> 
> On 5/8/14 12:02 PM, Mark Sapiro wrote:
> > On 05/08/2014 09:31 AM, Bill Christensen wrote:
> >> Question 1: Is it possible to reverse the order of approval and
> >> confirmation when requiring both?  The admin then can reject all those
> >> with duplicates, only allowing the (presumably real) single subscription
> >> requests to send out a confirmation request.
> >
> > It would require significant code changes.
> >
> >
> >> If so, how would that be done?
> >>
> >> Question 2: Any other suggestions on how to handle this?
> >>
> >> Currently running mailman 2.1.13_0 (Next stop is to MacPorts list to see
> >> if the maintainer will update the port to the latest version)
> >
> > There are mitigations which may help in Mailman 2.1.16. See
> > <https://bugs.launchpad.net/mailman/+bug/1082746>.
> >
> Ok, great.
> 
> I temporarily removed the signup form from the listinfo page in hopes of 
> stemming the tide, and replaced it with a request to use the site's 
> contact form so that we can manually add interested subscribers.  I 
> purposely don't have a subscribe email address set up for this list.  
> But somehow they're still coming in - another 1300+ since yesterday.
> 
> What other holes can I plug?

If you can determine the originating IP address (hint: look in Apache's
access_log), you can edit the mailman.conf file in /etc/http/conf.d and add in
a <limit> container with 'DENY *ip address*' lines -- the ip address given to
DENY can be a CIDR expression (w.x.y.z/n), allowing you to block whole
subnets (often the spammers just jump from machine to machine when one IP 
address is blocked or sometimes just have a cluster of machines pounding on 
the 'victim'). 

Also, it might make sense to install fail2ban and set up a filter for these 
requests and have fail2ban firewall the offensive IP addresses.

These spammers are not actually using the signup form -- removing the form has
no meaningful effect, once someone has gonked the CGI parameters and action
URL and since Mailman is open source, the CGI parameters and action URL are
published info and they just need to plug in your hostname and the list name
-- there is probably a program out there that takes these two parameters and
then 'randomly' generates *lots* subscription requests as a form of DDoS
attack. You *could* remove Execute bit from the CGI script / program that
handles that action. This will result in a 500 error from Apache and
effectively kills any possibility for anyone to sign up for any list served by
your server. Yes, extreme, but effective. Still, the best option is to firewall 
the spammers, either with an Apache DENY statement or using fail2ban.  

> 
> Thanks.
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                                                                                    

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                                                                                  

From heller at deepsoft.com  Fri May  9 22:01:53 2014
From: heller at deepsoft.com (Robert Heller)
Date: Fri, 9 May 2014 16:01:53 -0400
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D28B9.3060209@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com> 
 <536BB8B1.4040808@msapiro.net> <536D1482.5000006@greenbuilder.com> 
 <536D1DA2.3050609@msapiro.net> <536D28B9.3060209@greenbuilder.com>
Message-ID: <201405092001.s49K1rXJ028481@sharky2.deepsoft.com>

At Fri, 09 May 2014 14:12:57 -0500 Bill Christensen <billc_lists at greenbuilder.com> wrote:

> 
> On 5/9/14 1:25 PM, Mark Sapiro wrote:
> > On 05/09/2014 10:46 AM, Bill Christensen wrote:
> >> I temporarily removed the signup form from the listinfo page in hopes of
> >> stemming the tide, and replaced it with a request to use the site's
> >> contact form so that we can manually add interested subscribers.  I
> >> purposely don't have a subscribe email address set up for this list.
> >> But somehow they're still coming in - another 1300+ since yesterday.
> >
> > They probably aren't using the subscribe form on the listinfo page but
> > rather posting the data directly to the subscribe CGI. Try moving
> > mailman's cgi-bin/subscribe aside to totally disable web subscribe.
> >
> I expect that will affect my other lists as well, no?

Yes.

> 
> Is there a way that I can just have it affect this one problematic 
> list?  If I change the name of cgi-bin/subscribe and any references to 
> it (at least until the next update), do you think that will make a 
> difference?

Maybe.  Maybe not.  If the spammer's are clever enough, they could just go 
back to the form (or the form on one of the other lists served by your server) 
and find the new name for the subscribe script by looking at the <form> tag.

You *best* option would be to firewall the offending IP address from which the 
attack is comming.  It is *very* likely that these attacks are coming from 
China or someplace where your legit subscriber base is not going to be coming 
from, so blocking the IP address(es) (or subnet(s)) won't affect legit 
subscribion requests.  This is done in the mailman.conf file in the 
/etc/httpd/conf.d/ directory (or possibly in an .htaccess file in Mailman's 
cgibin directory, if AllowOverride is YES).  Or use fail2ban to use iptables 
to block IP addresses that issue too many subscribe requests.  fail2ban is 
very effective at dealing with *any* sort of brute force attach.

> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                                                                                                              

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                 

From mark at msapiro.net  Fri May  9 22:19:12 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 09 May 2014 13:19:12 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D28B9.3060209@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com>
Message-ID: <536D3840.8030207@msapiro.net>

On 05/09/2014 12:12 PM, Bill Christensen wrote:
> 
> Is there a way that I can just have it affect this one problematic
> list?  If I change the name of cgi-bin/subscribe and any references to
> it (at least until the next update), do you think that will make a
> difference?


It seems to me the easiest way to do this is to apply the attached patch
to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name
and if you don't want the logging, remove the syslog line.

But as others have suggested, look at your web server logs (or the
subscribe confirmation emails) to get the IP address(es) that are
submitting them. If they all come from a single IP or netblock, block
that with iptables or whatever firewall you have.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
--- subscribe.py	2014-05-09 12:30:58.295498380 -0700
+++ subscribex.py	2014-05-09 13:03:34.567535107 -0700
@@ -54,6 +54,15 @@
         return
 
     listname = parts[0].lower()
+    if listname = 'problem_list':
+        safelistname = Utils.websafe(listname)
+        doc.AddItem(Header(2, _("Error")))
+        doc.AddItem(Bold(_('Web subscribe not allowed <em>%(safelistname)s</em>')))
+        # Send this with a 403 status.
+        print 'Status: 403 Forbidden'
+        print doc.Format()
+        syslog('vette', 'subscribe: Forbidden list "%s": %s\n', listname, e)
+        return
     try:
         mlist = MailList.MailList(listname, lock=0)
     except Errors.MMListError, e:

From mark at msapiro.net  Fri May  9 23:50:10 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 09 May 2014 14:50:10 -0700
Subject: [Mailman-Users] Results of testing posts to yahoogroups from AOL
Message-ID: <536D4D92.1020807@msapiro.net>

I finally got around to testing this. I posted three times to my test
Yahoo group from 'Mark Sapiro <my_aol_address at aol.com>'. One post with
the group set to send replies to the group and one post with the group
set to send replies to the sender and one post with the group set to
send replies to the sender and the group.

In all cases, the posts were sent with

From: "Mark Sapiro my_aol_address at aol.com [my_yahoo_groupname]"
<my_yahoo_groupname at yahoogroups.com>


In the first case (replies to group), there was

Reply-To: <my_yahoo_groupname at yahoogroups.com>

in the post from the group. This seems correct, and my actual address
was in the display name portion of From:

In the second case, there was no Reply-To: in the message meaning a
simple 'reply' was addressed to the From: address which I suppose is
fairly easy to edit to go to me, but without editing, 'reply' goes to
the group which is wrong.

In the third (reply to both) case there is a

Reply-To: my_yahoo_groupname at yahoogroups.com,Mark Sapiro
<my_aol_address at aol.com>

which is correct.

So the bottom line is Yahoo groups does From: header munging when
necessary because of DMARC policies on the From: domain and they manage
Reply-To: well in two cases out of three.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From johnl at taugh.com  Sat May 10 04:13:50 2014
From: johnl at taugh.com (John Levine)
Date: 10 May 2014 02:13:50 -0000
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <1399651687.2307.52.camel@ubuntu>
Message-ID: <20140510021350.55294.qmail@joyce.lan>

>Arguably, the correct response to DMARC filtering _should_ be the MIME
>encapsulation of list mail, with appropriate RFC 2369 headers added to
>the enclosing MIME structure leaving the content un-munged, with all
>information from the original poster intact.  Arguably, MUAs should be
>transparent to this.  Arguably, this would have been the best design for
>the operation of mailing lists in email-space from the git-go.

Unfortunately, this argument falls over when you note that spammers
and phishers can encapsulate their paypal.com phishes and add list
headers, too.  

The correct response is either for senders to stop publishing DMARC
policies that don't match the way their users use mail (fat chance),
or for recipient systems to skip the DMARC checks on mail from sources
that are known to send mail that recipients want but that doesn't
match DMARC's narrow authentication model, e.g., mailing lists and the
Wall Street Journal's mail-an-article button.

Failing that, all we have left is hacks, none of which are satisfactory.

R's,
John


From Richard at Damon-Family.org  Sat May 10 04:27:45 2014
From: Richard at Damon-Family.org (Richard Damon)
Date: Fri, 09 May 2014 22:27:45 -0400
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <20140510021350.55294.qmail@joyce.lan>
References: <20140510021350.55294.qmail@joyce.lan>
Message-ID: <536D8EA1.3070605@Damon-Family.org>

On 5/9/14, 10:13 PM, John Levine wrote:
>> Arguably, the correct response to DMARC filtering _should_ be the MIME
>> encapsulation of list mail, with appropriate RFC 2369 headers added to
>> the enclosing MIME structure leaving the content un-munged, with all
>> information from the original poster intact.  Arguably, MUAs should be
>> transparent to this.  Arguably, this would have been the best design for
>> the operation of mailing lists in email-space from the git-go.
> Unfortunately, this argument falls over when you note that spammers
> and phishers can encapsulate their paypal.com phishes and add list
> headers, too.  
>
> The correct response is either for senders to stop publishing DMARC
> policies that don't match the way their users use mail (fat chance),
> or for recipient systems to skip the DMARC checks on mail from sources
> that are known to send mail that recipients want but that doesn't
> match DMARC's narrow authentication model, e.g., mailing lists and the
> Wall Street Journal's mail-an-article button.
>
> Failing that, all we have left is hacks, none of which are satisfactory.
>
> R's,
> John
>
But the wrapped message could pass the DMARC DKIM signature check, if it
will exactly matchs the message that came from Yahoo/AOL. (which the
phish won't). This says that the List Headers, modified subject, list
headers and footers should be added to the wrapping message, not the
wrapped message, which also says that the MUA shouldn't throw this away,
but combine these with the original message (but in a way that makes it
clear which is which).

-- 
Richard Damon


From stephen at xemacs.org  Sat May 10 04:57:34 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 10 May 2014 11:57:34 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <1399665264.2730.22.camel@ubuntu>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp>
 <536BDE36.2090509@wingfoot.org> <1399651687.2307.52.camel@ubuntu>
 <87fvkihj43.fsf@uwakimon.sk.tsukuba.ac.jp>
 <1399665264.2730.22.camel@ubuntu>
Message-ID: <87d2fmgx29.fsf@uwakimon.sk.tsukuba.ac.jp>

Lindsay Haisley writes:

 > A nice fix, albeit probably total pie-in-the-sky, would be the
 > establishment of a MIME Content-Type: multipart/list-post, a variation
 > on (or extension of) mulpart/mixed.  MUAs SHOULD (in the RFC 2119 sense)
 > effectively hide the outermost enclosing MIME envelope with this
 > Content-Type and present the contents according to rules that would
 > apply were the enclosing MIME envelope not there.  As far as the mail
 > system is concerned, the headers on the envelope are the effective ones.
 > As far as the MUA is concerned, for presentation purposes, the envelope
 > content is what counts.

The problem is that the DMARC people don't give a damn about the mail
system (and the PHBs behind the actions at Yahoo and AOL could care
less in both senses, apparently).  They're entirely concerned with
presentation.

And the technicians who designed DMARC are *right* to be concerned
about presentation, because it is presentation that the crooks use to
hook their prey.  In other words, if we come up with a way to present
mail that doesn't bear their signature[1] "as if" it came straight
from one of their domains, that can be abused by the crooks.

When (not if!) that abuse happens, the forces behind DMARC will come
back and say "Ooooohhhh no!  You can't do THAT!"  And they (the PHBs,
I mean) will break the system again ... and again ... and again.

So, unfortunately, I think there is *no* fix based on presentation.
The only real fix is users who are sophisticated enough to avoid
spammers, which can't be perfect (some people just aren't, and
everybody slips occasionally), but can certainly be enhanced by better
filters.

Well, there's that other fix, the one that involves lists as we love
them joining the dinosaurs. :-(

All-hail-Dave-Hayes-and-the-AI-newsreader!-ly y'rs,



Footnotes: 
[1]  Any list that isn't a pure address exploder will be unable to
maintain the signature.


From stephen at xemacs.org  Sat May 10 04:59:16 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 10 May 2014 11:59:16 +0900
Subject: [Mailman-Users]  Results of testing posts to yahoogroups from AOL
In-Reply-To: <536D4D92.1020807@msapiro.net>
References: <536D4D92.1020807@msapiro.net>
Message-ID: <87bnv6gwzf.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > I finally got around to testing this.

Thanks, Mark!


From stephen at xemacs.org  Sat May 10 05:16:49 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 10 May 2014 12:16:49 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <536D8EA1.3070605@Damon-Family.org>
References: <20140510021350.55294.qmail@joyce.lan>
 <536D8EA1.3070605@Damon-Family.org>
Message-ID: <878uqagw66.fsf@uwakimon.sk.tsukuba.ac.jp>

Richard Damon writes:
 > On 5/9/14, 10:13 PM, John Levine wrote:

 > > The correct response is either for senders to stop publishing DMARC
 > > policies that don't match the way their users use mail (fat chance),
 > > or for recipient systems to skip the DMARC checks on mail from sources
 > > that are known to send mail that recipients want but that doesn't
 > > match DMARC's narrow authentication model, e.g., mailing lists and the
 > > Wall Street Journal's mail-an-article button.

GMail is already doing this, although we don't know the algorithm
precisely.  If GMail continues and others join, ostracism of providers
who continue to use inflexible bouncing policies instead of smart
filters becomes more plausible.

I know that's not satisfactory for people whose lists are populated by
AOL and Yahoo users, but I don't know what to say to them.  Their
users are DoS'ing their mailing lists with their addresses, even if
they don't know it.

 > But the wrapped message could pass the DMARC DKIM signature check, if it
 > will exactly matchs the message that came from Yahoo/AOL. (which the
 > phish won't). This says that the List Headers, modified subject, list
 > headers and footers should be added to the wrapping message, not the
 > wrapped message, which also says that the MUA shouldn't throw this away,
 > but combine these with the original message (but in a way that makes it
 > clear which is which).

Sure (and that is what I intended when I suggested wrapping in the
first place), but (a) MUAs don't support DMARC yet, and all the signs
say that the yahoos will deliberately delay implementing MUAs that do,
and (b) many MUAs don't support wrapped messages well at all.

As John put it,

 >> Failing that, all we have left is hacks, none of which are
 >> satisfactory.

We'll see how the on-going talks at the IETF go.  Some results should
be forthcoming "shortly" (that's hearsay, and I can't say any more
because that's exactly what I was told by a source close to the center
of the process).


From mark at msapiro.net  Sat May 10 06:23:25 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 09 May 2014 21:23:25 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <536D8EA1.3070605@Damon-Family.org>
References: <20140510021350.55294.qmail@joyce.lan>
 <536D8EA1.3070605@Damon-Family.org>
Message-ID: <536DA9BD.4050101@msapiro.net>

On 05/09/2014 07:27 PM, Richard Damon wrote:

> But the wrapped message could pass the DMARC DKIM signature check, if it
> will exactly matchs the message that came from Yahoo/AOL. (which the
> phish won't). This says that the List Headers, modified subject, list
> headers and footers should be added to the wrapping message, not the
> wrapped message, which also says that the MUA shouldn't throw this away,
> but combine these with the original message (but in a way that makes it
> clear which is which).


Just for the record, this is how the Wrap Message action is implemented
in Mailman. I.e. all the stuff Richard mentions is done to the outer
message, not to the message/rfc822 part that is the original message.
The one exception that will break DKIM is content filtering which by
necessity is applied to the original message before it's wrapped. This
is a big one, because I suspect almost all messages from Yahoo users are
multipart/alternative to begin with (and has anyone else noticed what a
horrible job Yahoo does in making the text/plain alternative, but I
digress ...), and many lists collapse alternatives so the DKIM sig will
be broken.

That notwithstanding, as Stephen and others have mentioned, the MUAs to
deal with this are not here and are unlikely to be here anytime soon.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sat May 10 06:38:29 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 09 May 2014 21:38:29 -0700
Subject: [Mailman-Users] Reply-To Munging - Feature Request
In-Reply-To: <2E95A207-3042-4711-AD69-35D50EF668B7@nathanson.org>
References: <53693C53.4030306@wingfoot.org>
 <8738gmjknj.fsf@uwakimon.sk.tsukuba.ac.jp> <536A8D44.80500@wingfoot.org>
 <87iophhu7s.fsf@uwakimon.sk.tsukuba.ac.jp> <536BDE36.2090509@wingfoot.org>
 <536BE0F6.3070809@msapiro.net>
 <2E95A207-3042-4711-AD69-35D50EF668B7@nathanson.org>
Message-ID: <536DAD45.3030407@msapiro.net>

On 05/08/2014 02:34 PM, Dave Nathanson wrote:
> 
> AFTER DEMARC, using the best settings for us that we can:
> 
> FROM: Author_Name via ListName <everybody at lists.example.com>
> TO: ListName <everybody at example.com>
> REPLY-TO: ListName <everybody at example.com>
> 
> This is *pretty good* except that 
> * I don't like the "via list name" in the from header, even though I understand that is the new reality. 
> * I don't like the lack of an author email address. 
> 
> I also tried: 
> first_strip_reply_to  = No
> But that means a normal reply will go to both the list & the author. So the author will get 2 copies, and I don't feel that is desirable, even though it seems to be the only way to include the author's email address. 


Well then you won't like 2.1.18 because it will put the original From:
in Reply-To: even if first_strip_reply_to = Yes, but the author won't
get 2 copies if the author's "Avoid duplicate copies of messages?"
option (nodups in the admin Membership List) is Yes which is the normal
default. The issue however is the author gets the direct reply, not the
list copy which is the only way it can work, but may not be the copy
she'd prefer to get.


> FEATURE REQUEST: 
> A setting to control the new "From" line. Instead of FROM: Author_Name via ListName <everybody at lists.example.com>
> I want to request that it offer the option to let the list admin config what goes there after the author's name. I would use this setting to say:
> FROM: Author_Name via Club Name <everybody at example.com>   
>   substituted "Club Name" for "List Name", and used 
>   explicit reply_to_address instead of list address. 


I'll consider this. It would help to keep my attention if you would
submit this to the tracker at <https://bugs.launchpad.net/mailman/+filebug>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Sat May 10 10:48:58 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Sat, 10 May 2014 18:48:58 +1000
Subject: [Mailman-Users] DMARC and Reply-To lines
	with	from_is_list	munging.
In-Reply-To: <878uqagw66.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <20140510021350.55294.qmail@joyce.lan>
 <536D8EA1.3070605@Damon-Family.org>
 <878uqagw66.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <B34D3DB9-AB64-44A2-B894-2FA2CF3623D3@nuw.org.au>

> On 10 May 2014, at 1:17 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> and (b) many MUAs don't support wrapped messages well at all.

Could somebody please explain this wrapping that's been mentioned a lot? Is this something like "forward as attachment"?

Peter Shute

From cedric at gn.apc.org  Sat May 10 11:31:36 2014
From: cedric at gn.apc.org (Cedric Knight)
Date: Sat, 10 May 2014 10:31:36 +0100
Subject: [Mailman-Users] (postfix &) Results of testing posts to
 yahoogroups from AOL
In-Reply-To: <536D4D92.1020807@msapiro.net>
References: <536D4D92.1020807@msapiro.net>
Message-ID: <536DF1F8.5060005@gn.apc.org>

Hope I'm not going too off-topic here (Yahoo Groups, AOL reject domains,
postfix hack).  Firstly thanks to Mark and everyone who's been thinking
around the DMARC p=reject problem, developing workarounds, talking to
IETF and also Yahoo and AOL to try to keep email working reliably.

On 09/05/14 22:50, Mark Sapiro wrote:
> I finally got around to testing this.

Note that the situation changed the day before you did the test.  There
is an announcement dated 8 May here:
<http://yahoogroups.tumblr.com/post/85163779041/dmarc-related-changes-in-yahoo-groups>
"Following the recent changes in Yahoo DMARC policy to protect users
from email spam, we?ve made changes to how Yahoo Groups sends mails to
members? inboxes. ... With these changes we are addressing
deliverability issues due to DMARC adoption by mail service providers."

Previously it seems aol.com addresses were causing problems for Yahoo
groups, for example
<https://answers.yahoo.com/question/index?qid=20140506105019AADVtNA>.
Also BTW AOL has published p=reject on two other domains:
$ dig +short txt _dmarc.aim.com
"v=DMARC1\; p=reject\; pct=100\; rua=mailto:d at rua.agari.com\;
ruf=mailto:d at ruf.agari.com\;"
$ dig +short txt _dmarc.cs.com
"v=DMARC1\; p=reject\; pct=100\; rua=mailto:d at rua.agari.com\;
ruf=mailto:d at ruf.agari.com\;"

So far I only know of yahoo.com, aol.com, aim.com and cs.com that have
become unusable with standard lists.

> I posted three times to my test
> Yahoo group from 'Mark Sapiro <my_aol_address at aol.com>'. One post with
> the group set to send replies to the group and one post with the group
> set to send replies to the sender and one post with the group set to
> send replies to the sender and the group.
> 
> In all cases, the posts were sent with
> 
> From: "Mark Sapiro my_aol_address at aol.com [my_yahoo_groupname]"
> <my_yahoo_groupname at yahoogroups.com>

Also note that this new rewriting by Yahoo groups applies to all From
addresses, not just AOL.com.  In itself, I've reservations about using
the group posting address.  What if (for example) Reply-To is not
honoured... (see below).  Plus adding the address to the real name is
confusing.

Our listserv is stuck with Debian stable (2.1.15), so I implemented From
rewriting in Postfix.  (In case any Postfix postmaster is interested, a
simple way is creating a cleanup daemon which does header_checks using a
REPLACE rule on the From: line, then applying -o cleanup_service_name to
the smtpd daemon that receives email back from Mailman.)

Anyway, rather than the list address masquerading as the sender's real
name, I thought it best to raise awareness that there's a problem with
the yahoo.com/aol.com address in the From line, so make it very clear at
the start of the real name, and change the address to an auto-responder
with a description of the problem.

/^From: (.+)\@(aol|cs|aim|yahoo)\.com($|>.*| .*)/ REPLACE From:
(broken-address) $1@$2-is-broken.[a domain under my control]$3

Mailman adds a Reply-To, so other than the RFCs, IMHO it's not that
important what the actual address in the From line is, although it
should preserve the original.  So far I've not had complaints from list
owners about the real name rewriting with prefixing the literal
"[broken-address]", but maybe it should be shorter and less ugly.  It
still needs to be prominent, as most users might otherwise not get the
fact that the From address is not the address of the sender and they
shouldn't add it to their address book.  Like Dave Nathanson, I don't
like "via".

> In the first case (replies to group), there was
> 
> Reply-To: <my_yahoo_groupname at yahoogroups.com>
> 
> in the post from the group. This seems correct, and my actual address
> was in the display name portion of From:
> 
> In the second case, there was no Reply-To: in the message meaning a
> simple 'reply' was addressed to the From: address which I suppose is
> fairly easy to edit to go to me, but without editing, 'reply' goes to
> the group which is wrong.

This is clearly a bug, as it doesn't follow the announcement 'When
replying to a Group message, Group ?Reply-To? settings of the Group will
continue to be honored on the Reply compose screen on the web and in
your email service.'

Has caused a Yahoo list owners to complain starting 16 hours ago
<https://answers.yahoo.com/dir/index?sid=396546285>.  Among other
things, it increases list traffic, presents privacy problems, and can
get a list address automatically added to a users' address book under
the wrong name.  Doesn't really inspire confidence in Yahoo, I'm afraid.

> 
> In the third (reply to both) case there is a
> 
> Reply-To: my_yahoo_groupname at yahoogroups.com,Mark Sapiro
> <my_aol_address at aol.com>
> 
> which is correct.
> 
> So the bottom line is Yahoo groups does From: header munging when
> necessary because of DMARC policies on the From: domain and they manage
> Reply-To: well in two cases out of three.

2 out of 3 is quite bad if it's *your* Yahoo list that's supposed to be
set to Reply-To sender.  Another weird thing I've seen is occasional
email From @aol.com that wasn't DKIM signed, which breaks forwarding
because it doesn't pass SPF either.  Meanwhile, I don't see DMARC having
an impact on phishing, at least not one that phishers can't easily adapt to.

DMARC.org links to
http://blog.threadable.com/how-threadable-solved-the-dmarc-problem which
says  "Was this the right thing for Yahoo to do?  Not a chance. A
restricted DMARC policy makes sense for domains on which phishing is a
serious risk, and *who are not also email service providers*.  Because
lists tend to unsubscribe addresses that generate bounces, Yahoo is not
only breaking email for their own customers, but for everyone else."

I'm still hoping Yahoo and AOL aren't waiting to save face to reverse
their policy.  I do wonder if some major list provider or owner might
sue them for causing them to lose lots of list subscribers.

All best wishes

CK

From fmouse at fmp.com  Sat May 10 16:38:51 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sat, 10 May 2014 09:38:51 -0500
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <20140510021350.55294.qmail@joyce.lan>
References: <20140510021350.55294.qmail@joyce.lan>
Message-ID: <1399732731.2107.38.camel@ubuntu>

On Sat, 2014-05-10 at 02:13 +0000, John Levine wrote:
> >Arguably, the correct response to DMARC filtering _should_ be the MIME
> >encapsulation of list mail, with appropriate RFC 2369 headers added to
> >the enclosing MIME structure leaving the content un-munged, with all
> >information from the original poster intact.  Arguably, MUAs should be
> >transparent to this.  Arguably, this would have been the best design for
> >the operation of mailing lists in email-space from the git-go.
> 
> Unfortunately, this argument falls over when you note that spammers
> and phishers can encapsulate their paypal.com phishes and add list
> headers, too.  

There are no headers, except the local mail server's Received header,
that can't be spoofed.  The point here is that currently the response of
MUAs to Content-Type: multipart/mixed or Content-Type: multipart/rfc822
varies widely, so that the Mailman option of "Wrap Message" becomes
problematic for some recipients.  My iPhone deals with it, but opening
the actual content containing the list post requires an extra step.
Some MUAs, such as Evolution, open the contained email by default,
presenting a double set of headers - those of the wrapper and those of
the contents.  What I'm suggesting is functionally, from the point of
view of DMARC, identical to Mailman's current "Wrap Message" method, but
would standardize the way contents are presented, eliminating a bit of
the geekyness which some MUAs require.  

Stephen's point, and yours too as I take it, is that making it too easy
and transparent to read wrapped email essentially legitimizes the social
misbehavior of ESPs which have implemented DMARC, and Stephen has
underlined the pie-in-the-sky-ness of the idea by pointing out that it
will be a sub-zero day in Hell when the authors of MUAs would go along
with such an idea.  

As an email system administrator I've watched a lot of misbegotten
attempts on the part of a lot of ESPs to fight spam and phishing, many
of them breaking email (and email RFCs) in the process.  It seems to me
though, that adding a largely transparent extra layer of MIME
encapsulation to email, with a predictable result on the MUA end, would
be a good point from which to start.  It's analogous to double-boxing
delicate items when shipping them. 

> The correct response is either for senders to stop publishing DMARC
> policies that don't match the way their users use mail (fat chance),
> or for recipient systems to skip the DMARC checks on mail from sources
> that are known to send mail that recipients want but that doesn't
> match DMARC's narrow authentication model, e.g., mailing lists and the
> Wall Street Journal's mail-an-article button.
> 
Agreed, but in the Real World spam and phishing have been persistent
problems since the early 90s.  The fundamental problem is the shifting
of the cost of email onto the receiver, and no method yet devised has
successfully dealt with it.  The original email protocols, starting with
RFC 822, didn't anticipate it.  It is quite arguable that DMARC contains
some sensible and effective elements to address the issue of email
authentication, which is ultimately where the whole process needs to go.
This is quite apart from the ham-handed attack on network neutrality
demonstrated by the present implementation of it by Yahoo and AOL.  As
Stephen (I think) pointed out, the use of DMARC by PayPal and a number
of banks is the correct way that it should be used.  As you rightly
point out, recipient systems should skip the DMARC checks on mail from
sources that are known to send mail that recipients want but that
doesn't match DMARC's narrow authentication model.  Nonetheless a narrow
authentication model of some sort may be what's needed here.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From mark at msapiro.net  Sat May 10 16:39:01 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 10 May 2014 07:39:01 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines
	with	from_is_list	munging.
In-Reply-To: <B34D3DB9-AB64-44A2-B894-2FA2CF3623D3@nuw.org.au>
References: <20140510021350.55294.qmail@joyce.lan>
 <536D8EA1.3070605@Damon-Family.org>
 <878uqagw66.fsf@uwakimon.sk.tsukuba.ac.jp>
 <B34D3DB9-AB64-44A2-B894-2FA2CF3623D3@nuw.org.au>
Message-ID: <536E3A05.7030903@msapiro.net>

On 05/10/2014 01:48 AM, Peter Shute wrote:
> 
> Could somebody please explain this wrapping that's been mentioned a lot? Is this something like "forward as attachment"?


It's exactly like forward as attachment.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Sat May 10 23:07:23 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Sun, 11 May 2014 07:07:23 +1000
Subject: [Mailman-Users] DMARC and Reply-To
	lines	with	from_is_list	munging.
In-Reply-To: <536E3A05.7030903@msapiro.net>
References: <20140510021350.55294.qmail@joyce.lan>
 <536D8EA1.3070605@Damon-Family.org>
 <878uqagw66.fsf@uwakimon.sk.tsukuba.ac.jp>
 <B34D3DB9-AB64-44A2-B894-2FA2CF3623D3@nuw.org.au>
 <536E3A05.7030903@msapiro.net>
Message-ID: <BB6E3E34-9988-4AF1-B459-A949B243DA18@nuw.org.au>

> On 11 May 2014, at 12:39 am, "Mark Sapiro" <mark at msapiro.net> wrote:
> 
>> On 05/10/2014 01:48 AM, Peter Shute wrote:
>> 
>> Could somebody please explain this wrapping that's been mentioned a lot? Is this something like "forward as attachment"?
> 
> 
> It's exactly like forward as attachment.

Thanks for clarifying that. Someone pointed out that their iPhone handles it ok, but that it's an extra step to open the wrapped message. Same on my iPad, but the wrapped message then opens in an iPhone sized window. Better than nothing, but very inconvenient for long messages.

Outlook handles it ok once you open the attached message, but I had an unfortunate experience with one of these. A moderator forwarded a moderation alert to a separate moderators' list for discussion among moderators. I open the attached list message, then forgot there'd been that extra step and did a Reply All with a moderation comment querying the sender's motives, which then went to the main list instead of the moderators. I spent the rest of the evening explaining myself.

I think there's too much room for similar kinds of confusion with wrapping. I'd rather use  forwarding as a quoted message, with an explanation at the top. This is what we're doing manually for our Yahoo and AOL users now, and people seem ok with it.

Peter Shute

From mark at msapiro.net  Sun May 11 06:08:26 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 10 May 2014 21:08:26 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines	with	from_is_list
	munging.
In-Reply-To: <BB6E3E34-9988-4AF1-B459-A949B243DA18@nuw.org.au>
References: <20140510021350.55294.qmail@joyce.lan>
 <536D8EA1.3070605@Damon-Family.org>
 <878uqagw66.fsf@uwakimon.sk.tsukuba.ac.jp>
 <B34D3DB9-AB64-44A2-B894-2FA2CF3623D3@nuw.org.au>
 <536E3A05.7030903@msapiro.net>
 <BB6E3E34-9988-4AF1-B459-A949B243DA18@nuw.org.au>
Message-ID: <536EF7BA.5090304@msapiro.net>

On 05/10/2014 02:07 PM, Peter Shute wrote:
> 
> Thanks for clarifying that. Someone pointed out that their iPhone handles it ok, but that it's an extra step to open the wrapped message. Same on my iPad, but the wrapped message then opens in an iPhone sized window. Better than nothing, but very inconvenient for long messages.


When on April 6 I enabled Wrap Message on my lists I started to get
these kinds of complaints. Some who had this experience were OK with
adapting to it, but others didn't want it so after a day or so with Wrap
Message, I went to Munge From. Now I see occasional misdirected replies
from users whose MUAs apparently don't always handle the Reply-To: correctly

In fact, my own Apple Mail 4.2 on OS X 10.6 is randomly broken. I don't
use this MUA regularly, but I have it on one machine, and when I look at
messages from my lists, it will sometimes display the Reply-To: header
and 'reply' will be addressed to the addresses therein. Other times, it
will not display the Reply-To: header and 'reply' will be addressed to
the address in the From: header, yet if I examine the raw headers, the
Reply-To: is there and I have so far not been able to determine what the
difference is that makes it fail to 'see' the header sometimes.

Bottom line - all these mitigations have issues for reading, replying or
both.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From turnbull at sk.tsukuba.ac.jp  Sun May 11 11:28:03 2014
From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Sun, 11 May 2014 18:28:03 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <1399732731.2107.38.camel@ubuntu>
References: <20140510021350.55294.qmail@joyce.lan>
 <1399732731.2107.38.camel@ubuntu>
Message-ID: <8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>

Lindsay Haisley writes:

 > Stephen's point, and yours too as I take it, is that making it too easy
 > and transparent to read wrapped email essentially legitimizes the social
 > misbehavior of ESPs which have implemented DMARC, and Stephen has
 > underlined the pie-in-the-sky-ness of the idea by pointing out that it
 > will be a sub-zero day in Hell when the authors of MUAs would go along
 > with such an idea.

Legitimizing the ESPs does bother me, but that wasn't my point, and I
think it probably wasn't John's either.  My point was that anything
that makes it appear that a message whose DKIM signature doesn't
verify is actually from the user assigned that address can be emulated
by spammers.  That will cause these same ESPs to try to prevent that
from happening, and the cycle starts again.

The MUA authors (at least the MUAs I use ;-) will catch up by the
way.  Some already do, actually.


From fmouse at fmp.com  Sun May 11 20:24:16 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sun, 11 May 2014 13:24:16 -0500
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
 munging.
In-Reply-To: <8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <20140510021350.55294.qmail@joyce.lan>
 <1399732731.2107.38.camel@ubuntu>
 <8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <1399832656.1908.24.camel@ubuntu>

On Sun, 2014-05-11 at 18:28 +0900, Stephen J. Turnbull wrote:
> Legitimizing the ESPs does bother me, but that wasn't my point, and I
> think it probably wasn't John's either.  My point was that anything
> that makes it appear that a message whose DKIM signature doesn't
> verify is actually from the user assigned that address can be emulated
> by spammers.  That will cause these same ESPs to try to prevent that
> from happening, and the cycle starts again.

That's true, but what I suggested is, or should be simpler than that,
and is fundamentally no different from what Mailman does now with
wrapping.  The points are:

1)  implementation of a MIME multipart standard _specifically_ for the
purpose of wrapping emails would be a good idea.  The result would be
not so much the visual elimination of information from a message but a
standardization of MUA presentation so as to avoid putting off non-tech
people.  No effort need be made to make a message appear that it's
something that it's not, or to disguise the presence or absence of DKIM
verification.

2)  the observation that such encapsulation, and a uniform way of
handling and presenting it, may be a way forward if ANY methods of
sender authentication become widespread, which IMHO is likely.  If the
industry requires standards and the IETF standards process doesn't keep
up, the result is, and always has been, fragmented standards (a.k.a. no
standards).  Case in point: the non-standardization of HTML enhancement
for email. 

> The MUA authors (at least the MUAs I use ;-) will catch up by the
> way.  Some already do, actually.
> 
I would guess that Xemacs VM isn't for the technologically faint of
heart ;)

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From fmouse at fmp.com  Sun May 11 21:04:39 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Sun, 11 May 2014 14:04:39 -0500
Subject: [Mailman-Users] Yahoo forced browser update?
Message-ID: <1399835079.1908.44.camel@ubuntu>

Does anyone know anything about this?  And are there any connections
between this forced browser update and Yahoo's DMARC implementation?

http://yahoomail.tumblr.com/post/85155936276/an-update-to-yahoo-mails-supported-browser-policy

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From brennan at columbia.edu  Sun May 11 21:12:55 2014
From: brennan at columbia.edu (Joseph Brennan)
Date: Sun, 11 May 2014 15:12:55 -0400
Subject: [Mailman-Users] Yahoo forced browser update?
In-Reply-To: <1399835079.1908.44.camel@ubuntu>
References: <1399835079.1908.44.camel@ubuntu>
Message-ID: <EEFFB128A89B0BF9EF9843EA@JOSEPHs-iMac.local>


Lindsay Haisley <fmouse at fmp.com> wrote:

> Does anyone know anything about this?  And are there any connections
> between this forced browser update and Yahoo's DMARC implementation?
>
> 
http://yahoomail.tumblr.com/post/85155936276/an-update-to-yahoo-mails-supported-browser-policy


1- Google Apps has the same policy, namely support the most recent 2 
versions, or else you get the "basic" version of their product.

2- Possibly related to Yahoo's decision to stop honoring "Do Not Track" 
browser settings, which Google also ignores, although I'm not aware of any 
dependency there.


Joe Brennan




From stephen at xemacs.org  Mon May 12 02:54:26 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 12 May 2014 09:54:26 +0900
Subject: [Mailman-Users]  Yahoo forced browser update?
In-Reply-To: <1399835079.1908.44.camel@ubuntu>
References: <1399835079.1908.44.camel@ubuntu>
Message-ID: <87wqdrg6kd.fsf@uwakimon.sk.tsukuba.ac.jp>

Lindsay Haisley writes:
 > Does anyone know anything about this?
 > 
 > http://yahoomail.tumblr.com/post/85155936276/an-update-to-yahoo-mails-supported-browser-policy

You have a follower!  I bet they've implemented your "transparent
unwrapping" functionality!

>From the "Wonders Can't Cease until They Start" Dept.<wink/>


From fmouse at fmp.com  Mon May 12 02:59:22 2014
From: fmouse at fmp.com (Mitra IMAP)
Date: Sun, 11 May 2014 19:59:22 -0500
Subject: [Mailman-Users] Yahoo forced browser update?
In-Reply-To: <87wqdrg6kd.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <1399835079.1908.44.camel@ubuntu>
 <87wqdrg6kd.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5E975F17-10CF-48E0-BD9C-6A62FC7CB650@fmp.com>


On May 11, 2014, at 7:54 PM, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:

> Lindsay Haisley writes:
>> Does anyone know anything about this?
>> 
>> http://yahoomail.tumblr.com/post/85155936276/an-update-to-yahoo-mails-supported-browser-policy
> 
> You have a follower!  I bet they've implemented your "transparent
> unwrapping" functionality!
> 
> From the "Wonders Can't Cease until They Start" Dept.<wink/>

OMG!!


Lindsay Haisley
(512) 259-1190 (land line)
(512) 496-7118 (mobile)
Sent from my iPhone


From mark at bradakis.com  Mon May 12 03:20:43 2014
From: mark at bradakis.com (Mark J Bradakis)
Date: Sun, 11 May 2014 19:20:43 -0600
Subject: [Mailman-Users] Logging fail?
Message-ID: <537021EB.3010603@bradakis.com>

So I update to the latest 2.1.18.  Mailman quits working.  Sure, all the qrunners are running,
but any mail to any list just disappears.  Postfix gets it and sends it on:

May 11 19:09:51 autox postfix/local[22287]: 2A5C32D60BBD: to=<tn_admin at autox.team.net>, relay=local, delay=0.13, delays=0.01/0/0/0.13, dsn=2.0.0, status=sent (delivered to command: /local/mailman/teamnet/mail/mailman post tn_admin)


Go to the logs directory, grep for 'tn_admin' and nothing shows up. Where did the message go?  Why is it not
getting sent to the list?  Why is there no trace of it in any logs?

mjb.

From mark at msapiro.net  Mon May 12 04:10:47 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 11 May 2014 19:10:47 -0700
Subject: [Mailman-Users] Logging fail?
In-Reply-To: <537021EB.3010603@bradakis.com>
References: <537021EB.3010603@bradakis.com>
Message-ID: <53702DA7.2040800@msapiro.net>

On 05/11/2014 06:20 PM, Mark J Bradakis wrote:
> So I update to the latest 2.1.18.  Mailman quits working.  Sure, all the
> qrunners are running,
> but any mail to any list just disappears.  Postfix gets it and sends it on:
> 
> May 11 19:09:51 autox postfix/local[22287]: 2A5C32D60BBD:
> to=<tn_admin at autox.team.net>, relay=local, delay=0.13,
> delays=0.01/0/0/0.13, dsn=2.0.0, status=sent (delivered to command:
> /local/mailman/teamnet/mail/mailman post tn_admin)
> 
> 
> Go to the logs directory, grep for 'tn_admin' and nothing shows up.
> Where did the message go?  Why is it not
> getting sent to the list?  Why is there no trace of it in any logs?


What's in Mailman's error log?

Is incomingRunner running? OutgoingRunner?

Is the message archived?

What's in Mailman's qrunner log?

What's in Mailman's vette log?

What's in Mailman's queues (the various qfiles/* directories)?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Mon May 12 04:12:01 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 12 May 2014 11:12:01 +0900
Subject: [Mailman-Users]  Logging fail?
In-Reply-To: <537021EB.3010603@bradakis.com>
References: <537021EB.3010603@bradakis.com>
Message-ID: <87vbtbg2z2.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark J Bradakis writes:

 > So I update to the latest 2.1.18.

"2.1.18" is not the latest and is known to have annoying bugs (this
may be one of them).  Did you mean "2.1.18-1"?

Aside to Mark: I think even for a brown-bag release it would be best
to bump the micro version (in this case to "19" instead of "18-1").

 > Go to the logs directory, grep for 'tn_admin' and nothing shows
 > up. Where did the message go?

It's probably in a queue, most likely "shunt" since it's not being
delivered, but it could be somewhere else if one of the qrunners is
broken.

Sorry I can't be more precise but wanted to provide what help I can
quickly.

Steve



From mark at msapiro.net  Mon May 12 05:35:44 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 11 May 2014 20:35:44 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <1399832656.1908.24.camel@ubuntu>
References: <20140510021350.55294.qmail@joyce.lan>
 <1399732731.2107.38.camel@ubuntu> <8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>
 <1399832656.1908.24.camel@ubuntu>
Message-ID: <53704190.3010804@msapiro.net>

On 05/11/2014 11:24 AM, Lindsay Haisley wrote:
> 
> That's true, but what I suggested is, or should be simpler than that,
> and is fundamentally no different from what Mailman does now with
> wrapping.  The points are:
> 
> 1)  implementation of a MIME multipart standard _specifically_ for the
> purpose of wrapping emails would be a good idea.


Why multipart?

See <https://mail.python.org/pipermail/mailman-users/2014-May/076736.html>.

Granted, a decorated message with msg_header and/or msg_footer added is
multipart, if these decorations are omitted, you are left with a
multipart message with a single sub-part. While this is still RFC
compliant (recursion is wonderful), it is (to me at least) esthetically
unpleasing.

Perhaps a new Content-Type such as message/wrapped, although that raises
the question of what to do when a message/wrapped part is not at the top
level.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Mon May 12 06:09:43 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Mon, 12 May 2014 14:09:43 +1000
Subject: [Mailman-Users] (postfix &) Results of testing posts to
 yahoogroups from AOL
In-Reply-To: <536DF1F8.5060005@gn.apc.org>
References: <536D4D92.1020807@msapiro.net> <536DF1F8.5060005@gn.apc.org>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>

Cedric Knight wrote:

> On 09/05/14 22:50, Mark Sapiro wrote:
> > I finally got around to testing this.
> 
> Note that the situation changed the day before you did the 
> test.  There is an announcement dated 8 May here:
> <http://yahoogroups.tumblr.com/post/85163779041/dmarc-related-
> changes-in-yahoo-groups>
> "Following the recent changes in Yahoo DMARC policy to 
> protect users from email spam, we've made changes to how 
> Yahoo Groups sends mails to members' inboxes. ... With these 
> changes we are addressing deliverability issues due to DMARC 
> adoption by mail service providers."

I can confirm that there's been a change. On a yahoo group I'm a member of, Outlook used to say the group messages were from the list address on behalf of the sender's address. Now they just say they're from the list address, although the original sender is listed in the message list. This happened between 9/5/14 and 12/5/14.

I haven't tried to check what headers they've used to confuse Outlook like this.

This group has always been configured so that Reply and Reply All go to the list address, but it was possible to construct a private reply manually by copying the sender's address from the top of the quoted headers. You can't do that anymore in Outlook without delving into the original message's headers.

Peter Shute

From pshute at nuw.org.au  Mon May 12 06:18:23 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Mon, 12 May 2014 14:18:23 +1000
Subject: [Mailman-Users] (postfix &) Results of testing posts to
 yahoogroups from AOL
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>
References: <536D4D92.1020807@msapiro.net> <536DF1F8.5060005@gn.apc.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FD7E@nuwvicms2>

Peter Shute wrote:

> I can confirm that there's been a change. On a yahoo group 
> I'm a member of, Outlook used to say the group messages were 
> from the list address on behalf of the sender's address. Now 
> they just say they're from the list address, although the 
> original sender is listed in the message list. This happened 
> between 9/5/14 and 12/5/14.
> 
> I haven't tried to check what headers they've used to confuse 
> Outlook like this.
> 
> This group has always been configured so that Reply and Reply 
> All go to the list address, but it was possible to construct 
> a private reply manually by copying the sender's address from 
> the top of the quoted headers. You can't do that anymore in 
> Outlook without delving into the original message's headers.

I should also note that in the footer of each message there is a mailto: link that sets up a reply to the original sender. I've never noticed it before, although it's always been there, and I assume this can't be broken by any changes they've done to the headers.

The link doesn't set up the quoted text, just a blank body, so even this isn't a satisfactory workaround.

Peter Shute

From pshute at nuw.org.au  Mon May 12 08:12:43 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Mon, 12 May 2014 16:12:43 +1000
Subject: [Mailman-Users] (postfix &) Results of testing posts to
 yahoogroups from AOL
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD7E@nuwvicms2>
References: <536D4D92.1020807@msapiro.net> <536DF1F8.5060005@gn.apc.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>
 <C2F1879073AE7347BAB44065F143E1700156F3FD7E@nuwvicms2>
Message-ID: <2D5322E3-FEC0-440B-843F-2DA23DB55CEC@nuw.org.au>

> On 12 May 2014, at 2:18 pm, "Peter Shute" <pshute at nuw.org.au> wrote:
> 
> Peter Shute wrote:
> 
>> I can confirm that there's been a change. On a yahoo group 
>> I'm a member of, Outlook used to say the group messages were 
>> from the list address on behalf of the sender's address. Now 
>> they just say they're from the list address, although the 
>> original sender is listed in the message list. This happened 
>> between 9/5/14 and 12/5/14.
>> 
>> I haven't tried to check what headers they've used to confuse 
>> Outlook like this.
>> 
>> This group has always been configured so that Reply and Reply 
>> All go to the list address, but it was possible to construct 
>> a private reply manually by copying the sender's address from 
>> the top of the quoted headers. You can't do that anymore in 
>> Outlook without delving into the original message's headers.
> 
> I should also note that in the footer of each message there is a mailto: link that sets up a reply to the original sender. I've never noticed it before, although it's always been there, and I assume this can't be broken by any changes they've done to the headers.
> 
> The link doesn't set up the quoted text, just a blank body, so even this isn't a satisfactory workaround.

And on my iPad I can't even tell who has sent the emails. The native email app doesn't display their address anywhere. If they've used any techniques that will become available to my mailman list with 2.1.18-1 then this is a good tryout. Don't like it.

Peter Shute

From stephen at xemacs.org  Mon May 12 10:25:00 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 12 May 2014 17:25:00 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <53704190.3010804@msapiro.net>
References: <20140510021350.55294.qmail@joyce.lan>
 <1399732731.2107.38.camel@ubuntu>
 <8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>
 <1399832656.1908.24.camel@ubuntu> <53704190.3010804@msapiro.net>
Message-ID: <87ppjjflpf.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > it is (to me at least) esthetically unpleasing.

"There's no arguing with taste", but as a data point I have no problem
with multipart/mixed with only one part.

How about multipart/alternative:

    message header
    multipart/alternative

        part header
        message/rfc822        # original message in all its glory

        part header
        <traditional cooked list message>

 > Perhaps a new Content-Type such as message/wrapped

AFAICS this is completely unnecessary?

    message header
    Content-Type: message/rfc822

        original message header
        original message body        # or cooked if you prefer

Then amend the existing MIME RFCs to say that MUAs SHOULD (MAY?)
simply display the original message in some appropriate way.  No?


From mark at bradakis.com  Mon May 12 10:40:09 2014
From: mark at bradakis.com (Mark J Bradakis)
Date: Mon, 12 May 2014 02:40:09 -0600
Subject: [Mailman-Users] Logging fail?
In-Reply-To: <53702DA7.2040800@msapiro.net>
References: <537021EB.3010603@bradakis.com> <53702DA7.2040800@msapiro.net>
Message-ID: <537088E9.2060203@bradakis.com>

Mark Sapiro wrote:
> On 05/11/2014 06:20 PM, Mark J Bradakis wrote:
>> So I update to the latest 2.1.18.  Mailman quits working.  Sure, all the
>> qrunners are running,
>> but any mail to any list just disappears.  Postfix gets it and sends it on:
>>
>> May 11 19:09:51 autox postfix/local[22287]: 2A5C32D60BBD:
>> to=<tn_admin at autox.team.net>, relay=local, delay=0.13,
>> delays=0.01/0/0/0.13, dsn=2.0.0, status=sent (delivered to command:
>> /local/mailman/teamnet/mail/mailman post tn_admin)
>>
>>
>> Go to the logs directory, grep for 'tn_admin' and nothing shows up.
>> Where did the message go?  Why is it not
>> getting sent to the list?  Why is there no trace of it in any logs?
>
>
> What's in Mailman's error log?

Nothing.

> Is incomingRunner running? OutgoingRunner?

Like I said, the runners are running.

> Is the message archived?

No.

> What's in Mailman's qrunner log?

Nothing.
>
> What's in Mailman's vette log?

Nothing.

>
> What's in Mailman's queues (the various qfiles/* directories)?
>

The message was in qfiles/in and once I reverted back to 2.1.14, rebooted and restarted mailman
it got delivered.

On a possibly related note, when I ran mailmanctl stop the 2.1.18 IncomingRunner did not die.
Doing a kill -KILL on it would kill it, but it would immediately respawn.  After several attempts
to get rid of it, I installed 2.1.14 and rebooted the server.

mjb.


From fmouse at fmp.com  Mon May 12 16:59:21 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Mon, 12 May 2014 09:59:21 -0500
Subject: [Mailman-Users] MM 2.1.18-1 question
Message-ID: <1399906761.2141.8.camel@ubuntu>

My understanding is that MM 2.1.18-1 corrects a python version
incompatibility in MM 2.1.18 and nothing more.  My MM server is running
python 2.7.3 and I've had no problems with MM 2.1.18.  Are there any
compelling reasons for me to upgrade?  I have a patch collection which
would need to be re-applied, a bit of a PITA but I can do it if
necessary.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From bernie at fantasyfarm.com  Mon May 12 22:14:00 2014
From: bernie at fantasyfarm.com (Bernie Cosell)
Date: Mon, 12 May 2014 16:14:00 -0400
Subject: [Mailman-Users] Saving list subscribers from a backup
Message-ID: <53712B88.27139.300196DE@bernie.fantasyfarm.com>

in the face of zillions of bounce/unsubscribes thanks to the DMARC mess, 
what I'd like to do is get the sysadmin to snapshot the list members 
from, say, a week ago.  Then when we get things cleaned up I can 
'restore' the list as it was.  I don't know how to do it and I tried 
googling and only found:

https://mail.python.org/pipermail/mailman-users/2003-March/027011.html

which said

~/mailman/lists/<list_name>/config.db 

On our system, though, all I find is:

mailman$ ls
Mailman/  archive/  bin/  cgi-bin/  cron/  icons/  mail/  messages/  
pythonlib/  scripts/  templates/  tests/

so no "lists" diretory at all.  Obviously that's for a very old version 
of mailman   We have:
   Using Mailman version: 2.1.9

Thanks  /b\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie at fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--       




From fil at rezo.net  Mon May 12 23:47:01 2014
From: fil at rezo.net (Fil)
Date: Mon, 12 May 2014 23:47:01 +0200
Subject: [Mailman-Users] MM-2.1.15: Small bug regarding the "request
 forgery check"
In-Reply-To: <536A40CB.9060506@msapiro.net>
References: <20121111103717.GB30392@charite.de> <509FBD4B.2020408@msapiro.net>
 <20121111173812.GF18233@charite.de>
 <CAAdA2WOHiB5a3SAdmMfEGjWu4z-sb5susnPQVaORV9KiLsFX0Q@mail.gmail.com>
 <CAERh8-kmMe7ZjdAVX2=3VX5WHADW_85hHU_XJCGUzwkJmwyWJQ@mail.gmail.com>
 <536A40CB.9060506@msapiro.net>
Message-ID: <CAERh8-kCvbAn16sh=nHwshJCSqb_Mrk7FLR-AeNAE3jmArFF8Q@mail.gmail.com>

On Wed, May 7, 2014 at 4:18 PM, Mark Sapiro <mark at msapiro.net> wrote:

>
> And what generates that URL? Do you have a local mod for this? I don't
> see where in the admin UI such a URL is generated or recognized.


hmmm -- now that you mention it... maybe it's coming from one of the patches I
did around the MySQL MemberAdaptor, so the roster could work with 300k
members.

-- Fil

From mark at msapiro.net  Tue May 13 01:28:20 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 16:28:20 -0700
Subject: [Mailman-Users] (postfix &) Results of testing posts to
 yahoogroups from AOL
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>
References: <536D4D92.1020807@msapiro.net> <536DF1F8.5060005@gn.apc.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>
Message-ID: <53715914.9040306@msapiro.net>

On 05/11/2014 09:09 PM, Peter Shute wrote:
> 
> I haven't tried to check what headers they've used to confuse Outlook like this.


See the FAQ at <http://wiki.list.org/x/RoA9>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 13 01:32:02 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 16:32:02 -0700
Subject: [Mailman-Users] (postfix &) Results of testing posts to
 yahoogroups from AOL
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD7E@nuwvicms2>
References: <536D4D92.1020807@msapiro.net> <536DF1F8.5060005@gn.apc.org>
 <C2F1879073AE7347BAB44065F143E1700156F3FD7D@nuwvicms2>
 <C2F1879073AE7347BAB44065F143E1700156F3FD7E@nuwvicms2>
Message-ID: <537159F2.404@msapiro.net>

On 05/11/2014 09:18 PM, Peter Shute wrote:
> 
> I should also note that in the footer of each message there is a mailto: link that sets up a reply to the original sender. I've never noticed it before, although it's always been there, and I assume this can't be broken by any changes they've done to the headers.


Presumably, this link is something the list admin has set in the list's
msg_footer and maybe digest_footer.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Tue May 13 02:10:37 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Mon, 12 May 2014 19:10:37 -0500
Subject: [Mailman-Users] Saving list subscribers from a backup
In-Reply-To: <53712B88.27139.300196DE@bernie.fantasyfarm.com>
References: <53712B88.27139.300196DE@bernie.fantasyfarm.com>
Message-ID: <1399939837.1972.14.camel@ubuntu>

On Mon, 2014-05-12 at 16:14 -0400, Bernie Cosell wrote:
> in the face of zillions of bounce/unsubscribes thanks to the DMARC mess, 
> what I'd like to do is get the sysadmin to snapshot the list members 
> from, say, a week ago.  Then when we get things cleaned up I can 
> 'restore' the list as it was.  I don't know how to do it and I tried 
> googling and only found:
> 
> https://mail.python.org/pipermail/mailman-users/2003-March/027011.html
> 
> which said
> 
> ~/mailman/lists/<list_name>/config.db 
> 
> On our system, though, all I find is:
> 
> mailman$ ls
> Mailman/  archive/  bin/  cgi-bin/  cron/  icons/  mail/  messages/  
> pythonlib/  scripts/  templates/  tests/
> 
> so no "lists" diretory at all.  Obviously that's for a very old version 
> of mailman   We have:
>    Using Mailman version: 2.1.9

Mark may have more detailed information on this, more specific to your
version, but here's what I can tell you from many years as a Mailman
user.

With regard to "config.db", I believe this is now a pickled file called
config.pck, and the MM file hierarchy has been split up so that the
"lists" directory is now generally in a separate tree independent of
~mailman.  In a standard MM installation, this is /var/lib/mailman.

My approach to this problem would be to locate the mailman logs and pull
the auto-unsubscriptions addresses from there.  The following command
does this for MM 2.1.18:

grep "auto-unsubscribed" /full/path/to/logs/subscribe| grep <listname>|awk '{printf($7"\n")}'

In MM 2.1.18, the log file is /var/lib/mailman/logs/subscribe.  If the
log file format has changed over the last 9 releases, you may need to
change the parameter number for awk's printf command to something other
than $7, but there's a good chance that this will get you, or your
sysadmin, a bare list of email addresses unsubscribed during the time
period covered by the log file.

As I said, Mark will probably have more details on this stuff.  He
usually does.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From mark at msapiro.net  Tue May 13 02:12:44 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 17:12:44 -0700
Subject: [Mailman-Users] Saving list subscribers from a backup
In-Reply-To: <53712B88.27139.300196DE@bernie.fantasyfarm.com>
References: <53712B88.27139.300196DE@bernie.fantasyfarm.com>
Message-ID: <5371637C.6000600@msapiro.net>

On 05/12/2014 01:14 PM, Bernie Cosell wrote:
> in the face of zillions of bounce/unsubscribes thanks to the DMARC mess, 
> what I'd like to do is get the sysadmin to snapshot the list members 
> from, say, a week ago.  Then when we get things cleaned up I can 
> 'restore' the list as it was.  I don't know how to do it and I tried 
> googling and only found:
> 
> https://mail.python.org/pipermail/mailman-users/2003-March/027011.html
> 
> which said
> 
> ~/mailman/lists/<list_name>/config.db 
> 
> On our system, though, all I find is:
> 
> mailman$ ls
> Mailman/  archive/  bin/  cgi-bin/  cron/  icons/  mail/  messages/  
> pythonlib/  scripts/  templates/  tests/
> 
> so no "lists" diretory at all.  Obviously that's for a very old version 
> of mailman   We have:
>    Using Mailman version: 2.1.9


The issue is you're looking at the $prefix directory (I don't know what
$prefix/archive/ is at all). You need to look at $var-prefix which
contains archives/, data/, lists/, locks/, logs/, qfiles/ and maybe spam/.

However, see the FAQ at <http://wiki.list.org/x/aYA9> first.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 13 02:32:17 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 17:32:17 -0700
Subject: [Mailman-Users] Logging fail?
In-Reply-To: <537088E9.2060203@bradakis.com>
References: <537021EB.3010603@bradakis.com> <53702DA7.2040800@msapiro.net>
 <537088E9.2060203@bradakis.com>
Message-ID: <53716811.1070109@msapiro.net>

On 05/12/2014 01:40 AM, Mark J Bradakis wrote:
> Mark Sapiro wrote:
> 
>> Is incomingRunner running? OutgoingRunner?
> 
> Like I said, the runners are running.


I apologize for my skepticism, but many people will see a list of
qrunner processes and assume that *all* are running.


>> What's in Mailman's qrunner log?
> 
> Nothing.


There can't be "Nothing" in the qrunner log unless you never started
mailmnanctl or you're looking at the wrong log?


> The message was in qfiles/in and once I reverted back to 2.1.14,
> rebooted and restarted mailman
> it got delivered.


Then IncomingRunner wasn't processing the queue. It may have died, or
due to some install glitch it may have been looking at a different in/
queue from the one where the process invoked by Postfix put it. Maybe
the install of 2.1.18 put things in different places so the Postfix
aliases pointed to the 2.1.14 install and not 2.1.18. That might also
explain why the qrunner log was empty if it truly was.


> On a possibly related note, when I ran mailmanctl stop the 2.1.18
> IncomingRunner did not die.
> Doing a kill -KILL on it would kill it, but it would immediately
> respawn.  After several attempts
> to get rid of it, I installed 2.1.14 and rebooted the server.


mailmanctl stop depends on Mailman's data/master-qrunner.pid containing
the PID of mailmanctl. Perhaps things were confused about where this
file was.

The respawning is probably due to some watcher that's part of some
previously installed package.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 13 02:43:08 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 17:43:08 -0700
Subject: [Mailman-Users] MM 2.1.18-1 question
In-Reply-To: <1399906761.2141.8.camel@ubuntu>
References: <1399906761.2141.8.camel@ubuntu>
Message-ID: <53716A9C.2010105@msapiro.net>

On 05/12/2014 07:59 AM, Lindsay Haisley wrote:
> My understanding is that MM 2.1.18-1 corrects a python version
> incompatibility in MM 2.1.18 and nothing more.


I did sneak in one additional change to fix
<https://bugs.launchpad.net/mailman/+bug/1315970>, but it's very minor.
See the bug for details.

Otherwise, the only code change is to fix an issue with the Wrap Message
action and Python < 2.6.5 that causes all messages to which Wrap Message
applies to be shunted in OutgoingRunner processing.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at bradakis.com  Tue May 13 02:51:35 2014
From: mark at bradakis.com (Mark J Bradakis)
Date: Mon, 12 May 2014 18:51:35 -0600
Subject: [Mailman-Users] Logging fail?
In-Reply-To: <53716811.1070109@msapiro.net>
References: <537021EB.3010603@bradakis.com> <53702DA7.2040800@msapiro.net>
 <537088E9.2060203@bradakis.com> <53716811.1070109@msapiro.net>
Message-ID: <53716C97.6050007@bradakis.com>

Mark Sapiro wrote:
>
>
>>> What's in Mailman's qrunner log?
>>
>> Nothing.
>
>
> There can't be "Nothing" in the qrunner log unless you never started
> mailmnanctl or you're looking at the wrong log?
>
>

My turn to apologize, I should have specified that the logs contained nothing related to
that specific message, and not implied they were completely empty.

>> The message was in qfiles/in and once I reverted back to 2.1.14,
>> rebooted and restarted mailman
>> it got delivered.
>
>
> Then IncomingRunner wasn't processing the queue. It may have died, or
> due to some install glitch it may have been looking at a different in/
> queue from the one where the process invoked by Postfix put it. Maybe
> the install of 2.1.18 put things in different places so the Postfix
> aliases pointed to the 2.1.14 install and not 2.1.18. That might also
> explain why the qrunner log was empty if it truly was.
>

I'll try reinstalling the latest and greatest mailman, see if I can figure out
what IncomingRunner is actually doing.

mjb.

PS:  This is on a server running Ubuntu 13.10



From fmouse at fmp.com  Tue May 13 02:58:08 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Mon, 12 May 2014 19:58:08 -0500
Subject: [Mailman-Users] Saving list subscribers from a backup
In-Reply-To: <53712B88.27139.300196DE@bernie.fantasyfarm.com>
References: <53712B88.27139.300196DE@bernie.fantasyfarm.com>
Message-ID: <1399942688.1972.28.camel@ubuntu>

On Mon, 2014-05-12 at 16:14 -0400, Bernie Cosell wrote:
> in the face of zillions of bounce/unsubscribes thanks to the DMARC mess, 
> what I'd like to do is get the sysadmin to snapshot the list members 
> from, say, a week ago.

I ought to also point out that using config.db or config.pck will only
get you information about _current_ subscribers, including those whose
subscriptions are still present but disabled because of bounces.
Pulling a pure and simple list of email addresses from the latter group
out of the config database generally requires a bit of jiggery-pokery
with a text editor, but the database dump has everything fairly clearly
labeled.  You can use the ~mailman/bin/dumpdb utility to get a
plain-text dump of the database once you determine the full path to the
config database (config.db or config.pck).  If you can get a backup copy
of the config file from before about Apr. 8 then all the information you
want will be there.  Absent this, once actual auto-unsubscriptions
started, the only way to recover auto-unsubscribed addresses is by
pulling them from Mailman's subscribe log file, as noted in my previous
email.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |



From mark at msapiro.net  Tue May 13 04:35:19 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 19:35:19 -0700
Subject: [Mailman-Users] Logging fail?
In-Reply-To: <53716C97.6050007@bradakis.com>
References: <537021EB.3010603@bradakis.com> <53702DA7.2040800@msapiro.net>
 <537088E9.2060203@bradakis.com> <53716811.1070109@msapiro.net>
 <53716C97.6050007@bradakis.com>
Message-ID: <537184E7.8030503@msapiro.net>

On 05/12/2014 05:51 PM, Mark J Bradakis wrote:
> 
> My turn to apologize, I should have specified that the logs contained
> nothing related to
> that specific message, and not implied they were completely empty.


Please note that when I ask what's in logs, I don't want a filtered
response. Granted there's a bunch of stuff in logs that isn't relevant,
but I would like it not pre-filtered. The bottom line is if you knew
what would be relevant to me, you probably wouldn't need my help.

For example, you indicated in the OP that you grepped for the list name.
There could be relevant messages that don't include the list name

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From dave.lists at nathanson.org  Tue May 13 05:45:23 2014
From: dave.lists at nathanson.org (Dave Nathanson)
Date: Mon, 12 May 2014 20:45:23 -0700
Subject: [Mailman-Users] Who authored the message?
Message-ID: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>

Since DEMARC we don't know who is authoring list messages anymore. 

I saw a message today sent to a list named "AlmostEverybody". The message author did not properly configure their MUA (Verizon webmail) with their proper name, so the only identifier is their email address. Which is of course now deleted as part of DEMARC compliance. Leaving us with a message and no indication of who sent it. The "From" was merely "Via AlmostEverybody at list.example.com". No name, no author email address. Of course no sig either. 

List members are unable to reply off-list to the author, and they don't even know who the author is. 

Would it be a reasonable feature request to add the author's name & email address as a X-Header? Some of us not only read the headers on a regular basis, but we even configure our MUA to display certain message Headers. (My favorites are Reply-To, X-Mailer, and User-Agent). 

I'd rather not add the author's email address to the top or bottom of the message body, but it seems that some method of identifying the message author is in order. Even if depreciated, X-Headers are obviously still in use, and better then nothing. At the very least adding one more message header won't cause any complaining. 

Thoughts? 

Best, 
 Dave Nathanson
 Mac Medix


From mark at msapiro.net  Tue May 13 06:32:02 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 21:32:02 -0700
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
References: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
Message-ID: <5371A042.50303@msapiro.net>

On 05/12/2014 08:45 PM, Dave Nathanson wrote:
> 
> I saw a message today sent to a list named "AlmostEverybody". The message author did not properly configure their MUA (Verizon webmail) with their proper name, so the only identifier is their email address. Which is of course now deleted as part of DEMARC compliance. Leaving us with a message and no indication of who sent it. The "From" was merely "Via AlmostEverybody at list.example.com". No name, no author email address. Of course no sig either. 


What Mailman version are you using? In the current version (2.1.18-1)
you should be seeing the either the author's display name from her From:
header or if none and From: a list member, the members real name from
the membership list, or if none, at least the local part of the email
address.

Also, the author's original From: will be in Reply-To: in every case,
except see bug <https://bugs.launchpad.net/mailman/+bug/1318025>.


> List members are unable to reply off-list to the author, and they don't even know who the author is. 


Again, what is your Mailman version and what are your Reply-To munging
settings. In versions older than 2.1.18, I think you should still see
the author's address in Reply-To: if first_strip_reply_to is No.


> Would it be a reasonable feature request to add the author's name & email address as a X-Header? Some of us not only read the headers on a regular basis, but we even configure our MUA to display certain message Headers. (My favorites are Reply-To, X-Mailer, and User-Agent). 


I don't think it's necessary. If the author's address isn't in
Reply-To:, it should be, and the absence is a bug. Is that not sufficient?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 13 08:38:19 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 12 May 2014 23:38:19 -0700
Subject: [Mailman-Users] DMARC and Reply-To lines with from_is_list
	munging.
In-Reply-To: <87ppjjflpf.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <20140510021350.55294.qmail@joyce.lan>	<1399732731.2107.38.camel@ubuntu>	<8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>	<1399832656.1908.24.camel@ubuntu>	<53704190.3010804@msapiro.net>
 <87ppjjflpf.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5371BDDB.5070701@msapiro.net>

On 05/12/2014 01:25 AM, Stephen J. Turnbull wrote:
> 
> How about multipart/alternative:
> 
>     message header
>     multipart/alternative
> 
>         part header
>         message/rfc822        # original message in all its glory
> 
>         part header
>         <traditional cooked list message>


Interesting idea, but I think the part order is reversed. The simplest,
most universally readable part is supposed to be first with parts of
increasing complexity coming later.


>  > Perhaps a new Content-Type such as message/wrapped
> 
> AFAICS this is completely unnecessary?
> 
>     message header
>     Content-Type: message/rfc822
> 
>         original message header
>         original message body        # or cooked if you prefer


Which is essentially what the Wrap Message action does now.


> Then amend the existing MIME RFCs to say that MUAs SHOULD (MAY?)
> simply display the original message in some appropriate way.  No?


I really wonder if that would help. Section 5.2 of RFC 2046 doesn't say
exactly that, but it does contain this note:

   NOTE:  It has been suggested that subtypes of "message" might be
   defined for forwarded or rejected messages.  However, forwarded and
   rejected messages can be handled as multipart messages in which the
   first part contains any control or descriptive information, and a
   second part, of type "message/rfc822", is the forwarded or rejected
   message.  Composing rejection and forwarding messages in this manner
   will preserve the type information on the original message and allow
   it to be correctly presented to the recipient, and hence is strongly
   encouraged.

A couple of things are significant in that. It basically agrees with
Stephen that message/wrapped is unnecessary, but it also says the
message/rfc822 type "will preserve the type information on the original
message and allow it to be correctly presented to the recipient".

While this doesn't explicitly say MUAs SHOULD or MAY simply display the
original message in some appropriate way, it certainly conveys that
sentiment to me, yet here we are over 17 years later with apparently
some mainstream MUAs that don't do that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Tue May 13 10:28:30 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Tue, 13 May 2014 17:28:30 +0900
Subject: [Mailman-Users] DMARC and Reply-To lines with
	from_is_list	munging.
In-Reply-To: <5371BDDB.5070701@msapiro.net>
References: <20140510021350.55294.qmail@joyce.lan>
 <1399732731.2107.38.camel@ubuntu>
 <8761lchdgc.fsf@uwakimon.sk.tsukuba.ac.jp>
 <1399832656.1908.24.camel@ubuntu> <53704190.3010804@msapiro.net>
 <87ppjjflpf.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5371BDDB.5070701@msapiro.net>
Message-ID: <87y4y6dqvl.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:
 > On 05/12/2014 01:25 AM, Stephen J. Turnbull wrote:
 > > 
 > > How about multipart/alternative:
 > > 
 > >     message header
 > >     multipart/alternative
 > > 
 > >         part header
 > >         message/rfc822        # original message in all its glory
 > > 
 > >         part header
 > >         <traditional cooked list message>
 > 
 > 
 > Interesting idea, but I think the part order is reversed. The simplest,
 > most universally readable part is supposed to be first with parts of
 > increasing complexity coming later.

That's precisely the point.  Most MUAs choose to display the *last*
form that they understand, but there's no guarantee that they'll
understand earlier ones, so they should (but see below) keep trying.

As Bugs Bunny says, "Eh-he-he-eh, ain' I a stinka?!" ;-)

 > > Then amend the existing MIME RFCs to say that MUAs SHOULD (MAY?)
 > > simply display the original message in some appropriate way.  No?
 > 
 > I really wonder if that would help. Section 5.2 of RFC 2046 [...].
 > While this doesn't explicitly say MUAs SHOULD or MAY simply display the
 > original message in some appropriate way, it certainly conveys that
 > sentiment to me, yet here we are over 17 years later with apparently
 > some mainstream MUAs that don't do that.

I know, but what can we do?  There are very few of us who could get
away with telling our subscribers, "well, then, get a *real* MUA!!",
and even fewer who can do that, and want to.


From Dave.Lists at Nathanson.org  Tue May 13 18:48:47 2014
From: Dave.Lists at Nathanson.org (Dave Nathanson)
Date: Tue, 13 May 2014 09:48:47 -0700
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <5371A042.50303@msapiro.net>
References: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
 <5371A042.50303@msapiro.net>
Message-ID: <C462F217-E68D-426D-BA8A-8AC87BA63CC1@Nathanson.org>

Hi Mark,
We've got Mailman 2.1.17 at Dreamhost. 

List Settings:
from_is_list = Mung From
anonymous_list = No
first_strip_reply_to = Yes
reply_goes_to_list  = Explicit address
reply_to_address = AlmostEverybody at example.com (without subdomain)
Include_sender_header = Yes

In this case, the message author MUA does not provide their display name, and 
the list _does_ have a real name for that person, but Mailman did not insert it. So after going through Mailman, the 
From header said only: "Via AlmostEverybody at list.example.com". 

Today I experimented with first_strip_reply_to set to No.  

This means that a reply is addressed to both the list and to previous author. 
If nodups = Yes. 
Then the previous author will get only 1 copy of the message. But the copy they get is the direct mail (including senders email address), not the list mail. When that person replies to the message, it will only go to the most recent previous author, not to the list. 

Maybe this is acceptable(?), since most of the time people don't reply to their own list messages?  

Im my experience, the majority of users are incapable of adding or deleting anything from the Reply-To or To field. That's why up to now, I've opted for the Reply-To to only contain the desired list address. 

Best, 
 Dave Nathanson
 Mac Medix

On May 12, 2014, at 9:32 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/12/2014 08:45 PM, Dave Nathanson wrote:
>> 
>> I saw a message today sent to a list named "AlmostEverybody". The message author did not properly configure their MUA (Verizon webmail) with their proper name, so the only identifier is their email address. Which is of course now deleted as part of DEMARC compliance. Leaving us with a message and no indication of who sent it. The "From" was merely "Via AlmostEverybody at list.example.com". No name, no author email address. Of course no sig either. 
> 
> 
> What Mailman version are you using? In the current version (2.1.18-1)
> you should be seeing the either the author's display name from her From:
> header or if none and From: a list member, the members real name from
> the membership list, or if none, at least the local part of the email
> address.
> 
> Also, the author's original From: will be in Reply-To: in every case,
> except see bug <https://bugs.launchpad.net/mailman/+bug/1318025>.
> 
> 
>> List members are unable to reply off-list to the author, and they don't even know who the author is. 
> 
> 
> Again, what is your Mailman version and what are your Reply-To munging
> settings. In versions older than 2.1.18, I think you should still see
> the author's address in Reply-To: if first_strip_reply_to is No.
> 
> 
>> Would it be a reasonable feature request to add the author's name & email address as a X-Header? Some of us not only read the headers on a regular basis, but we even configure our MUA to display certain message Headers. (My favorites are Reply-To, X-Mailer, and User-Agent). 
> 
> 
> I don't think it's necessary. If the author's address isn't in
> Reply-To:, it should be, and the absence is a bug. Is that not sufficient?
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/dave.lists%40nathanson.org


From mark at msapiro.net  Tue May 13 19:47:05 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 May 2014 10:47:05 -0700
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <C462F217-E68D-426D-BA8A-8AC87BA63CC1@Nathanson.org>
References: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
 <5371A042.50303@msapiro.net>
 <C462F217-E68D-426D-BA8A-8AC87BA63CC1@Nathanson.org>
Message-ID: <53725A99.6020605@msapiro.net>

On 05/13/2014 09:48 AM, Dave Nathanson wrote:
> Hi Mark,
> We've got Mailman 2.1.17 at Dreamhost. 
...
> In this case, the message author MUA does not provide their display name, and 
> the list _does_ have a real name for that person, but Mailman did not insert it. So after going through Mailman, the 
>>From header said only: "Via AlmostEverybody at list.example.com". 


That's fixed in 2.1.18.


> Today I experimented with first_strip_reply_to set to No.  
> 
> This means that a reply is addressed to both the list and to previous author. 
> If nodups = Yes. 
> Then the previous author will get only 1 copy of the message. But the copy they get is the direct mail (including senders email address), not the list mail. When that person replies to the message, it will only go to the most recent previous author, not to the list. 
> 
> Maybe this is acceptable(?), since most of the time people don't reply to their own list messages?  


DMARC has forced mitigation responses. As far as I can tell, there are
no ways to deal with this that don't involve impacts on message
readability, replies or both other than not accepting messages From:
domains with DMARC p=reject.


> Im my experience, the majority of users are incapable of adding or deleting anything from the Reply-To or To field. That's why up to now, I've opted for the Reply-To to only contain the desired list address. 


And these are the same users who would never see an X-Mailman-* header.

Note: that there are reasons for wanting replies to go to the poster and
the list. E.g., the poster may be receiving digests so including her in
replies keeps her in the loop without her having to wait for the next
digest.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From billc_lists at greenbuilder.com  Tue May 13 21:54:26 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Tue, 13 May 2014 14:54:26 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <536D3840.8030207@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
Message-ID: <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>

I finally got a chance to look over the logs today; this is a widely
distributed attack, so address blocking is probably futile.

Sorry to be dense, but how do I apply that patch?

Thanks


On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/09/2014 12:12 PM, Bill Christensen wrote:
> >
> > Is there a way that I can just have it affect this one problematic
> > list?  If I change the name of cgi-bin/subscribe and any references to
> > it (at least until the next update), do you think that will make a
> > difference?
>
>
> It seems to me the easiest way to do this is to apply the attached patch
> to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name
> and if you don't want the logging, remove the syslog line.
>
> But as others have suggested, look at your web server logs (or the
> subscribe confirmation emails) to get the IP address(es) that are
> submitting them. If they all come from a single IP or netblock, block
> that with iptables or whatever firewall you have.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
>

From heller at deepsoft.com  Tue May 13 22:12:14 2014
From: heller at deepsoft.com (Robert Heller)
Date: Tue, 13 May 2014 16:12:14 -0400
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
References: <536BB152.10007@greenbuilder.com> 
 <536BB8B1.4040808@msapiro.net> <536D1482.5000006@greenbuilder.com> 
 <536D1DA2.3050609@msapiro.net> <536D28B9.3060209@greenbuilder.com> 
 <536D3840.8030207@msapiro.net> 
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
Message-ID: <201405132012.s4DKCEIU022976@sharky2.deepsoft.com>

At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen <billc_lists at greenbuilder.com> wrote:

> 
> I finally got a chance to look over the logs today; this is a widely
> distributed attack, so address blocking is probably futile.

How widely?  It *could* be a /16 subnet (eg distributed over 2^^16 address) 
somewhere in an 'odd' part of the world (somewhere your potential subscriber 
base is not likely to be from).

Even if it is widely distributed, fail2ban might do what you need.  The 
*worst* the fail2ban would do is make things difficult for a *few* legit 
subscription requesters.

> 
> Sorry to be dense, but how do I apply that patch?
> 
> Thanks
> 
> 
> On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
> > On 05/09/2014 12:12 PM, Bill Christensen wrote:
> > >
> > > Is there a way that I can just have it affect this one problematic
> > > list?  If I change the name of cgi-bin/subscribe and any references to
> > > it (at least until the next update), do you think that will make a
> > > difference?
> >
> >
> > It seems to me the easiest way to do this is to apply the attached patch
> > to Mailman/Cgi/subscribe.py. Change problem_list to the actual list name
> > and if you don't want the logging, remove the syslog line.
> >
> > But as others have suggested, look at your web server logs (or the
> > subscribe confirmation emails) to get the IP address(es) that are
> > submitting them. If they all come from a single IP or netblock, block
> > that with iptables or whatever firewall you have.
> >
> > --
> > Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> > San Francisco Bay Area, California    better use your sense - B. Dylan
> >
> > ------------------------------------------------------
> > Mailman-Users mailing list Mailman-Users at python.org
> > https://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Security Policy: http://wiki.list.org/x/QIA9
> > Searchable Archives:
> > http://www.mail-archive.com/mailman-users%40python.org/
> > Unsubscribe:
> > https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
> >
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                                  

From billc_lists at greenbuilder.com  Tue May 13 22:44:18 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Tue, 13 May 2014 15:44:18 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <201405132012.s4DKCEIU022976@sharky2.deepsoft.com>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
 <201405132012.s4DKCEIU022976@sharky2.deepsoft.com>
Message-ID: <CAP_TYZQmwGmycy+WeFSH3zuMbsZ4in838d1GRxviL2tJ5xR1qg@mail.gmail.com>

Very wide.  Vietnam, China, New York, France just at a quick look.

I'm looking into fail2ban now.  Thanks to those of you who have mentioned
it.


On Tue, May 13, 2014 at 3:12 PM, Robert Heller <heller at deepsoft.com> wrote:

> At Tue, 13 May 2014 14:54:26 -0500 Bill Christensen <
> billc_lists at greenbuilder.com> wrote:
>
> >
> > I finally got a chance to look over the logs today; this is a widely
> > distributed attack, so address blocking is probably futile.
>
> How widely?  It *could* be a /16 subnet (eg distributed over 2^^16 address)
> somewhere in an 'odd' part of the world (somewhere your potential
> subscriber
> base is not likely to be from).
>
> Even if it is widely distributed, fail2ban might do what you need.  The
> *worst* the fail2ban would do is make things difficult for a *few* legit
> subscription requesters.
>
> >
> > Sorry to be dense, but how do I apply that patch?
> >
> > Thanks
> >
> >
> > On Fri, May 9, 2014 at 3:19 PM, Mark Sapiro <mark at msapiro.net> wrote:
> >
> > > On 05/09/2014 12:12 PM, Bill Christensen wrote:
> > > >
> > > > Is there a way that I can just have it affect this one problematic
> > > > list?  If I change the name of cgi-bin/subscribe and any references
> to
> > > > it (at least until the next update), do you think that will make a
> > > > difference?
> > >
> > >
> > > It seems to me the easiest way to do this is to apply the attached
> patch
> > > to Mailman/Cgi/subscribe.py. Change problem_list to the actual list
> name
> > > and if you don't want the logging, remove the syslog line.
> > >
> > > But as others have suggested, look at your web server logs (or the
> > > subscribe confirmation emails) to get the IP address(es) that are
> > > submitting them. If they all come from a single IP or netblock, block
> > > that with iptables or whatever firewall you have.
> > >
> > > --
> > > Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> > > San Francisco Bay Area, California    better use your sense - B. Dylan
> > >
> > > ------------------------------------------------------
> > > Mailman-Users mailing list Mailman-Users at python.org
> > > https://mail.python.org/mailman/listinfo/mailman-users
> > > Mailman FAQ: http://wiki.list.org/x/AgA3
> > > Security Policy: http://wiki.list.org/x/QIA9
> > > Searchable Archives:
> > > http://www.mail-archive.com/mailman-users%40python.org/
> > > Unsubscribe:
> > >
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
> > >
> > ------------------------------------------------------
> > Mailman-Users mailing list Mailman-Users at python.org
> > https://mail.python.org/mailman/listinfo/mailman-users
> > Mailman FAQ: http://wiki.list.org/x/AgA3
> > Security Policy: http://wiki.list.org/x/QIA9
> > Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> > Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> >
> >
>
> --
> Robert Heller             -- 978-544-6933 / heller at deepsoft.com
> Deepwoods Software        -- http://www.deepsoft.com/
> ()  ascii ribbon campaign -- against html e-mail
> /\  www.asciiribbon.org   -- against proprietary attachments
>
>
>
>

From mark at msapiro.net  Wed May 14 00:10:56 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 May 2014 15:10:56 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
Message-ID: <53729870.8070608@msapiro.net>

On 05/13/2014 12:54 PM, Bill Christensen wrote:
> 
> Sorry to be dense, but how do I apply that patch?


1)Save the patch to a file.

2)Edit the file with an editor that won't change indentation or wrap or
fill lines, i.e. a text editor, not a word processor, and change
problem_list in the line

+    if listname = 'problem_list':

to the all lower case name of the list. If you wanted to apply it to a
few, but not all lists, you could change the line to something like

+    if listname in ('problem_list', 'list2', 'list3'):

Note that the quotes around the literal list names are important, but
there are no quotes around the variable listname.

3) Give the command

cp /path/to/mailman/Mailman/Cgi/subscribe.py
/path/to/mailman/Cgi/Mailman/subscribe.py.bak

(all on one line)

4) Give the command

patch /path/to/mailman/Cgi/Mailman/subscribe.py < /path/to/edited/patch

(all on one line)

5) Go to a URL like <http://your.server/Mailman/subscribe/problem_list>

Note you don't need to restart Mailman first as this patch only affects
web accesses which are always new CGI processes.

The possible results are:

1) A page that says

Error

Web subscribe not allowed /problem_list/

This says all is good.

2) A page that says

problem_list Subscription results

You must supply a valid email address.

This says the patch wasn't applied or for some other reason (maybe
problem_list not changed or misspelled) isn't working.

3) a page that says

...
We hit a bug.
...

This says there is something broken in the patched module. You can leave
it broken which will disable all subscribes or maybe only problem_list
subscribes depending on the exact error, or you can copy the
subscribe.py.bak file from step 3) back over subscribe.py.

In any case, Mailman's error log will have an exception and traceback
from what went wrong.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at bradakis.com  Wed May 14 07:31:01 2014
From: mark at bradakis.com (Mark J Bradakis)
Date: Tue, 13 May 2014 23:31:01 -0600
Subject: [Mailman-Users] 2.1.18-1 - this is new
Message-ID: <5372FF95.1010500@bradakis.com>

Just installed a fresh copy of 2.1.18-1.  Sent a test message to a list where dmarc_moderation_action
is set to 'munge from'.  The message resulted in this error log entry:


May 13 23:16:25 2014 (26946) Uncaught runner exception: unsupported operand type(s) for ^=: 'int' and 'str'
May 13 23:16:25 2014 (26946) Traceback (most recent call last):
   File "/local/mailman/teamnet/Mailman/Queue/Runner.py", line 119, in _oneloop
     self._onefile(msg, msgdata)
   File "/local/mailman/teamnet/Mailman/Queue/Runner.py", line 190, in _onefile
     keepqueued = self._dispose(mlist, msg, msgdata)
   File "/local/mailman/teamnet/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
     more = self._dopipeline(mlist, msg, msgdata, pipeline)
   File "/local/mailman/teamnet/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
     sys.modules[modname].process(mlist, msg, msgdata)
   File "/local/mailman/teamnet/Mailman/Handlers/Moderate.py", line 57, in process
     if Utils.IsDMARCProhibited(mlist, addr):
   File "/local/mailman/teamnet/Mailman/Utils.py", line 1085, in IsDMARCProhibited
     txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT)
   File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 799, in query
     request = dns.message.make_query(qname, rdtype, rdclass)
   File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line 1066, in make_query
     m = Message()
   File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line 145, in __init__
     self.id = dns.entropy.random_16()
   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 117, in random_16
     return pool.random_16()
   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 94, in random_16
     return self.random_8() * 256 + self.random_8()
   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 80, in random_8
     self._maybe_seed()
   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 76, in _maybe_seed
     self.stir(seed, True)
   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 56, in stir
     self.pool[self.pool_index] ^= c
TypeError: unsupported operand type(s) for ^=: 'int' and 'str'

May 13 23:16:25 2014 (26946) SHUNTING: 1400044585.041757+d52cab8deedc53d2d886385a07c7c3e45e76e037

From mark at msapiro.net  Wed May 14 08:10:43 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 13 May 2014 23:10:43 -0700
Subject: [Mailman-Users] 2.1.18-1 - this is new
In-Reply-To: <5372FF95.1010500@bradakis.com>
References: <5372FF95.1010500@bradakis.com>
Message-ID: <537308E3.4090205@msapiro.net>

On 05/13/2014 10:31 PM, Mark J Bradakis wrote:
> Just installed a fresh copy of 2.1.18-1.  Sent a test message to a list
> where dmarc_moderation_action
> is set to 'munge from'.  The message resulted in this error log entry:
> 
> 
> May 13 23:16:25 2014 (26946) Uncaught runner exception: unsupported
> operand type(s) for ^=: 'int' and 'str'
> May 13 23:16:25 2014 (26946) Traceback (most recent call last):
>   File "/local/mailman/teamnet/Mailman/Queue/Runner.py", line 119, in
> _oneloop
>     self._onefile(msg, msgdata)
>   File "/local/mailman/teamnet/Mailman/Queue/Runner.py", line 190, in
> _onefile
>     keepqueued = self._dispose(mlist, msg, msgdata)
>   File "/local/mailman/teamnet/Mailman/Queue/IncomingRunner.py", line
> 130, in _dispose
>     more = self._dopipeline(mlist, msg, msgdata, pipeline)
>   File "/local/mailman/teamnet/Mailman/Queue/IncomingRunner.py", line
> 153, in _dopipeline
>     sys.modules[modname].process(mlist, msg, msgdata)
>   File "/local/mailman/teamnet/Mailman/Handlers/Moderate.py", line 57,
> in process
>     if Utils.IsDMARCProhibited(mlist, addr):
>   File "/local/mailman/teamnet/Mailman/Utils.py", line 1085, in
> IsDMARCProhibited
>     txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT)
>   File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line
> 799, in query
>     request = dns.message.make_query(qname, rdtype, rdclass)
>   File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line
> 1066, in make_query
>     m = Message()
>   File "/usr/local/lib/python2.7/dist-packages/dns/message.py", line
> 145, in __init__
>     self.id = dns.entropy.random_16()
>   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line
> 117, in random_16
>     return pool.random_16()
>   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 94,
> in random_16
>     return self.random_8() * 256 + self.random_8()
>   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 80,
> in random_8
>     self._maybe_seed()
>   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 76,
> in _maybe_seed
>     self.stir(seed, True)
>   File "/usr/local/lib/python2.7/dist-packages/dns/entropy.py", line 56,
> in stir
>     self.pool[self.pool_index] ^= c
> TypeError: unsupported operand type(s) for ^=: 'int' and 'str'


What version of dnspython is this? It appears to be a dnspython3 version
installed under Python 2.7. You need the Python 2 version of dnspython.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Wed May 14 09:52:36 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 14 May 2014 16:52:36 +0900
Subject: [Mailman-Users] A word to the wise: spam-checking and RFC
	conformance
Message-ID: <87ha4ser0b.fsf@uwakimon.sk.tsukuba.ac.jp>

Hi all,

I just discovered that the spam-checker for a non-Mailman list I
subscribe to (I suspect SpamAssassin but I can't confirm yet, the MLM
is ListServ) is introducing 8-bit characters into the header.

What appears to be happening is that the original post uses a
Content-Transfer-Encoding of 8bit or binary, and contains some 8-bit
octets (typically fancy quotes and the occasional accented character
in the posts I receive), and the spam checker copies an excerpt from
the body into the "X-Spam-Report" field *verbatim*, including the
non-ASCII characters.

If your spam-checker doesn't produce an "X-Spam-Report" field or
similar, you don't have the problem.  If it does, you might want to
check its behavior with respect to body excerpts.

Regards,
Steve


From mneedham at hdfgroup.org  Wed May 14 16:09:35 2014
From: mneedham at hdfgroup.org (Matthew Needham)
Date: Wed, 14 May 2014 14:09:35 +0000
Subject: [Mailman-Users] A word to the wise: spam-checking and
	RFC	conformance
In-Reply-To: <87ha4ser0b.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <87ha4ser0b.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <A99CC6CC-DE1B-4EFA-BEF0-A68D51E291CF@hdfgroup.org>

On my server, it was being instead by spamassassin and was then visible in each message handled by Mailman. The ?content-preview? in the header is easily removed in /etc/mail/spamassassin/local.cf.


Matthew

On May 14, 2014, at 02:52 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> Hi all,
> 
> I just discovered that the spam-checker for a non-Mailman list I
> subscribe to (I suspect SpamAssassin but I can't confirm yet, the MLM
> is ListServ) is introducing 8-bit characters into the header.
> 
> What appears to be happening is that the original post uses a
> Content-Transfer-Encoding of 8bit or binary, and contains some 8-bit
> octets (typically fancy quotes and the occasional accented character
> in the posts I receive), and the spam checker copies an excerpt from
> the body into the "X-Spam-Report" field *verbatim*, including the
> non-ASCII characters.
> 
> If your spam-checker doesn't produce an "X-Spam-Report" field or
> similar, you don't have the problem.  If it does, you might want to
> check its behavior with respect to body excerpts.
> 
> Regards,
> Steve
> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/mneedham%40hdfgroup.org


-- 

Matthew Needham
mneedham at hdfgroup.org
217-531-6110

The HDF Group
1800 South Oak Street, Suite 203
Champaign, IL 61820


From billc_lists at greenbuilder.com  Wed May 14 17:20:55 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Wed, 14 May 2014 10:20:55 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <53729870.8070608@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
 <53729870.8070608@msapiro.net>
Message-ID: <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>

Thanks.

Running the patch I got:

patching file /path/to/mailman/Mailman/Cgi/subscribe.py
patch unexpectedly ends in middle of line
Hunk #1 succeeded at 53 with fuzz 1 (offset -1 lines).

(with the actual path in there)


When trying to run a subscription I got the "We hit a bug" error.

Error log says (among other stuff):

admin(12818):   File "/opt/local/share/mailman/Mailman/Cgi/subscribe.py",
line 56
      if listname = 'problem_list':
                  ^
  SyntaxError: invalid syntax

where 'problem_list' had been replaced by the actual list name.

The same happens on other lists as well.

Comparing subscribe.py with subscribe.py.bak, it appears that it's in there
as written.

Any ideas?





On Tue, May 13, 2014 at 5:10 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/13/2014 12:54 PM, Bill Christensen wrote:
> >
> > Sorry to be dense, but how do I apply that patch?
>
>
> 1)Save the patch to a file.
>
> 2)Edit the file with an editor that won't change indentation or wrap or
> fill lines, i.e. a text editor, not a word processor, and change
> problem_list in the line
>
> +    if listname = 'problem_list':
>
> to the all lower case name of the list. If you wanted to apply it to a
> few, but not all lists, you could change the line to something like
>
> +    if listname in ('problem_list', 'list2', 'list3'):
>
> Note that the quotes around the literal list names are important, but
> there are no quotes around the variable listname.
>
> 3) Give the command
>
> cp /path/to/mailman/Mailman/Cgi/subscribe.py
> /path/to/mailman/Cgi/Mailman/subscribe.py.bak
>
> (all on one line)
>
> 4) Give the command
>
> patch /path/to/mailman/Cgi/Mailman/subscribe.py < /path/to/edited/patch
>
> (all on one line)
>
> 5) Go to a URL like <http://your.server/Mailman/subscribe/problem_list>
>
> Note you don't need to restart Mailman first as this patch only affects
> web accesses which are always new CGI processes.
>
> The possible results are:
>
> 1) A page that says
>
> Error
>
> Web subscribe not allowed /problem_list/
>
> This says all is good.
>
> 2) A page that says
>
> problem_list Subscription results
>
> You must supply a valid email address.
>
> This says the patch wasn't applied or for some other reason (maybe
> problem_list not changed or misspelled) isn't working.
>
> 3) a page that says
>
> ...
> We hit a bug.
> ...
>
> This says there is something broken in the patched module. You can leave
> it broken which will disable all subscribes or maybe only problem_list
> subscribes depending on the exact error, or you can copy the
> subscribe.py.bak file from step 3) back over subscribe.py.
>
> In any case, Mailman's error log will have an exception and traceback
> from what went wrong.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
>

From mark at msapiro.net  Wed May 14 17:35:47 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 May 2014 08:35:47 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
References: <536BB152.10007@greenbuilder.com>	<536BB8B1.4040808@msapiro.net>	<536D1482.5000006@greenbuilder.com>	<536D1DA2.3050609@msapiro.net>	<536D28B9.3060209@greenbuilder.com>	<536D3840.8030207@msapiro.net>	<CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>	<53729870.8070608@msapiro.net>
 <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
Message-ID: <53738D53.9030307@msapiro.net>

On 05/14/2014 08:20 AM, Bill Christensen wrote:
> Thanks.
> 
> Running the patch I got:
> 
> patching file /path/to/mailman/Mailman/Cgi/subscribe.py
> patch unexpectedly ends in middle of line
> Hunk #1 succeeded at 53 with fuzz 1 (offset -1 lines).
> 
> (with the actual path in there)


The patch got munged in editing, but that may or may not be an issue.


> When trying to run a subscription I got the "We hit a bug" error.
> 
> Error log says (among other stuff):
> 
> admin(12818):   File "/opt/local/share/mailman/Mailman/Cgi/subscribe.py",
> line 56
>       if listname = 'problem_list':
>                   ^
>   SyntaxError: invalid syntax
> 
> where 'problem_list' had been replaced by the actual list name.


Sorry, that's my mistake. It should be

    if listname == 'problem_list':

i.e., ==, not =.


> Comparing subscribe.py with subscribe.py.bak, it appears that it's in there
> as written.


Then whatever the "patch unexpectedly ends in middle of line" issue was,
the result is probably OK. Just change the = to == and it should be OK.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gaa at ulticom.com  Wed May 14 18:26:48 2014
From: gaa at ulticom.com (Gary Algier)
Date: Wed, 14 May 2014 12:26:48 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
Message-ID: <53739948.8050608@ulticom.com>

Hello,

I have been following the discussion of the DMARC issues and Mailman's 
attempts to live with it.  I was wondering if anyone has an "Executive 
Summary" of the DMARC issue in a general sense.

The information on the wiki talks about the impact on Mailman, but I need a 
generic explanation that can be presented to our CFO.  Our management wants to 
move our email from an in-house Exchange environment (with Mailman on the side 
for mailing lists) to a totally MS365 solution.  We have been told that 
everything we do with Mailman can be done with Exchange distribution lists, 
etc.  I know all the reasons this is really a poor statement, but distribution 
lists have the same DMARC problem.

I created a test distribution list here.  I created local contacts that 
forward to my personal gmail.com and icloud.com addresses.  I added these and 
my work address to the list.  Email from gmail and icloud works fine, however 
the author address ("From:") carries the original address. When I sent an 
email from my yahoo.com account, it was not delivered to gmail.  I never saw a 
bounce, though, so I don't know who, if anyone, gets notified.

I am hoping that I can make this issue plain at an executive level so we can 
get them to stay with a Mailman solution as we "go to the cloud".

Of course if someone says that the current MS365 implementation has addressed 
this, then that's a different (unfortunate) story.

-- 
Gary Algier, WB2FWZ            gaa at ulticom.com             +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054     Fax:+1 856 866 2033

Nielsen's First Law of Computer Manuals:
     People don't read documentation voluntarily.

From billc_lists at greenbuilder.com  Wed May 14 19:42:41 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Wed, 14 May 2014 12:42:41 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <53738D53.9030307@msapiro.net>
References: <536BB152.10007@greenbuilder.com>	<536BB8B1.4040808@msapiro.net>	<536D1482.5000006@greenbuilder.com>	<536D1DA2.3050609@msapiro.net>	<536D28B9.3060209@greenbuilder.com>	<536D3840.8030207@msapiro.net>	<CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>	<53729870.8070608@msapiro.net>
 <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
 <53738D53.9030307@msapiro.net>
Message-ID: <5373AB11.4070808@greenbuilder.com>

On 5/14/14 10:35 AM, Mark Sapiro wrote:

> Sorry, that's my mistake. It should be if listname == 'problem_list': 
> i.e., ==, not =.
>> Comparing subscribe.py with subscribe.py.bak, it appears that it's in there
>> as written.
I was wondering about that.

Thanks.  Now the problem_list is disallowed from web subscriptions and 
the other lists are allowed and working properly.

The problem_list gets "we hit a bug", but since I've taken the 
subscription form off the listinfo page the only ones who will get that 
are the spammers.



From stephen at xemacs.org  Wed May 14 21:49:35 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 15 May 2014 04:49:35 +0900
Subject: [Mailman-Users]  Executive summary of DMARC issues
In-Reply-To: <53739948.8050608@ulticom.com>
References: <53739948.8050608@ulticom.com>
Message-ID: <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp>

Gary Algier writes:

 > I have been following the discussion of the DMARC issues and Mailman's 
 > attempts to live with it.  I was wondering if anyone has an "Executive 
 > Summary" of the DMARC issue in a general sense.

How about the following:

DMARC is a set of protocols for Internet mail that are used to by
participating hosts to exchange information about mail traffic.  This
information is primarily useful for fighting email fraud, including
spam and phishing.  The basic procedure is that recipient hosts which
participate in the protocol check whether the apparent sending domain
(the domain that appears in the address in "From" header field)
participates, using a query to the DNS defined by the DMARC protocol.
If so, the recipient host will send to that domain some information
about mail which purports to be from the sending host, but fails to
validate.

The validation refers specifically to, and only to, the domain in the
"From" header field.  The DMARC protocol itself does not validate the
mailbox (user), although some originating hosts may do so.  Nor can it
guarantee that the user's account hasn't been used fraudulently.

For participants in the DMARC protocol, valid mail provides a strong
guarantee that the domain of the address in the "From" header field
is authentic, with some strong restrictions required to ensure success
of validation.  These restrictions include:

(1) When authentic mail is delivered directly from the sending host to
    the recipient, validation will succeed.

(2) When authentic mail is forwarded verbatim by all intervening
    Internet hosts (including mailing lists and user mailbox
    forwarding), validation will succeed.

Authentic mail may fail to validate in many common circumstances,
where a forwarding host alters certain headers or any part of the body
of the message.  This may occur for forwarding hosts which add
advertisements to the footer or the like, or if a forwarding host
reformats the body (it shouldn't do that, but some do).  There are
also restrictions on some parts of the mail.  For example, the "From"
header field must contain exactly one address (multiple author
addresses are permitted by the mail standards and are occasionally
useful, though rarely seen nowadays).

Failure to validate is also frequent on mailing lists.  Common
transformations that *will* cause mail distributed by a mailing list
to fail validation include (but are not limited to)

- Adding a list tag or sequence number to the Subject header field.

- Adding a footer, typically containing unsubscribe information for
  public discussion lists or legal disclaimers for corporate lists.

- Removal of banned content, such as executable file attachments or
  excessively large attachments.

Because many common practices with Internet mail can cause authentic
mail to fail DMARC validation, although mail which successfully
validates may be trusted to be from the domain in the address in the
"From" field, failure to validate in general *does not* imply lack of
authenticity.

Under some circumstances, a sending domain may be willing to severely
restrict its users' use of their addresses.  For example, they may not
be allowed to post to mailing lists, and recipients may be advised to
*always* keep their addresses updated to the domain where they
actually read their mail.  This is common practice with banks and
other financial institutions.  Such organizations can be reasonably
sure that mail which fails to validate is "fraudulent" (although the
intent may be merely mischievious rather than truly felonious).  They
may take advantage of a further feature of the DMARC protocol, the
"policy", which is the action that the sending domain suggests that
recipients take with mail that appears to be from that domain but
fails validation.

The normal policy is "none", that is, the recipient should deliver the
mail as though the apparent sending domain did not participate in
DMARC.  (Of course, if the mail fails spam or virus checks, it would
be quarantined or discarded as usual.)  The second level is
"quarantine", which means that the mail should not be delivered
directly to the user's mailbox in the ordinary way, for fear of
fraudulent use of the sending address (typically phishing).  The third
level is "reject", which means that the sender recommends that the
mail not be delivered at all, to completely prevent fraudulent misuse
of their domain.

Unfortunately, unless the sending domain has truly draconian policies
about the use of addresses in that domain, use of "quarantine" or
"reject" makes it virtually certain that some authentic mail will not
be read in a timely fashion or (in the case of "reject") never
delivered at all.

The "reject" policy may also result in denial of services to third
parties (one common case is having delivery disabled from a mailing
list, or even being unsubscribed), due to rejected mail being
"bounced" back to the forwarding host.  At present we know of *no*
hosts which distinguish DMARC bounces from other delivery failures.
Therefore they are treated as a permanent delivery failure to the
recipient due to problems at the recipient's host, rather than due to
a policy of the sender.  As a consequence, those unrelated recipients
may be dropped from distribution lists.

Editorial comments:

In some cases (where the mail validates according the DKIM, one of the
protocols used in DMARC validation), the mail can be trusted not to
have been altered in any way by a "man in the middle".

It is entirely up to the recipient whether to honor the published
policy or not.  (GMail, for example, does not -- it treats the policy
as advisory and makes case by case decisions, allowing most list mail
to be delivered despite failing DMARC validation.)  However, because
the original use of policy was envisioned to be banks vulnerable to
phishing (not large freemail providers incapable of protecting their
users' address books), most recipients do honor the policy published
by sending domains.

The action of Yahoo! and AOL in publishing policies of "reject"
basically amounts to deciding that they do not care if their users'
mail can be reliably delivered.  Nevertheless, Mailman is committed to
providing mitigation options for mailing list owners that improve the
reliability of mail delivery for posters from those domains, and
protect other subscribers from the (unintentional) denial of service
attacks being conducted by Yahoo! and AOL.

I believe the word "attack" is justified because Yahoo! and AOL are
now aware that their policies have the effect of denying service to
third parties (even if not intended by them), but they continue to
implement them.  It seems likely to me that as mailing lists and
others implement workarounds that bypass DMARC validation, these
workarounds will be mimicked by spam and phishing mails to bypass
DMARC validation, and in response AOL and Yahoo! will take further
action detrimental to the reliability of everyone's mail service, not
just their own users'.

 > Of course if someone says that the current MS365 implementation has
 > addressed this, then that's a different (unfortunate) story.

Seems unlikely to me (this isn't a new variant of a traditional
problem to be addressed by database updates like virus checking),
although they probably will roll out something within a couple months
(counting from April 22).  Nevertheless I doubt it will be as flexible
as Mailman already is (and most likely will be tuned to protect
Hotmail users if Hotmail should decide to use the "reject" policy).

 > Nielsen's First Law of Computer Manuals:
 >      People don't read documentation voluntarily.

How (sadly) apropos!

HTH

Steve

From bsfinkel at att.net  Wed May 14 22:24:32 2014
From: bsfinkel at att.net (Barry S. Finkel)
Date: Wed, 14 May 2014 15:24:32 -0500
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53739948.8050608@ulticom.com>
 <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5373D100.3000601@att.net>

On 5/14/2014 2:49 PM, Stephen J. Turnbull wrote:
> Gary Algier writes:
>
>   > I have been following the discussion of the DMARC issues and Mailman's
>   > attempts to live with it.  I was wondering if anyone has an "Executive
>   > Summary" of the DMARC issue in a general sense.
>
> How about the following:
>
> DMARC is a set of protocols for Internet mail that are used to by
> participating hosts to exchange information about mail traffic.  This
> information is primarily useful for fighting email fraud, including
> spam and phishing.  The basic procedure is that recipient hosts which
> participate in the protocol check whether the apparent sending domain
> (the domain that appears in the address in "From" header field)
> participates, using a query to the DNS defined by the DMARC protocol.
> If so, the recipient host will send to that domain some information
> about mail which purports to be from the sending host, but fails to
> validate.
>
> The validation refers specifically to, and only to, the domain in the
> "From" header field.  The DMARC protocol itself does not validate the
> mailbox (user), although some originating hosts may do so.  Nor can it
> guarantee that the user's account hasn't been used fraudulently.
>
> For participants in the DMARC protocol, valid mail provides a strong
> guarantee that the domain of the address in the "From" header field
> is authentic, with some strong restrictions required to ensure success
> of validation.  These restrictions include:
>
> (1) When authentic mail is delivered directly from the sending host to
>      the recipient, validation will succeed.
>
> (2) When authentic mail is forwarded verbatim by all intervening
>      Internet hosts (including mailing lists and user mailbox
>      forwarding), validation will succeed.
>
> Authentic mail may fail to validate in many common circumstances,
> where a forwarding host alters certain headers or any part of the body
> of the message.  This may occur for forwarding hosts which add
> advertisements to the footer or the like, or if a forwarding host
> reformats the body (it shouldn't do that, but some do).  There are
> also restrictions on some parts of the mail.  For example, the "From"
> header field must contain exactly one address (multiple author
> addresses are permitted by the mail standards and are occasionally
> useful, though rarely seen nowadays).
>
> Failure to validate is also frequent on mailing lists.  Common
> transformations that *will* cause mail distributed by a mailing list
> to fail validation include (but are not limited to)
>
> - Adding a list tag or sequence number to the Subject header field.
>
> - Adding a footer, typically containing unsubscribe information for
>    public discussion lists or legal disclaimers for corporate lists.
>
> - Removal of banned content, such as executable file attachments or
>    excessively large attachments.
>
> Because many common practices with Internet mail can cause authentic
> mail to fail DMARC validation, although mail which successfully
> validates may be trusted to be from the domain in the address in the
> "From" field, failure to validate in general *does not* imply lack of
> authenticity.
>
> Under some circumstances, a sending domain may be willing to severely
> restrict its users' use of their addresses.  For example, they may not
> be allowed to post to mailing lists, and recipients may be advised to
> *always* keep their addresses updated to the domain where they
> actually read their mail.  This is common practice with banks and
> other financial institutions.  Such organizations can be reasonably
> sure that mail which fails to validate is "fraudulent" (although the
> intent may be merely mischievious rather than truly felonious).  They
> may take advantage of a further feature of the DMARC protocol, the
> "policy", which is the action that the sending domain suggests that
> recipients take with mail that appears to be from that domain but
> fails validation.
>
> The normal policy is "none", that is, the recipient should deliver the
> mail as though the apparent sending domain did not participate in
> DMARC.  (Of course, if the mail fails spam or virus checks, it would
> be quarantined or discarded as usual.)  The second level is
> "quarantine", which means that the mail should not be delivered
> directly to the user's mailbox in the ordinary way, for fear of
> fraudulent use of the sending address (typically phishing).  The third
> level is "reject", which means that the sender recommends that the
> mail not be delivered at all, to completely prevent fraudulent misuse
> of their domain.
>
> Unfortunately, unless the sending domain has truly draconian policies
> about the use of addresses in that domain, use of "quarantine" or
> "reject" makes it virtually certain that some authentic mail will not
> be read in a timely fashion or (in the case of "reject") never
> delivered at all.
>
> The "reject" policy may also result in denial of services to third
> parties (one common case is having delivery disabled from a mailing
> list, or even being unsubscribed), due to rejected mail being
> "bounced" back to the forwarding host.  At present we know of *no*
> hosts which distinguish DMARC bounces from other delivery failures.
> Therefore they are treated as a permanent delivery failure to the
> recipient due to problems at the recipient's host, rather than due to
> a policy of the sender.  As a consequence, those unrelated recipients
> may be dropped from distribution lists.
>
> Editorial comments:
>
> In some cases (where the mail validates according the DKIM, one of the
> protocols used in DMARC validation), the mail can be trusted not to
> have been altered in any way by a "man in the middle".
>
> It is entirely up to the recipient whether to honor the published
> policy or not.  (GMail, for example, does not -- it treats the policy
> as advisory and makes case by case decisions, allowing most list mail
> to be delivered despite failing DMARC validation.)  However, because
> the original use of policy was envisioned to be banks vulnerable to
> phishing (not large freemail providers incapable of protecting their
> users' address books), most recipients do honor the policy published
> by sending domains.
>
> The action of Yahoo! and AOL in publishing policies of "reject"
> basically amounts to deciding that they do not care if their users'
> mail can be reliably delivered.  Nevertheless, Mailman is committed to
> providing mitigation options for mailing list owners that improve the
> reliability of mail delivery for posters from those domains, and
> protect other subscribers from the (unintentional) denial of service
> attacks being conducted by Yahoo! and AOL.
>
> I believe the word "attack" is justified because Yahoo! and AOL are
> now aware that their policies have the effect of denying service to
> third parties (even if not intended by them), but they continue to
> implement them.  It seems likely to me that as mailing lists and
> others implement workarounds that bypass DMARC validation, these
> workarounds will be mimicked by spam and phishing mails to bypass
> DMARC validation, and in response AOL and Yahoo! will take further
> action detrimental to the reliability of everyone's mail service, not
> just their own users'.
>
>   > Of course if someone says that the current MS365 implementation has
>   > addressed this, then that's a different (unfortunate) story.
>
> Seems unlikely to me (this isn't a new variant of a traditional
> problem to be addressed by database updates like virus checking),
> although they probably will roll out something within a couple months
> (counting from April 22).  Nevertheless I doubt it will be as flexible
> as Mailman already is (and most likely will be tuned to protect
> Hotmail users if Hotmail should decide to use the "reject" policy).
>
>   > Nielsen's First Law of Computer Manuals:
>   >      People don't read documentation voluntarily.
>
> How (sadly) apropos!
>
> HTH
>
> Steve

Is this also true?

Users from DMARC-reject domains send mail to mailing lists, and the
resulting mail from the mailing list is rejected.  Enough rejections
can cause the mailing list possibly to be blacklisted for sending lots
of "spam" mail.

--Barry Finkel


From finches at portadmiral.org  Wed May 14 22:33:27 2014
From: finches at portadmiral.org (Larry Finch)
Date: Wed, 14 May 2014 16:33:27 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5373D100.3000601@att.net>
References: <53739948.8050608@ulticom.com>
 <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp> <5373D100.3000601@att.net>
Message-ID: <C52CC9AF-0F24-4B62-9D69-F2C250E8307B@portadmiral.org>


On May 14, 2014, at 4:24 PM, Barry S. Finkel <bsfinkel at att.net> wrote:

> 
> Is this also true?
> 
> Users from DMARC-reject domains send mail to mailing lists, and the
> resulting mail from the mailing list is rejected.  Enough rejections
> can cause the mailing list possibly to be blacklisted for sending lots
> of "spam" mail.
> 

I would expect it to be true, however I cannot confirm as I have set all AOL and Yahoo accounts to moderated so the problem doesn?t arise. We then resend the message as a forward from one of the moderators. And suggest (strongly) that the user switch from AOL or Yahoo to a list-friendly email provider.

best regards,
Larry

Note: We do not currently use mailman. We use listserv, but are considering switching.

--
Larry Finch
finches at portadmiral.org




From heller at deepsoft.com  Wed May 14 22:59:57 2014
From: heller at deepsoft.com (Robert Heller)
Date: Wed, 14 May 2014 16:59:57 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5373D100.3000601@att.net>
References: <53739948.8050608@ulticom.com> 
 <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp> <5373D100.3000601@att.net>
Message-ID: <201405142059.s4EKxv4K019437@sharky2.deepsoft.com>

At Wed, 14 May 2014 15:24:32 -0500 "Barry S. Finkel" <bsfinkel at att.net> wrote:

> 
> On 5/14/2014 2:49 PM, Stephen J. Turnbull wrote:
> > Gary Algier writes:
> >
> >   > I have been following the discussion of the DMARC issues and Mailman's
> >   > attempts to live with it.  I was wondering if anyone has an "Executive
> >   > Summary" of the DMARC issue in a general sense.
> >
> > How about the following:
> >
> > DMARC is a set of protocols for Internet mail that are used to by
> > participating hosts to exchange information about mail traffic.  This
> > information is primarily useful for fighting email fraud, including
> > spam and phishing.  The basic procedure is that recipient hosts which
> > participate in the protocol check whether the apparent sending domain
> > (the domain that appears in the address in "From" header field)
> > participates, using a query to the DNS defined by the DMARC protocol.
> > If so, the recipient host will send to that domain some information
> > about mail which purports to be from the sending host, but fails to
> > validate.
> >
> > The validation refers specifically to, and only to, the domain in the
> > "From" header field.  The DMARC protocol itself does not validate the
> > mailbox (user), although some originating hosts may do so.  Nor can it
> > guarantee that the user's account hasn't been used fraudulently.
> >
> > For participants in the DMARC protocol, valid mail provides a strong
> > guarantee that the domain of the address in the "From" header field
> > is authentic, with some strong restrictions required to ensure success
> > of validation.  These restrictions include:
> >
> > (1) When authentic mail is delivered directly from the sending host to
> >      the recipient, validation will succeed.
> >
> > (2) When authentic mail is forwarded verbatim by all intervening
> >      Internet hosts (including mailing lists and user mailbox
> >      forwarding), validation will succeed.
> >
> > Authentic mail may fail to validate in many common circumstances,
> > where a forwarding host alters certain headers or any part of the body
> > of the message.  This may occur for forwarding hosts which add
> > advertisements to the footer or the like, or if a forwarding host
> > reformats the body (it shouldn't do that, but some do).  There are
> > also restrictions on some parts of the mail.  For example, the "From"
> > header field must contain exactly one address (multiple author
> > addresses are permitted by the mail standards and are occasionally
> > useful, though rarely seen nowadays).
> >
> > Failure to validate is also frequent on mailing lists.  Common
> > transformations that *will* cause mail distributed by a mailing list
> > to fail validation include (but are not limited to)
> >
> > - Adding a list tag or sequence number to the Subject header field.
> >
> > - Adding a footer, typically containing unsubscribe information for
> >    public discussion lists or legal disclaimers for corporate lists.
> >
> > - Removal of banned content, such as executable file attachments or
> >    excessively large attachments.
> >
> > Because many common practices with Internet mail can cause authentic
> > mail to fail DMARC validation, although mail which successfully
> > validates may be trusted to be from the domain in the address in the
> > "From" field, failure to validate in general *does not* imply lack of
> > authenticity.
> >
> > Under some circumstances, a sending domain may be willing to severely
> > restrict its users' use of their addresses.  For example, they may not
> > be allowed to post to mailing lists, and recipients may be advised to
> > *always* keep their addresses updated to the domain where they
> > actually read their mail.  This is common practice with banks and
> > other financial institutions.  Such organizations can be reasonably
> > sure that mail which fails to validate is "fraudulent" (although the
> > intent may be merely mischievious rather than truly felonious).  They
> > may take advantage of a further feature of the DMARC protocol, the
> > "policy", which is the action that the sending domain suggests that
> > recipients take with mail that appears to be from that domain but
> > fails validation.
> >
> > The normal policy is "none", that is, the recipient should deliver the
> > mail as though the apparent sending domain did not participate in
> > DMARC.  (Of course, if the mail fails spam or virus checks, it would
> > be quarantined or discarded as usual.)  The second level is
> > "quarantine", which means that the mail should not be delivered
> > directly to the user's mailbox in the ordinary way, for fear of
> > fraudulent use of the sending address (typically phishing).  The third
> > level is "reject", which means that the sender recommends that the
> > mail not be delivered at all, to completely prevent fraudulent misuse
> > of their domain.
> >
> > Unfortunately, unless the sending domain has truly draconian policies
> > about the use of addresses in that domain, use of "quarantine" or
> > "reject" makes it virtually certain that some authentic mail will not
> > be read in a timely fashion or (in the case of "reject") never
> > delivered at all.
> >
> > The "reject" policy may also result in denial of services to third
> > parties (one common case is having delivery disabled from a mailing
> > list, or even being unsubscribed), due to rejected mail being
> > "bounced" back to the forwarding host.  At present we know of *no*
> > hosts which distinguish DMARC bounces from other delivery failures.
> > Therefore they are treated as a permanent delivery failure to the
> > recipient due to problems at the recipient's host, rather than due to
> > a policy of the sender.  As a consequence, those unrelated recipients
> > may be dropped from distribution lists.
> >
> > Editorial comments:
> >
> > In some cases (where the mail validates according the DKIM, one of the
> > protocols used in DMARC validation), the mail can be trusted not to
> > have been altered in any way by a "man in the middle".
> >
> > It is entirely up to the recipient whether to honor the published
> > policy or not.  (GMail, for example, does not -- it treats the policy
> > as advisory and makes case by case decisions, allowing most list mail
> > to be delivered despite failing DMARC validation.)  However, because
> > the original use of policy was envisioned to be banks vulnerable to
> > phishing (not large freemail providers incapable of protecting their
> > users' address books), most recipients do honor the policy published
> > by sending domains.
> >
> > The action of Yahoo! and AOL in publishing policies of "reject"
> > basically amounts to deciding that they do not care if their users'
> > mail can be reliably delivered.  Nevertheless, Mailman is committed to
> > providing mitigation options for mailing list owners that improve the
> > reliability of mail delivery for posters from those domains, and
> > protect other subscribers from the (unintentional) denial of service
> > attacks being conducted by Yahoo! and AOL.
> >
> > I believe the word "attack" is justified because Yahoo! and AOL are
> > now aware that their policies have the effect of denying service to
> > third parties (even if not intended by them), but they continue to
> > implement them.  It seems likely to me that as mailing lists and
> > others implement workarounds that bypass DMARC validation, these
> > workarounds will be mimicked by spam and phishing mails to bypass
> > DMARC validation, and in response AOL and Yahoo! will take further
> > action detrimental to the reliability of everyone's mail service, not
> > just their own users'.
> >
> >   > Of course if someone says that the current MS365 implementation has
> >   > addressed this, then that's a different (unfortunate) story.
> >
> > Seems unlikely to me (this isn't a new variant of a traditional
> > problem to be addressed by database updates like virus checking),
> > although they probably will roll out something within a couple months
> > (counting from April 22).  Nevertheless I doubt it will be as flexible
> > as Mailman already is (and most likely will be tuned to protect
> > Hotmail users if Hotmail should decide to use the "reject" policy).
> >
> >   > Nielsen's First Law of Computer Manuals:
> >   >      People don't read documentation voluntarily.
> >
> > How (sadly) apropos!
> >
> > HTH
> >
> > Steve
> 
> Is this also true?
> 
> Users from DMARC-reject domains send mail to mailing lists, and the
> resulting mail from the mailing list is rejected.  Enough rejections
> can cause the mailing list possibly to be blacklisted for sending lots
> of "spam" mail.

Mailman treats the DMARC-reject messages as typical mail delivery failure
bounces. After enough of them, Mailman disables the receiver's subscription
(stops trying to send that member's e-mail address). Typically, the disabling
threshold is less than the spam blacklisting threshold. Unless the list admin
keeps 'blindly' reseting the bounce flag (or otherwise forces Mailman to keep
delivering mail to problem addresses), the list is not likely to blacklisted.
But in any case, yes, the domains which strickly enforce DMARC policys of
'reject' have effectively created a denial-of-service attack on the list. It 
is in essence a mis-use of the DMARC standard.

> 
> --Barry Finkel
> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                                                                                                                 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


            

From pshute at nuw.org.au  Thu May 15 00:28:57 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Thu, 15 May 2014 08:28:57 +1000
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <53739948.8050608@ulticom.com>
References: <53739948.8050608@ulticom.com>
Message-ID: <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>

Gary Algier wrote:

> I created a test distribution list here.  I created local 
> contacts that forward to my personal gmail.com and icloud.com 
> addresses.  I added these and my work address to the list.  
> Email from gmail and icloud works fine, however the author 
> address ("From:") carries the original address. When I sent 
> an email from my yahoo.com account, it was not delivered to 
> gmail.  I never saw a bounce, though, so I don't know who, if 
> anyone, gets notified.
> 
> I am hoping that I can make this issue plain at an executive 
> level so we can get them to stay with a Mailman solution as 
> we "go to the cloud".
> 
> Of course if someone says that the current MS365 
> implementation has addressed this, then that's a different 
> (unfortunate) story.

When MS365 forwards the mails sent to the distribution list, should that make the DMARC authentication fail? I thought that only happened if you made changes like adding a prefix to the subject line like Mailman does.

Peter Shute

From Jan at Bytesmiths.com  Thu May 15 01:23:27 2014
From: Jan at Bytesmiths.com (Jan Steinman)
Date: Wed, 14 May 2014 16:23:27 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <mailman.53271.1399568575.18129.mailman-users@python.org>
References: <mailman.53271.1399568575.18129.mailman-users@python.org>
Message-ID: <8BA6C691-B295-412D-B172-95CBF5A52F3E@Bytesmiths.com>

> I've got a problem with one of my lists where it's being flooded with spurious subscription requests... from the same address...

Perhaps obvious, and perhaps in the FAQ Mark linked, but this sounds like a job for ipfw to me.

I regularly get spambot subscription requests, and they go right in the firewall. (For example: "ipfw add deny tcp from 1.2.3.4 to any". You could add port 25, but I figure if they are so lax to allow email list spambots, I don't need to listen to them at all.)

Generally, they're from countries I could care less about, but if they come from someplace "civilized," I may let their abuse address know. (Found via "whois 1.2.3.4", for example.)

:::: Half a man's wisdom goes with his courage. -- Ralph Waldo Emerson
:::: Jan Steinman, EcoReality Co-op ::::


From Jan at Bytesmiths.com  Thu May 15 01:26:12 2014
From: Jan at Bytesmiths.com (Jan Steinman)
Date: Wed, 14 May 2014 16:26:12 -0700
Subject: [Mailman-Users] Virtual Mailman broke!
In-Reply-To: <mailman.53083.1399503124.18129.mailman-users@python.org>
References: <mailman.53083.1399503124.18129.mailman-users@python.org>
Message-ID: <D28D7613-FD69-4507-9FC2-5890769F0BAC@Bytesmiths.com>

I'm using the Mailman and postfix that came bundled with MacOS X 10.6 (Snow Leopard) on a Mac Mini Server.

I have problems adding new lists using the web interface. It's been a problem forever, but I've forgotten the magic fixes to magic files that I've done in the past to correct it.

I have a number of small non-profits that I host websites for, and each has one or more Mailman lists. I run my own DNS and MTA using the domain "bytesmiths.com". All these virtual domain lists were working, until I added a new list to one of them. It failed to accept the new mailman list address after adding the new list through the Mailman web interface.

So then I started poking around, and noticed the new list did not appear like other functioning lists in /var/mailman/data files. I carefully added the new list by editing "aliases" and "virtual-mailman" files that warned ominously "do not edit!" and ran newaliases(1). I verified that the .db files are newer than the edited text files.

Well, now NONE of my virtual domains work any more. They fail by redirecting to the base domain. For example, mail to new list "glarp at VirtualDomain.org" -- previously working -- fails with a bounce that "glarp at bytesmiths.com" doesn't exist.

Rather than deluge you with config files and error logs, I thought I'd post the symptoms first, to see if anyone could point me in the right direction, or could request specific config/log info.

My gratis "customers" are being very understanding, given the vast amounts they are paying me, but needless to say, I'd like to get them back up ASAP!

Does anyone know what's going on, and how to fix it? What additional information can I provide?

Thanks in advance for any advice offered!

:::: No, Plaintiffs to not have a fundamental right to own and use a dairy cow or a dairy herd... No, Plaintiffs do not have a fundamental right to consume the milk from their own cow... No, Plaintiffs do not have a fundamental right to produce and consume the foods of their choice... -- Patrick J. Fiedler
:::: Jan Steinman, EcoReality Co-op ::::


From mark at msapiro.net  Thu May 15 01:52:46 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 May 2014 16:52:46 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <5373AB11.4070808@greenbuilder.com>
References: <536BB152.10007@greenbuilder.com>	<536BB8B1.4040808@msapiro.net>	<536D1482.5000006@greenbuilder.com>	<536D1DA2.3050609@msapiro.net>	<536D28B9.3060209@greenbuilder.com>	<536D3840.8030207@msapiro.net>	<CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>	<53729870.8070608@msapiro.net>
 <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
 <53738D53.9030307@msapiro.net> <5373AB11.4070808@greenbuilder.com>
Message-ID: <537401CE.7010406@msapiro.net>

On 05/14/2014 10:42 AM, Bill Christensen wrote:
> 
> The problem_list gets "we hit a bug", but since I've taken the
> subscription form off the listinfo page the only ones who will get that
> are the spammers.


It shouldn't get that. There is still something wrong with the patch or
its application. If you post the traceback from the error, I'll see what
it is.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May 15 02:20:34 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 May 2014 17:20:34 -0700
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5373D100.3000601@att.net>
References: <53739948.8050608@ulticom.com>
 <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp> <5373D100.3000601@att.net>
Message-ID: <53740852.8040901@msapiro.net>

On 05/14/2014 01:24 PM, Barry S. Finkel wrote:
> 
> Is this also true?
> 
> Users from DMARC-reject domains send mail to mailing lists, and the
> resulting mail from the mailing list is rejected.  Enough rejections
> can cause the mailing list possibly to be blacklisted for sending lots
> of "spam" mail.


We don't know, and can't know until Mailman servers start getting
blacklisted for this reason.

Actually, From: domains can request reports even if DMARC p=none. It is
unclear what might be done with these reports, but given what some
domains have done with DMARC already, I for one would not be surprised
if this information was used to color the reputation of the sending server.

Note that currently, Yahoo.com only requests aggregate reports which *I
think* do not identify the sending server, but AOL.com requests failure
reports as well which are intended to identify servers and actual senders.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From cgtyoder at alum.mit.edu  Thu May 15 03:50:00 2014
From: cgtyoder at alum.mit.edu (Conrad G T Yoder)
Date: Wed, 14 May 2014 21:50:00 -0400
Subject: [Mailman-Users] Dealing with rate limiting from Roadrunner/Time
	Warner
Message-ID: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>

Has anyone had to deal with bounces due to rate limiting from Roadrunner/Time Warner?

http://postmaster.rr.com/spam#ratelimit

If so, what did you do to resolve the problem?  (That is, if things ?got resolved.?)

My hosting provider, DreamHost, continues to assert this is my problem and not theirs.  I of course do not have control of the Mailman installation and/or the server.

-Conrad

--
Is there a suspect in your family? Contact the Ministry of Information. Ring  100 00 00.


From billc_lists at greenbuilder.com  Thu May 15 04:58:48 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Wed, 14 May 2014 21:58:48 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <537401CE.7010406@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
 <53729870.8070608@msapiro.net>
 <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
 <53738D53.9030307@msapiro.net> <5373AB11.4070808@greenbuilder.com>
 <537401CE.7010406@msapiro.net>
Message-ID: <CAP_TYZRsUDZNXFj9V-fQbEtBATsST-CNEP4JG6zG=UKU3zNxqg@mail.gmail.com>

Here you go:

admin(38814): [----- Traceback ------]
admin(38814): Traceback (most recent call last):
admin(38814):   File "/opt/local/share/mailman/
scripts/driver", line 112, in run_main
admin(38814):     main()
admin(38814):   File "/opt/local/share/mailman/Mailman/Cgi/subscribe.py",
line 63, in main
admin(38814):     syslog('vette', 'subscribe: Forbidden list "%s": %s\n',
listname, e)
admin(38814): UnboundLocalError: local variable 'e' referenced before
assignment
admin(38814): [----- Python Information -----]

(sorry, accidentally hit "reply" instead of "reply list")


On Wed, May 14, 2014 at 6:52 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/14/2014 10:42 AM, Bill Christensen wrote:
> >
> > The problem_list gets "we hit a bug", but since I've taken the
> > subscription form off the listinfo page the only ones who will get that
> > are the spammers.
>
>
> It shouldn't get that. There is still something wrong with the patch or
> its application. If you post the traceback from the error, I'll see what
> it is.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
>

From billc_lists at greenbuilder.com  Thu May 15 05:13:30 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Wed, 14 May 2014 22:13:30 -0500
Subject: [Mailman-Users] Virtual Mailman broke!
In-Reply-To: <D28D7613-FD69-4507-9FC2-5890769F0BAC@Bytesmiths.com>
References: <mailman.53083.1399503124.18129.mailman-users@python.org>
 <D28D7613-FD69-4507-9FC2-5890769F0BAC@Bytesmiths.com>
Message-ID: <CAP_TYZT51fNtSU4F0f6UeKfHSfRH5K5roCK_=zQZ=Z5boC6a4A@mail.gmail.com>

Do you have the virtual domains listed at the end of
../mailman/mailman/mm_cfg.py  ?

Something like:

DEFAULT_EMAIL_HOST = '103.greenbuilder.com'
DEFAULT_URL_HOST = '103.greenbuilder.com'
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
add_virtualhost('builderswithoutborders.org','builderswithoutborders.org')

That should take the bytesmith domain out of the mix.


On Wed, May 14, 2014 at 6:26 PM, Jan Steinman <Jan at bytesmiths.com> wrote:

> I'm using the Mailman and postfix that came bundled with MacOS X 10.6
> (Snow Leopard) on a Mac Mini Server.
>
> I have problems adding new lists using the web interface. It's been a
> problem forever, but I've forgotten the magic fixes to magic files that
> I've done in the past to correct it.
>
> I have a number of small non-profits that I host websites for, and each
> has one or more Mailman lists. I run my own DNS and MTA using the domain "
> bytesmiths.com". All these virtual domain lists were working, until I
> added a new list to one of them. It failed to accept the new mailman list
> address after adding the new list through the Mailman web interface.
>
> So then I started poking around, and noticed the new list did not appear
> like other functioning lists in /var/mailman/data files. I carefully added
> the new list by editing "aliases" and "virtual-mailman" files that warned
> ominously "do not edit!" and ran newaliases(1). I verified that the .db
> files are newer than the edited text files.
>
> Well, now NONE of my virtual domains work any more. They fail by
> redirecting to the base domain. For example, mail to new list
> "glarp at VirtualDomain.org" -- previously working -- fails with a bounce
> that "glarp at bytesmiths.com" doesn't exist.
>
> Rather than deluge you with config files and error logs, I thought I'd
> post the symptoms first, to see if anyone could point me in the right
> direction, or could request specific config/log info.
>
> My gratis "customers" are being very understanding, given the vast amounts
> they are paying me, but needless to say, I'd like to get them back up ASAP!
>
> Does anyone know what's going on, and how to fix it? What additional
> information can I provide?
>
> Thanks in advance for any advice offered!
>
> :::: No, Plaintiffs to not have a fundamental right to own and use a dairy
> cow or a dairy herd... No, Plaintiffs do not have a fundamental right to
> consume the milk from their own cow... No, Plaintiffs do not have a
> fundamental right to produce and consume the foods of their choice... --
> Patrick J. Fiedler
> :::: Jan Steinman, EcoReality Co-op ::::
>
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
>

From stephen at xemacs.org  Thu May 15 05:35:24 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 15 May 2014 12:35:24 +0900
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5373D100.3000601@att.net>
References: <53739948.8050608@ulticom.com>
 <87egzwdttc.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5373D100.3000601@att.net>
Message-ID: <878uq3emtf.fsf@uwakimon.sk.tsukuba.ac.jp>

Barry S. Finkel writes:

 > Is this also true?
 > 
 > Users from DMARC-reject domains send mail to mailing lists, and the
 > resulting mail from the mailing list is rejected.  Enough
 > rejections can cause the mailing list possibly to be blacklisted
 > for sending lots of "spam" mail.

The rejections themselves will be received by the mailing list
(assuming RFC-conforming recipients), so I think this is unlikely in
theory.  I haven't heard of this happening, and Mark says he hasn't
either.

The failure notices received by DMARC senders are another matter.
These are not supposed to be used for blacklisting, but as we already
know, Yahoo! and AOL are desperate.  OTOH, they're already known to be
hostile to mailing lists; getting blacklisted by them is not news.  I
suppose we could worry that they would publish their blacklists to be
used by others, but it was pointed out to me by Murray Kucherawy that
MAPS was shut down by lawsuits, and it seems likely that a public
whitelist or blacklist would attract them too.

My estimate is that this is not something to worry about because it
will be mitigated by any of the options already implemented, and it's
not something to complain about because there's no evidence it
actually happens.  IMO, we need to avoid crying wolf; there are way
too many people (including a number of Mailman list operators) with a
vested interest in painting Yahoo! and AOL as well-intentioned but
overwhelmed by circumstances beyond their control.

Steve

From johnl at taugh.com  Thu May 15 05:39:20 2014
From: johnl at taugh.com (John Levine)
Date: 15 May 2014 03:39:20 -0000
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <53740852.8040901@msapiro.net>
Message-ID: <20140515033920.84588.qmail@joyce.lan>

>Actually, From: domains can request reports even if DMARC p=none. It is
>unclear what might be done with these reports, but given what some
>domains have done with DMARC already, I for one would not be surprised
>if this information was used to color the reputation of the sending server.
>
>Note that currently, Yahoo.com only requests aggregate reports which *I
>think* do not identify the sending server, but AOL.com requests failure
>reports as well which are intended to identify servers and actual senders.

I've been collecting DMARC aggregate reports for over two years and
have over 40,000 of them.  I use some scripts that decompress and
parse the reports and put the interesting bits into a mysql database.
I also have 22,000 failure reports (fewer providers send them.)

The aggregate reports do indeed identify the sending server and are
pretty interesting.  For some of the larger mail systems, it's clear
from the tags in the reports that they have a pretty good idea where
the mailing lists are, which makes me wonder why they don't use that
info to whitelist around the DMARC damage.  I don't see any evidence
that DMARC failures alone are likely to get a server blacklisted,
although I wouldn't be surprised if it were a factor along with user
complaints and spam filter statistics.

R's,
John

PS: The scripts are at http://www.taugh.com/rddmarc/ if you want to
play along on your own system.  You can (and should) collect DMARC
stats without publishing any DMARC policies.

From stephen at xemacs.org  Thu May 15 05:47:18 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 15 May 2014 12:47:18 +0900
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
References: <53739948.8050608@ulticom.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
Message-ID: <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > When MS365 forwards the mails sent to the distribution list, should
 > that make the DMARC authentication fail? I thought that only
 > happened if you made changes like adding a prefix to the subject
 > line like Mailman does.

If it forwards verbatim *and* the sending domain signs the mail with
DKIM (the common case), DMARC validation will succeed.  Without DKIM,
DMARC validation is guaranteed to fail.  However, even in the sender
uses DKIM, *any* change *whatsoever* to the body will cause validation
to fail, and there are several changes to the header that could cause
it to fail.  Furthermore, which parts of the header are protected by
the DKIM signature are determined by the sender, not by DMARC AFAIK.

If distribution lists are pure forwards, MS365 will be OK.  But I find
it hard to believe that that level of functionality is popular with
users -- there's a reason why all popular MLMs implement subject
prefixes, body headers and body footers, and it isn't "because it's
the Microsoft way".



From stephen at xemacs.org  Thu May 15 06:21:09 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 15 May 2014 13:21:09 +0900
Subject: [Mailman-Users] Dealing with rate limiting from
	Roadrunner/Time	Warner
In-Reply-To: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
References: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
Message-ID: <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>

Conrad G T Yoder writes:

 > Has anyone had to deal with bounces due to rate limiting from
 > Roadrunner/Time Warner?

Are these true bounces (ie, permanent delivery failures) or just the
temporary failures due to rate limiting, causing delays of many hours
or days in delivery?

 > http://postmaster.rr.com/spam#ratelimit
 > 
 > If so, what did you do to resolve the problem?  (That is, if things
 > ?got resolved.?)

Haven't had a problem (RR is on the list of "if you don't like losing
mail, don't do that" mailboxes for my lists).

 > My hosting provider, DreamHost, continues to assert this is my
 > problem and not theirs.

This may be partly true, if you are falling afoul of the "too many
recipients per message" limit.  In that case, if the option is
available, then you should set personalization on for lists will more
than a very few RR subscribers.  If not, see "full of" below.

 > I of course do not have control of the Mailman installation and/or
 > the server.

NightmareHost is full of s--t.  The fundamental problem is RR's
policy.  They implicitly say "we don't care if our users get their
mail,"[1] and they reserve the right to arbitrarily refuse delivery no
matter what you do.  That may be your problem, but there's nothing
you can do about it.

It's true that you *may* have a mitigation option in personalization,
but that is under control of NightmareHost.  If they do not permit you
to personalize, there's nothing under your control that you can do.
All the other mitigation strategies (whitelisting, feedback loop)
involve the participation of NightmareHost AFAICS, since RR rate
limits on the basis of IP, which is owned by NightmareHost, I assume,
and the limit on recipients per SMTP connection is in mm_cfg.py, which
is not under your control at all.

Does NightmareHost offer you any advice?  Or are they just saying "if
you don't like our service, find another one?"  I think "find another
one" is a great idea, personally.

Sorry I can't be more optimistic.


Footnotes: 
[1]  This is generally true of the big services.  They deliberately
accept the tradeoff of unreliable delivery of desired mail in return
for less spam.  They prefer not to spin it that way, but that's what
they do.


From mark at msapiro.net  Thu May 15 06:39:07 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 May 2014 21:39:07 -0700
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <CAP_TYZRsUDZNXFj9V-fQbEtBATsST-CNEP4JG6zG=UKU3zNxqg@mail.gmail.com>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
 <53729870.8070608@msapiro.net>
 <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
 <53738D53.9030307@msapiro.net> <5373AB11.4070808@greenbuilder.com>
 <537401CE.7010406@msapiro.net>
 <CAP_TYZRsUDZNXFj9V-fQbEtBATsST-CNEP4JG6zG=UKU3zNxqg@mail.gmail.com>
Message-ID: <537444EB.9040905@msapiro.net>

On 05/14/2014 07:58 PM, Bill Christensen wrote:
> Here you go:
> 
> admin(38814): [----- Traceback ------]
> admin(38814): Traceback (most recent call last):
> admin(38814):   File "/opt/local/share/mailman/
> scripts/driver", line 112, in run_main
> admin(38814):     main()
> admin(38814):   File "/opt/local/share/mailman/Mailman/Cgi/subscribe.py",
> line 63, in main
> admin(38814):     syslog('vette', 'subscribe: Forbidden list "%s": %s\n',
> listname, e)
> admin(38814): UnboundLocalError: local variable 'e' referenced before
> assignment
> admin(38814): [----- Python Information -----]
> 


My apologies again. The line

        syslog('vette', 'subscribe: Forbidden list "%s": %s\n', listname, e)

should be

        syslog('vette', 'subscribe: Forbidden list "%s"', listname)

Again, I apologize for posting an untested "so simple, how can it be
wrong" patch. sorry for the confusion.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From billc_lists at greenbuilder.com  Thu May 15 07:20:50 2014
From: billc_lists at greenbuilder.com (Bill Christensen)
Date: Thu, 15 May 2014 00:20:50 -0500
Subject: [Mailman-Users] Subscription flood
In-Reply-To: <537444EB.9040905@msapiro.net>
References: <536BB152.10007@greenbuilder.com> <536BB8B1.4040808@msapiro.net>
 <536D1482.5000006@greenbuilder.com> <536D1DA2.3050609@msapiro.net>
 <536D28B9.3060209@greenbuilder.com> <536D3840.8030207@msapiro.net>
 <CAP_TYZSAHDPK_uan8jS8dsG-NWfOE4zL654a0df9+PZDPek-HA@mail.gmail.com>
 <53729870.8070608@msapiro.net>
 <CAP_TYZRu2By0Te6KQTSYz_5y--otCTLARGAOXJspUOt553aULQ@mail.gmail.com>
 <53738D53.9030307@msapiro.net> <5373AB11.4070808@greenbuilder.com>
 <537401CE.7010406@msapiro.net>
 <CAP_TYZRsUDZNXFj9V-fQbEtBATsST-CNEP4JG6zG=UKU3zNxqg@mail.gmail.com>
 <537444EB.9040905@msapiro.net>
Message-ID: <CAP_TYZS734HxA8-kSQO5FZpW9_W-7Myy4sQ_djaiWPz2rueDfQ@mail.gmail.com>

That did the trick.

Thanks again.


On Wed, May 14, 2014 at 11:39 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/14/2014 07:58 PM, Bill Christensen wrote:
> > Here you go:
> >
> > admin(38814): [----- Traceback ------]
> > admin(38814): Traceback (most recent call last):
> > admin(38814):   File "/opt/local/share/mailman/
> > scripts/driver", line 112, in run_main
> > admin(38814):     main()
> > admin(38814):   File "/opt/local/share/mailman/Mailman/Cgi/subscribe.py",
> > line 63, in main
> > admin(38814):     syslog('vette', 'subscribe: Forbidden list "%s": %s\n',
> > listname, e)
> > admin(38814): UnboundLocalError: local variable 'e' referenced before
> > assignment
> > admin(38814): [----- Python Information -----]
> >
>
>
> My apologies again. The line
>
>         syslog('vette', 'subscribe: Forbidden list "%s": %s\n', listname,
> e)
>
> should be
>
>         syslog('vette', 'subscribe: Forbidden list "%s"', listname)
>
> Again, I apologize for posting an untested "so simple, how can it be
> wrong" patch. sorry for the confusion.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/billc_lists%40greenbuilder.com
>

From mark at msapiro.net  Thu May 15 07:22:14 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 14 May 2014 22:22:14 -0700
Subject: [Mailman-Users] Virtual Mailman broke!
In-Reply-To: <D28D7613-FD69-4507-9FC2-5890769F0BAC@Bytesmiths.com>
References: <mailman.53083.1399503124.18129.mailman-users@python.org>
 <D28D7613-FD69-4507-9FC2-5890769F0BAC@Bytesmiths.com>
Message-ID: <53744F06.4030109@msapiro.net>

On 05/14/2014 04:26 PM, Jan Steinman wrote:
> I'm using the Mailman and postfix that came bundled with MacOS X 10.6 (Snow Leopard) on a Mac Mini Server.


See the FAQ at <http://wiki.list.org/x/OIDD>. Yes, I know you probably
can't get help from Apple, but Apple's Mailman is known to be patched in
ways we have little or no knowledge of, and this affects the help we can
give you.


> I have problems adding new lists using the web interface. It's been a problem forever, but I've forgotten the magic fixes to magic files that I've done in the past to correct it.


Do you mean the Mailman 'create' CGI or some Apple thing? If Mailman's,
what are the symptoms of the problem?


> I have a number of small non-profits that I host websites for, and each has one or more Mailman lists. I run my own DNS and MTA using the domain "bytesmiths.com". All these virtual domain lists were working, until I added a new list to one of them. It failed to accept the new mailman list address after adding the new list through the Mailman web interface.


What do you mean by "failed to accept the new mailman list address". Do
you mean failed to accept mail to that address as below, or something else?


> So then I started poking around, and noticed the new list did not appear like other functioning lists in /var/mailman/data files. I carefully added the new list by editing "aliases" and "virtual-mailman" files that warned ominously "do not edit!" and ran newaliases(1). I verified that the .db files are newer than the edited text files.
> 
> Well, now NONE of my virtual domains work any more. They fail by redirecting to the base domain. For example, mail to new list "glarp at VirtualDomain.org" -- previously working -- fails with a bounce that "glarp at bytesmiths.com" doesn't exist.


Is bytesmiths.com in Postfix's mydestination (i.e., a Postfix local
domain). If so, Postfix is not seeing the alias for glarp, i.e.something
like

glarp:             "|/path/to/mail/mailman post glarp"


> Rather than deluge you with config files and error logs, I thought I'd post the symptoms first, to see if anyone could point me in the right direction, or could request specific config/log info.


Do you have

MTA = 'Postfix'

in mm_cfg.py?

Do you have

postfix_style_virtual_domains = ['VirtualDomain.org',
                                 'AnotherVirtual.org',
                                 'Yet Another.org',
                                 ]

in mm_cfg.py.

If you created the list using Mailman's CGI, did you have the web host
for VirtualDomain.org as the host in the URL, and do you have

add_virtualhost('VirtualWebDomain.org', 'VirtualDomain.org')

in mm_cfg.py?

If all the above is OK, running Mailman's bin/genaliases should fix up
data/aliases* and data/virtual-mailman*

If not, show us the contents of mm_cfg.py and the output of postconf -n.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mailman at rissel.it  Wed May 14 21:40:12 2014
From: mailman at rissel.it (Sascha Rissel)
Date: Wed, 14 May 2014 21:40:12 +0200
Subject: [Mailman-Users] Get newer version of Mailman for Debian 6?
Message-ID: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>

Hello there,

I am running a vServer on Debian6.
Via "apt-get install mailman" I installed and set up Mailman 2.1.13, which
is running fine with 5 mailing lists on my server.

Motivated by all those discussions about Yahoo's DMARC on this list, I
wondered whether I can upgrade my Mailman installation to a newer version.

I tried "apt-get update" and "apt-get upgrade" but I did not receive a
newer version of Mailman.

Unfortunately I don't consider myself as good enough in Linux usage, to be
able to build Mailman binaries from scratch on my own. Indeed I tried, but
already upon executing "configure" (Step 3 in Mailman's installation
guide<http://list.org/mailman-install/node7.html>)
I got a python warning
> Distutils is not available or is incomplete
which seems to tell me I should install another Python environment.

So I came to the point when I decided that compiling Mailman on my own is
too complicated for me, because in the end I definitely want a bug-free
installation of Mailman.

Is there maybe an easier way to get a more recent version of Mailman for my
server?

In advance, thanks for your help!
Sascha.

From stephen at xemacs.org  Thu May 15 09:32:30 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 15 May 2014 16:32:30 +0900
Subject: [Mailman-Users]  Get newer version of Mailman for Debian 6?
In-Reply-To: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
References: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
Message-ID: <87wqdncx9t.fsf@uwakimon.sk.tsukuba.ac.jp>

Sascha Rissel writes:
 > Hello there,
 > 
 > I am running a vServer on Debian6.
 > Via "apt-get install mailman" I installed and set up Mailman 2.1.13, which
 > is running fine with 5 mailing lists on my server.
 > 
 > Motivated by all those discussions about Yahoo's DMARC on this list, I
 > wondered whether I can upgrade my Mailman installation to a newer version.
 > 
 > I tried "apt-get update" and "apt-get upgrade" but I did not receive a
 > newer version of Mailman.

I think it's probably easier to use aptitude (or some other UI) rather
than apt-get.

A search at Debian (https://www.debian.org/distrib/packages#search_packages)
shows that the current stable version of Debian (wheezy, aka Debian 7)
includes Mailman 2.1.15, which is too old to have any DMARC mitigation
features.  The current unstable version includes 2.1.16, which has
some early attempts at mitigating DMARC, but apparently 2.1.17 and
2.1.18 are not packaged at all.

 > Unfortunately I don't consider myself as good enough in Linux
 > usage,

In that case I think your best bet is to upgrade Debian to "stable"
(rather than a specific version of Debian).  Then when they release a
new stable version you will be automatically upgraded.  I personally
run "testing" (and have used "unstable" in the past), but it's been
many years since I bothered to fiddle with these settings.  You should
ask on Debian channels how to arrange to get the most recent Mailman
as soon as a package is released.

See also https://www.debian.org/releases/stable/releasenotes for
information on upgrading for your hardware.


From sylvain at opensource-expert.com  Thu May 15 10:48:51 2014
From: sylvain at opensource-expert.com (Sylvain Viart)
Date: Thu, 15 May 2014 10:48:51 +0200
Subject: [Mailman-Users] mailman-AttachmentMove: completely remove moved
	attachment?
Message-ID: <53747F73.2090704@opensource-expert.com>

Hi,

What'd be the trouble if I completely remove attachment from the message?

First I've copied the behavior of the Handler Scrubber.py  and 
ThunderBird filelink module.
It wipes the attachment but sill send a fake one. Which looks like:

--------------020101070601020108020001
X-Mozilla-Cloud-Part: cloudFile; url=http://remotelocation/remotefile; name=original_name.pdf
Content-Type: application/octet-stream
Content-Transfer-Encoding: 7bit


Regards,
Sylvain

From finches at portadmiral.org  Thu May 15 14:47:48 2014
From: finches at portadmiral.org (Larry Finch)
Date: Thu, 15 May 2014 08:47:48 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53739948.8050608@ulticom.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <82600D7E-2BF2-4A7E-A441-3B59F3FE9CEE@portadmiral.org>


On May 14, 2014, at 11:47 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> Peter Shute writes:
> 
>> When MS365 forwards the mails sent to the distribution list, should
>> that make the DMARC authentication fail? I thought that only
>> happened if you made changes like adding a prefix to the subject
>> line like Mailman does.
> 
> If it forwards verbatim *and* the sending domain signs the mail with
> DKIM (the common case), DMARC validation will succeed.  Without DKIM,
> DMARC validation is guaranteed to fail.  However, even in the sender
> uses DKIM, *any* change *whatsoever* to the body will cause validation
> to fail, and there are several changes to the header that could cause
> it to fail.  Furthermore, which parts of the header are protected by
> the DKIM signature are determined by the sender, not by DMARC AFAIK.
> 
> If distribution lists are pure forwards, MS365 will be OK.  But I find
> it hard to believe that that level of functionality is popular with
> users -- there's a reason why all popular MLMs implement subject
> prefixes, body headers and body footers, and it isn't "because it's
> the Microsoft way".
> 
> 

Especially as legally mailing lists are required to add unsubscribe instructions in the footer.

best regards,
Larry

--
Larry Finch
finches at portadmiral.org




From heller at deepsoft.com  Thu May 15 14:51:08 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 15 May 2014 08:51:08 -0400
Subject: [Mailman-Users] Get newer version of Mailman for Debian 6?
In-Reply-To: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
References: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
Message-ID: <201405151251.s4FCp85c027085@sharky2.deepsoft.com>

At Wed, 14 May 2014 21:40:12 +0200 Sascha Rissel <mailman at rissel.it> wrote:

> 
> Hello there,
> 
> I am running a vServer on Debian6.
> Via "apt-get install mailman" I installed and set up Mailman 2.1.13, which
> is running fine with 5 mailing lists on my server.
> 
> Motivated by all those discussions about Yahoo's DMARC on this list, I
> wondered whether I can upgrade my Mailman installation to a newer version.
> 
> I tried "apt-get update" and "apt-get upgrade" but I did not receive a
> newer version of Mailman.
> 
> Unfortunately I don't consider myself as good enough in Linux usage, to be
> able to build Mailman binaries from scratch on my own. Indeed I tried, but
> already upon executing "configure" (Step 3 in Mailman's installation
> guide<http://list.org/mailman-install/node7.html>)
> I got a python warning
> > Distutils is not available or is incomplete
> which seems to tell me I should install another Python environment.
> 
> So I came to the point when I decided that compiling Mailman on my own is
> too complicated for me, because in the end I definitely want a bug-free
> installation of Mailman.
> 
> Is there maybe an easier way to get a more recent version of Mailman for my
> server?

I don't know how it is for Debian (I use CentOS 5, based on RHEL 5). What *I*
did was get the source RPM for Mailman 2.1.16 for Fedora 21 and using the
source RPM for CentOS 5 (2.1.9) as a guide, modified the Fedora 21 source RPM
to create a Mailman 2.1.16 binary RPM for CentOS 5. My guess is you probably
need to download the source Debian package file(s) for the whatever the
bleeding edge Debian release (Debian testing?) and the corresponding package
for Debian 6 and then compare the two. The 'magic' is all in the
mailman_2.1.<whatever>.debian.tar.tz files. There is actually some fairly good
documentation on how the Debian package building process works -- do a search
on 'how to build Debian package files' (or something like that). Up through
Mailman 2.1.16 or Mailman 2.1.17, there aren't any depenency issues (in terms
of how new a version of system libraries, compilers, or Python) that are
needed to build Mailman, so these fairly 'new' versions of Mailman will build
on an otherwise 'old' distribution (like CentOS 5 or Debian 6), once you have
the build environment up-to-speed -- you will probably need to install some
stock <mumble>-dev packages, etc. Mailman 2.1.18 *might* want a newer version
of Python that is normally found on these systems, which might make things
'interesting'. 

It is also possible someone out there has already build a set of .deb files of 
Mailman 2.1.16 or Mailman 2.1.17 that will install on Debian 6.

> 
> In advance, thanks for your help!
> Sascha.
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                                                                  

From heller at deepsoft.com  Thu May 15 14:51:12 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 15 May 2014 08:51:12 -0400
Subject: [Mailman-Users] Get newer version of Mailman for Debian 6?
In-Reply-To: <87wqdncx9t.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com> 
 <87wqdncx9t.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <201405151251.s4FCpCVC027097@sharky2.deepsoft.com>

At Thu, 15 May 2014 16:32:30 +0900 "Stephen J. Turnbull" <stephen at xemacs.org> wrote:

> 
> Sascha Rissel writes:
>  > Hello there,
>  > 
>  > I am running a vServer on Debian6.
>  > Via "apt-get install mailman" I installed and set up Mailman 2.1.13, which
>  > is running fine with 5 mailing lists on my server.
>  > 
>  > Motivated by all those discussions about Yahoo's DMARC on this list, I
>  > wondered whether I can upgrade my Mailman installation to a newer version.
>  > 
>  > I tried "apt-get update" and "apt-get upgrade" but I did not receive a
>  > newer version of Mailman.
> 
> I think it's probably easier to use aptitude (or some other UI) rather
> than apt-get.
> 
> A search at Debian (https://www.debian.org/distrib/packages#search_packages)
> shows that the current stable version of Debian (wheezy, aka Debian 7)
> includes Mailman 2.1.15, which is too old to have any DMARC mitigation
> features.  The current unstable version includes 2.1.16, which has
> some early attempts at mitigating DMARC, but apparently 2.1.17 and
> 2.1.18 are not packaged at all.


Mailman 2.1.16 is cabable of mitigating DMARC, at least well enough for most
list users, in that the from_is_list / reply to munging available in 2.1.16
does get the messages through to one's list users, even those with Yahoo, Aol,
and Hotmail addresses.  It is not pretty, but it generally works well enough.

> 
>  > Unfortunately I don't consider myself as good enough in Linux
>  > usage,
> 
> In that case I think your best bet is to upgrade Debian to "stable"
> (rather than a specific version of Debian).  Then when they release a
> new stable version you will be automatically upgraded.  I personally
> run "testing" (and have used "unstable" in the past), but it's been
> many years since I bothered to fiddle with these settings.  You should
> ask on Debian channels how to arrange to get the most recent Mailman
> as soon as a package is released.
> 
> See also https://www.debian.org/releases/stable/releasenotes for
> information on upgrading for your hardware.
> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                                                                                                               

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                                                

From cgtyoder at alum.mit.edu  Thu May 15 15:46:36 2014
From: cgtyoder at alum.mit.edu (Conrad G T Yoder)
Date: Thu, 15 May 2014 09:46:36 -0400
Subject: [Mailman-Users] Dealing with rate limiting from Roadrunner/Time
	Warner
In-Reply-To: <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
 <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>

On May 15, 2014, at 12:21 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> Conrad G T Yoder writes:
> 
>> Has anyone had to deal with bounces due to rate limiting from
>> Roadrunner/Time Warner?
> 
> Are these true bounces (ie, permanent delivery failures) or just the
> temporary failures due to rate limiting, causing delays of many hours
> or days in delivery?

It is a true bounce - mail is being rejected.  The error message is phrased as a "temporary failure," but the message is bounced at the SMTP transaction.  ?At some point,? they stop bouncing.  RR won?t say when that happens.


<user at roadrunner.com>: delivery temporarily suspended: host
   cdptpa-pub-iedge-vip.email.rr.com[107.14.166.70] refused to talk to me: 421
   4.7.1 - Connection refused - <66.33.216.56> -  Too many concurrent
   connections ( <2> ) from source IP


>> http://postmaster.rr.com/spam#ratelimit
>> 
>> If so, what did you do to resolve the problem?  (That is, if things
>> ?got resolved.?)
> 
> Haven't had a problem (RR is on the list of "if you don't like losing
> mail, don't do that" mailboxes for my lists).
> 
>> My hosting provider, DreamHost, continues to assert this is my
>> problem and not theirs.
> 
> This may be partly true, if you are falling afoul of the "too many
> recipients per message" limit.  In that case, if the option is
> available, then you should set personalization on for lists will more
> than a very few RR subscribers.  If not, see "full of" below.

I will probably turn that on soon - it is available to me.


> Does NightmareHost offer you any advice?  Or are they just saying "if
> you don't like our service, find another one?"  I think "find another
> one" is a great idea, personally.

On this instance, they haven?t been very helpful.  For the most part, though, they have been decent.  The largest of my lists that I admin has over 7600 subscribers, with about 15 emails going out daily - that?s about 115K total emails a day, and for the price I am paying DH, I haven?t found anywhere near a better deal.  So I accept these (occasional) issues along with the deal I?m getting.

-Conrad

--
See something, Say something.


From mark at msapiro.net  Thu May 15 16:22:43 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 07:22:43 -0700
Subject: [Mailman-Users] Dealing with rate limiting from Roadrunner/Time
 Warner
In-Reply-To: <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>
References: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
 <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>
 <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>
Message-ID: <5374CDB3.8040406@msapiro.net>

On 05/15/2014 06:46 AM, Conrad G T Yoder wrote:
> 
> It is a true bounce - mail is being rejected.  The error message is phrased as a "temporary failure," but the message is bounced at the SMTP transaction.  ?At some point,? they stop bouncing.  RR won?t say when that happens.
> 
> 
> <user at roadrunner.com>: delivery temporarily suspended: host
>    cdptpa-pub-iedge-vip.email.rr.com[107.14.166.70] refused to talk to me: 421
>    4.7.1 - Connection refused - <66.33.216.56> -  Too many concurrent
>    connections ( <2> ) from source IP


This is a 4xx status, so it is a temp failure, and Mailman should be
retrying these.

It looks like what is going on is the outgoing MTA has received multiple
messages from Mailman for RR recipients, and is trying to send them in
parallel.

The bottom line is that these messages should be ultimately delivered.

Note that if my analysis is correct, it would appear that Mailman is
already sending 1 message per recipient to the outgoing MTA because  of
personalization or VERP enabled or SMTP_MAX_RCPTS = 1, and this is a
case where a larger SMTP_MAX_RCPTS and no VERP or personalization might
help.

Unfortunately, the only one of these things that *might* be available to
a list owner is personalization.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From david at midrange.com  Thu May 15 16:39:38 2014
From: david at midrange.com (Gibbs, David)
Date: Thu, 15 May 2014 09:39:38 -0500
Subject: [Mailman-Users] reply_goes_to_list broken in 2.1.18-1?
Message-ID: <ll2jja$81b$1@ger.gmane.org>

Folks:

I was previously running 2.1.17 (after having not upgraded for a VERY long time).  Everything is working just fine.

I saw the new DMARC modifications and decided to upgrade to 2.1.18-1.

The upgrade went fine ... but after running for a bit some of my users told me that when they replied to a list message it was going to the author of the message they are replying to instead of the list.  The Reply-to header was *NOT* present in the messages being sent from the list.

I have reply_goes_to_list set to "This List" for all my lists.

I down graded to 2.1.17 again and the reply-to header was once again in place.

Is this a known issue?

Thanks!

david

-- 
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding a metric century (100 km / 62 miles) in the 2014 Chicagoland Tour de Cure to raise money for diabetes research, education, and advocacy.  Sponsor me by visiting http://gmane.diabetessucks.net. Any amount is appreciated.

See where I get my donations from ... visit http://gmane.diabetessucks.net/mapdonations.php for an interactive map (it's a geeky thing).


From mark at msapiro.net  Thu May 15 16:44:34 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 07:44:34 -0700
Subject: [Mailman-Users] mailman-AttachmentMove: completely remove moved
 attachment?
In-Reply-To: <53747F73.2090704@opensource-expert.com>
References: <53747F73.2090704@opensource-expert.com>
Message-ID: <5374D2D2.5000303@msapiro.net>

On 05/15/2014 01:48 AM, Sylvain Viart wrote:
> 
> What'd be the trouble if I completely remove attachment from the message?


None if you do it correctly.

Assuming msg is a multipart message object with 3 subparts and you want
to delete the second of the 3 parts.

parts = msg.get_payload()
# parts is a list of 3 message objects which are the sub-parts.
# delete the second.
del parts[1]
msg.set_payload(parts)

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gaa at ulticom.com  Thu May 15 16:53:09 2014
From: gaa at ulticom.com (Gary Algier)
Date: Thu, 15 May 2014 10:53:09 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53739948.8050608@ulticom.com>	<C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5374D4D5.6010400@ulticom.com>

On 05/14/14 23:47, Stephen J. Turnbull wrote:
> Peter Shute writes:
>
>   > When MS365 forwards the mails sent to the distribution list, should
>   > that make the DMARC authentication fail? I thought that only
>   > happened if you made changes like adding a prefix to the subject
>   > line like Mailman does.
>
> If it forwards verbatim *and* the sending domain signs the mail with
> DKIM (the common case), DMARC validation will succeed.  Without DKIM,
> DMARC validation is guaranteed to fail.  However, even in the sender
> uses DKIM, *any* change *whatsoever* to the body will cause validation
> to fail, and there are several changes to the header that could cause
> it to fail.  Furthermore, which parts of the header are protected by
> the DKIM signature are determined by the sender, not by DMARC AFAIK.
>
> If distribution lists are pure forwards, MS365 will be OK.  But I find
> it hard to believe that that level of functionality is popular with
> users -- there's a reason why all popular MLMs implement subject
> prefixes, body headers and body footers, and it isn't "because it's
> the Microsoft way".
>

I ran some tests this morning.  I created an Exchange distribution list here 
and added myself five ways on the list:
1. On our Exchange server (how I receive internal emails)
2. On a local Linux server running sendmail and dovecot (how I receive "real 
mail")
3. A Yahoo address.
4. A Gmail address.
5. An iCloud address.

I then sent an email to the list and to my work sendmail address.  It was 
delivered to both work addresses and the iCloud address.

Gmail put it in my Spam folder with the warning:
-------------------------------------------------------------------
Be careful with this message. Our systems couldn't verify that this message 
was really sent by yahoo.com. You might want to avoid clicking links or 
replying with personal information.
-------------------------------------------------------------------
There is also a link to their "Why messages are marked as Spam" page.

On Yahoo I found the bounce in my Spam folder with the following:
-------------------------------------------------------------------
This is an automated message from the Extensible Content Security
at host wg.ulticom.com.

The message returned below could not be delivered to its intended
destinations.

For further assistance, please send mail to <XXXXXXXXXXX at wg.ulticom.com>.

If you do so, please include this problem report. You can delete
your own text from the message returned below.

Reason:
<XXXXXXXX at yahoo.com>: host mta7.am0.yahoodns.net[98.138.112.34] said: 554
     5.7.9 Message not accepted for policy reasons.  See
     http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of
     DATA command)
-------------------------------------------------------------------
The server wg.ulticom.com is our WatchGuard Anti-Spam appliance.  It had no 
trouble accepting it when it came in the first time (it does not do DMARC 
checks), but when it tried to delivery the email to Yahoo, they rejected it. 
Of course, the reject went to Yahoo anyway, but with a MAILER-DAEMON sender 
address.

I saved the two copies from my sendmail address and compared them:
% h=$(sed -n -e 'y/:/|/' -e '/DKIM-Signature|/s/.* h=\([^;]*\).*/\1/p' direct.eml)
% diff -s -u <(egrep -i "^($h):" direct.eml) <(egrep -i "^($h)" list.eml)
Files /dev/fd/4 and /dev/fd/5 are identical
% diff -s -u <(sed '1,/^$/d' direct.eml) <(sed '1,/^$/d' list.eml)
Files /dev/fd/4 and /dev/fd/5 are identical

The first diff compares only the headers in the DKIM Signature.
The second diff compares the body.
The DKIM checks seem to be good.  So, it seems that nothing has changed in the 
content or checked header.  It must be SPf.

% dig +short TXT _spf.mail.yahoo.com
"v=spf1 ptr:yahoo.com ptr:yahoo.net ip4:206.108.40.0/27 ip4:199.16.139.0/26 ?all"

It seems that in the case of a simple Exchange distribution list, the Yahoo 
members will fail (into their Spam folder!), some others may fail depending 
upon their service's SPF fussiness, and others may have to root around in 
their Spam folders for the content.

--
Gary Algier, WB2FWZ            gaa at ulticom.com             +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054     Fax:+1 856 866 2033

Nielsen's First Law of Computer Manuals:
     People don't read documentation voluntarily.

From mark at msapiro.net  Thu May 15 17:11:31 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 08:11:31 -0700
Subject: [Mailman-Users] reply_goes_to_list broken in 2.1.18-1?
In-Reply-To: <ll2jja$81b$1@ger.gmane.org>
References: <ll2jja$81b$1@ger.gmane.org>
Message-ID: <5374D923.7010205@msapiro.net>

On 05/15/2014 07:39 AM, Gibbs, David wrote:
> 
> The upgrade went fine ... but after running for a bit some of my users told me that when they replied to a list message it was going to the author of the message they are replying to instead of the list.  The Reply-to header was *NOT* present in the messages being sent from the list.
> 
> I have reply_goes_to_list set to "This List" for all my lists.
> 
> I down graded to 2.1.17 again and the reply-to header was once again in place.
> 
> Is this a known issue?


Is this with or without DMARC Munge From or Wrap Message?

I've just tested most combinations, and they all include a Reply-To:
header with the list posting address. With Munge From and Wrap Message,
the Reply-To: also has the original From: address in it, but it's always
there.

Also, are you looking at a raw message or what a mail client displays?
I've seen issues with some versions of Apple Mail and perhaps other
clients where for "some" messages, the Reply-To: is not displayed or
honored even though it's there.

I know reply_goes_to_list is This List, but what are the exact settings
for from_is_list, anonymous_list and first_strip_reply_to when you see this?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From finches at portadmiral.org  Thu May 15 17:15:10 2014
From: finches at portadmiral.org (Larry Finch)
Date: Thu, 15 May 2014 11:15:10 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5374D4D5.6010400@ulticom.com>
References: <53739948.8050608@ulticom.com>	<C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp> <5374D4D5.6010400@ulticom.com>
Message-ID: <536855F1-525D-4CD3-9D97-6C6EE72F404A@portadmiral.org>


On May 15, 2014, at 10:53 AM, Gary Algier <gaa at ulticom.com> wrote:

> On 05/14/14 23:47, Stephen J. Turnbull wrote:
> 
> I then sent an email to the list and to my work sendmail address.  It was delivered to both work addresses and the iCloud address.
> 
> Gmail put it in my Spam folder with the warning:
> -------------------------------------------------------------------
> Be careful with this message. Our systems couldn't verify that this message was really sent by yahoo.com. You might want to avoid clicking links or replying with personal information.
> -------------------------------------------------------------------
> There is also a link to their "Why messages are marked as Spam" page.
> 
> On Yahoo I found the bounce in my Spam folder with the following:
> -------------------------------------------------------------------
> This is an automated message from the Extensible Content Security
> at host wg.ulticom.com.
> 
> The message returned below could not be delivered to its intended
> destinations.
> 
> 
> It seems that in the case of a simple Exchange distribution list, the Yahoo members will fail (into their Spam folder!), some others may fail depending upon their service's SPF fussiness, and others may have to root around in their Spam folders for the content.
> 

On the lists that I manage on listserv I?ve discovered that many ISPs honor Yahoo and AOL?s p=reject, and will not even put the message in the spam folder. Among them are: Comcast, SBCGlobal, AT&T, AOL, Rogers, Earthlink, Hotmail and a few others I don?t recall. So essentially half of my list members will not get posts from Yahoo or AOL.

best regards,
Larry

--
Larry Finch
finches at portadmiral.org




From gaa at ulticom.com  Thu May 15 17:35:04 2014
From: gaa at ulticom.com (Gary Algier)
Date: Thu, 15 May 2014 11:35:04 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <536855F1-525D-4CD3-9D97-6C6EE72F404A@portadmiral.org>
References: <53739948.8050608@ulticom.com>	<C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp> <5374D4D5.6010400@ulticom.com>
 <536855F1-525D-4CD3-9D97-6C6EE72F404A@portadmiral.org>
Message-ID: <5374DEA8.1080902@ulticom.com>

On 05/15/14 11:15, Larry Finch wrote:
>
> On May 15, 2014, at 10:53 AM, Gary Algier <gaa at ulticom.com> wrote:
>
>> On 05/14/14 23:47, Stephen J. Turnbull wrote:
>>
>> I then sent an email to the list and to my work sendmail address.  It was delivered to both work addresses and the iCloud address.
>>
>> Gmail put it in my Spam folder with the warning:
>> -------------------------------------------------------------------
>> Be careful with this message. Our systems couldn't verify that this message was really sent by yahoo.com. You might want to avoid clicking links or replying with personal information.
>> -------------------------------------------------------------------
>> There is also a link to their "Why messages are marked as Spam" page.
>>
>> On Yahoo I found the bounce in my Spam folder with the following:
>> -------------------------------------------------------------------
>> This is an automated message from the Extensible Content Security
>> at host wg.ulticom.com.
>>
>> The message returned below could not be delivered to its intended
>> destinations.
>>
>>
>> It seems that in the case of a simple Exchange distribution list, the Yahoo members will fail (into their Spam folder!), some others may fail depending upon their service's SPF fussiness, and others may have to root around in their Spam folders for the content.
>>
>
> On the lists that I manage on listserv I?ve discovered that many ISPs honor Yahoo and AOL?s p=reject, and will not even put the message in the spam folder. Among them are: Comcast, SBCGlobal, AT&T, AOL, Rogers, Earthlink, Hotmail and a few others I don?t recall. So essentially half of my list members will not get posts from Yahoo or AOL.
>
> best regards,
> Larry
>
> --
> Larry Finch
> finches at portadmiral.org

Apparently, simple Exchange distribution lists do not rewrite headers or touch 
the body so DKIM passes.  However, the distribution lists also do not change 
the envelope sender so the SPF fails.  In order to get through DKIM, the 
internal author address ("From: ") and a bunch of other headers must stay the 
same, which Exchange does.  Most mailing list software rewrites something, 
which makes DKIM fail.  However, the mailing list software will use an 
envelope address from the list so SPF should not fail.

Summary:
Can't use Exchange distribution lists: SPF will fail.
Can't use mailing list software without changing the author, etc.: DKIM will fail.

Time for sendmail aliases?  Or perhaps, SPF will fail?

-- 
Gary Algier, WB2FWZ            gaa at ulticom.com             +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054     Fax:+1 856 866 2033

Nielsen's First Law of Computer Manuals:
     People don't read documentation voluntarily.

From heller at deepsoft.com  Thu May 15 17:43:22 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 15 May 2014 11:43:22 -0400
Subject: [Mailman-Users] Postings being discarded due to DKIM failures?
Message-ID: <201405151543.s4FFhMUG023906@sharky2.deepsoft.com>

A list member recently tried to post a message to a list and the message was 
discarded for no *appearent* reason.  The only clue is that for some reason 
the message is failing the DKIM check (DKIM=fail).  I am using Mailman 2.1.16 
on CentOS 5 (python-2.4.3-56.el5, httpd-2.2.3-85.el5.centos, 
dkim-milter-2.8.3-8.el5).  Is there some way to get Mailman to log why it is 
discarding messages?

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                     

From david at midrange.com  Thu May 15 17:58:00 2014
From: david at midrange.com (Gibbs, David)
Date: Thu, 15 May 2014 10:58:00 -0500
Subject: [Mailman-Users] reply_goes_to_list broken in 2.1.18-1?
In-Reply-To: <5374D923.7010205@msapiro.net>
References: <ll2jja$81b$1@ger.gmane.org> <5374D923.7010205@msapiro.net>
Message-ID: <ll2o69$sol$1@ger.gmane.org>

On 5/15/2014 10:11 AM, Mark Sapiro wrote:
> On 05/15/2014 07:39 AM, Gibbs, David wrote:
>> 
>> The upgrade went fine ... but after running for a bit some of my
>> users told me that when they replied to a list message it was going
>> to the author of the message they are replying to instead of the
>> list.  The Reply-to header was *NOT* present in the messages being
>> sent from the list.
> 
> Is this with or without DMARC Munge From or Wrap Message?

Although I was testing the DMARC Munge from functionality on a test list, the problem with the Reply-to header was occurring on all my lists.  None of the lists had the DMARC munge settings enabled.

> I've just tested most combinations, and they all include a Reply-To: 
> header with the list posting address. With Munge From and Wrap
> Message, the Reply-To: also has the original From: address in it, but
> it's always there.
> 
> Also, are you looking at a raw message or what a mail client
> displays? I've seen issues with some versions of Apple Mail and
> perhaps other clients where for "some" messages, the Reply-To: is not
> displayed or honored even though it's there.

I was looking at the raw header from tbird.

> I know reply_goes_to_list is This List, but what are the exact
> settings for from_is_list, anonymous_list and first_strip_reply_to
> when you see this?

For the list where I first noticed the problem:
from_is_list = No
anonymous_list = No
first_strip_reply_to = yes

These are the settings this list has had for years.

Unfortunately I no longer have the messages when I noticed the problem ... I will have to try and recreate the problem in a sandbox.

You can see the headers from a test message I sent when tracking down the problem here: http://code.midrange.com/ab8c5f0363.html

david


-- 
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding a metric century (100 km / 62 miles) in the 2014 Chicagoland Tour de Cure to raise money for diabetes research, education, and advocacy.  Sponsor me by visiting http://email.diabetessucks.net. Any amount is appreciated.

See where I get my donations from ... visit http://email.diabetessucks.net/mapdonations.php for an interactive map (it's a geeky thing).


From bsfinkel at att.net  Thu May 15 18:32:59 2014
From: bsfinkel at att.net (Barry S. Finkel)
Date: Thu, 15 May 2014 11:32:59 -0500
Subject: [Mailman-Users] Get newer version of Mailman for Debian 6?
In-Reply-To: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
References: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
Message-ID: <5374EC3B.7080507@att.net>

On 5/14/2014 2:40 PM, Sascha Rissel wrote:
> Hello there,
>
> I am running a vServer on Debian6.
> Via "apt-get install mailman" I installed and set up Mailman 2.1.13, which
> is running fine with 5 mailing lists on my server.
>
> Motivated by all those discussions about Yahoo's DMARC on this list, I
> wondered whether I can upgrade my Mailman installation to a newer version.
>
> I tried "apt-get update" and "apt-get upgrade" but I did not receive a
> newer version of Mailman.
>
> Unfortunately I don't consider myself as good enough in Linux usage, to be
> able to build Mailman binaries from scratch on my own. Indeed I tried, but
> already upon executing "configure" (Step 3 in Mailman's installation
> guide<http://list.org/mailman-install/node7.html>)
> I got a python warning
>> Distutils is not available or is incomplete
> which seems to tell me I should install another Python environment.
>
> So I came to the point when I decided that compiling Mailman on my own is
> too complicated for me, because in the end I definitely want a bug-free
> installation of Mailman.
>
> Is there maybe an easier way to get a more recent version of Mailman for my
> server?
>
> In advance, thanks for your help!
> Sascha.

When I was running a Mailman server on an Ubuntu box, I was forced to
install via a package.  But I did some research on the Debian/Ubuntu
package to see what was in it.  There were many patches that were
undocumented, and there was one patch that deleted a library that,
in some cases, is required.  So, I decided to build my own package
from the SourceForge source.  That way, I would know EXACTLY what
the source was, and I could get support from this discussion list.

It took me a while to determine what to do,
but after I had built and tested the package, I had no problems
building packages for subsequent Mailman releases.  IIRC, the last
Mailman for which I built a package was 2.1.14.  I do not know if
any changes since then would require changes to the package-build
process.  I have details on what I did, if anyone is interested.

--Barry Finkel


From terry at fiteyes.com  Thu May 15 18:40:02 2014
From: terry at fiteyes.com (Terry Earley)
Date: Thu, 15 May 2014 10:40:02 -0600
Subject: [Mailman-Users] Get newer version of Mailman for Debian 6?
In-Reply-To: <5374EC3B.7080507@att.net>
References: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
 <5374EC3B.7080507@att.net>
Message-ID: <CAL3ZyvCtf4VhOVHw7sH_RmK9Ocf0swO+fOfQbj3WsvDPT2AvfQ@mail.gmail.com>

Barry,

> It took me a while to determine what to do,
> but after I had built and tested the package, I had no problems
> building packages for subsequent Mailman releases.  IIRC, the last
> Mailman for which I built a package was 2.1.14.  I do not know if
> any changes since then would require changes to the package-build
> process.  I have details on what I did, if anyone is interested.
>

Our Ubuntu server will need to take an upgrade from 2.1.14 to 2.1.18-1, so
your instructions on building Debian packages will be very helpful to us at
least. Thanks in advance.

Terry Earley
801 810-4175
Donate to FitEyes <http://www.fiteyes.com/community/donate-to-fiteyes>


On Thu, May 15, 2014 at 10:32 AM, Barry S. Finkel <bsfinkel at att.net> wrote:

> On 5/14/2014 2:40 PM, Sascha Rissel wrote:
>
>> Hello there,
>>
>> I am running a vServer on Debian6.
>> Via "apt-get install mailman" I installed and set up Mailman 2.1.13, which
>> is running fine with 5 mailing lists on my server.
>>
>> Motivated by all those discussions about Yahoo's DMARC on this list, I
>> wondered whether I can upgrade my Mailman installation to a newer version.
>>
>> I tried "apt-get update" and "apt-get upgrade" but I did not receive a
>> newer version of Mailman.
>>
>> Unfortunately I don't consider myself as good enough in Linux usage, to be
>> able to build Mailman binaries from scratch on my own. Indeed I tried, but
>> already upon executing "configure" (Step 3 in Mailman's installation
>> guide<http://list.org/mailman-install/node7.html>)
>> I got a python warning
>>
>>> Distutils is not available or is incomplete
>>>
>> which seems to tell me I should install another Python environment.
>>
>> So I came to the point when I decided that compiling Mailman on my own is
>> too complicated for me, because in the end I definitely want a bug-free
>> installation of Mailman.
>>
>> Is there maybe an easier way to get a more recent version of Mailman for
>> my
>> server?
>>
>> In advance, thanks for your help!
>> Sascha.
>>
>
> When I was running a Mailman server on an Ubuntu box, I was forced to
> install via a package.  But I did some research on the Debian/Ubuntu
> package to see what was in it.  There were many patches that were
> undocumented, and there was one patch that deleted a library that,
> in some cases, is required.  So, I decided to build my own package
> from the SourceForge source.  That way, I would know EXACTLY what
> the source was, and I could get support from this discussion list.
>
> It took me a while to determine what to do,
> but after I had built and tested the package, I had no problems
> building packages for subsequent Mailman releases.  IIRC, the last
> Mailman for which I built a package was 2.1.14.  I do not know if
> any changes since then would require changes to the package-build
> process.  I have details on what I did, if anyone is interested.
>
> --Barry Finkel
>
>
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> terry%40fiteyes.com
>

From harrison at utm.edu  Thu May 15 18:41:58 2014
From: harrison at utm.edu (Bruce Harrison)
Date: Thu, 15 May 2014 16:41:58 +0000
Subject: [Mailman-Users] Get newer version of Mailman for Debian 6?
In-Reply-To: <CAL3ZyvCtf4VhOVHw7sH_RmK9Ocf0swO+fOfQbj3WsvDPT2AvfQ@mail.gmail.com>
References: <CAKGvnECs_em=zmj5HwDLg+CwERTf1J_=Z+LRv=koqpv98Eyhpg@mail.gmail.com>
 <5374EC3B.7080507@att.net>
 <CAL3ZyvCtf4VhOVHw7sH_RmK9Ocf0swO+fOfQbj3WsvDPT2AvfQ@mail.gmail.com>
Message-ID: <E6C16961ECB6B044A889CDAC6BA7B4B2016E2F1DC2@EXCH2010MBOX1.utm.edu>

I'd be interested as well.

Bruce Harrison
UT Martin

-----Original Message-----
From: Mailman-Users [mailto:mailman-users-bounces+harrison=utm.edu at python.org] On Behalf Of Terry Earley
Sent: Thursday, May 15, 2014 11:40 AM
To: mailman-users at python.org
Subject: Re: [Mailman-Users] Get newer version of Mailman for Debian 6?

Barry,

> It took me a while to determine what to do, but after I had built and 
> tested the package, I had no problems building packages for subsequent 
> Mailman releases.  IIRC, the last Mailman for which I built a package 
> was 2.1.14.  I do not know if any changes since then would require 
> changes to the package-build process.  I have details on what I did, 
> if anyone is interested.
>

Our Ubuntu server will need to take an upgrade from 2.1.14 to 2.1.18-1, so your instructions on building Debian packages will be very helpful to us at least. Thanks in advance.

Terry Earley
801 810-4175
Donate to FitEyes <http://www.fiteyes.com/community/donate-to-fiteyes>


On Thu, May 15, 2014 at 10:32 AM, Barry S. Finkel <bsfinkel at att.net> wrote:

> On 5/14/2014 2:40 PM, Sascha Rissel wrote:
>
>> Hello there,
>>
>> I am running a vServer on Debian6.
>> Via "apt-get install mailman" I installed and set up Mailman 2.1.13, 
>> which is running fine with 5 mailing lists on my server.
>>
>> Motivated by all those discussions about Yahoo's DMARC on this list, 
>> I wondered whether I can upgrade my Mailman installation to a newer version.
>>
>> I tried "apt-get update" and "apt-get upgrade" but I did not receive 
>> a newer version of Mailman.
>>
>> Unfortunately I don't consider myself as good enough in Linux usage, 
>> to be able to build Mailman binaries from scratch on my own. Indeed I 
>> tried, but already upon executing "configure" (Step 3 in Mailman's 
>> installation
>> guide<http://list.org/mailman-install/node7.html>)
>> I got a python warning
>>
>>> Distutils is not available or is incomplete
>>>
>> which seems to tell me I should install another Python environment.
>>
>> So I came to the point when I decided that compiling Mailman on my 
>> own is too complicated for me, because in the end I definitely want a 
>> bug-free installation of Mailman.
>>
>> Is there maybe an easier way to get a more recent version of Mailman 
>> for my server?
>>
>> In advance, thanks for your help!
>> Sascha.
>>
>
> When I was running a Mailman server on an Ubuntu box, I was forced to 
> install via a package.  But I did some research on the Debian/Ubuntu 
> package to see what was in it.  There were many patches that were 
> undocumented, and there was one patch that deleted a library that, in 
> some cases, is required.  So, I decided to build my own package from 
> the SourceForge source.  That way, I would know EXACTLY what the 
> source was, and I could get support from this discussion list.
>
> It took me a while to determine what to do, but after I had built and 
> tested the package, I had no problems building packages for subsequent 
> Mailman releases.  IIRC, the last Mailman for which I built a package 
> was 2.1.14.  I do not know if any changes since then would require 
> changes to the package-build process.  I have details on what I did, 
> if anyone is interested.
>
> --Barry Finkel
>
>
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org 
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: 
> http://wiki.list.org/x/QIA9 Searchable Archives: 
> http://www.mail-archive.com/ mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> terry%40fiteyes.com
>
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/harrison%40utm.edu



From mark at msapiro.net  Fri May 16 02:14:38 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 17:14:38 -0700
Subject: [Mailman-Users] Postings being discarded due to DKIM failures?
In-Reply-To: <201405151543.s4FFhMUG023906@sharky2.deepsoft.com>
References: <201405151543.s4FFhMUG023906@sharky2.deepsoft.com>
Message-ID: <5375586E.6090506@msapiro.net>

On 05/15/2014 08:43 AM, Robert Heller wrote:
> A list member recently tried to post a message to a list and the message was 
> discarded for no *appearent* reason.  The only clue is that for some reason 
> the message is failing the DKIM check (DKIM=fail).  I am using Mailman 2.1.16 
> on CentOS 5 (python-2.4.3-56.el5, httpd-2.2.3-85.el5.centos, 
> dkim-milter-2.8.3-8.el5).  Is there some way to get Mailman to log why it is 
> discarding messages?


I assume you've seen the vette log entry saying the message was
discarded, but it doesn't say why.

Essentially all discards are because the message met some condition for
which the action is Discard. These are all in the list's web admin
interface. The most common one is Content filtering with a filter_action
of discard and a message whose top level Content-Type: is either in
filter_mime_types or not in pass_mime_types. This could be, e.g., a
multipart/related message with multipart/alternative and multipart/mixed
as the only multipart types in pass_mime_types or a text/html message
without text/html in pass_mime_types. It is a common misconception that
convert_html_to_plaintext will handle the latter, but you have to accept
the HTML before you can convert it.

Other places to look for Discard actions are:

Privacy options...
    Sender filters
        member_moderation_action
        dmarc_moderation_action (Mailman 2.1.18 and up)
        discard_these_nonmembers
        generic_nonmember_action
    Spam filters
        header_filter_rules

If you want to see the reason and the message, change the action from
Discard to Hold.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Fri May 16 02:23:43 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 17:23:43 -0700
Subject: [Mailman-Users] reply_goes_to_list broken in 2.1.18-1?
In-Reply-To: <ll2o69$sol$1@ger.gmane.org>
References: <ll2jja$81b$1@ger.gmane.org> <5374D923.7010205@msapiro.net>
 <ll2o69$sol$1@ger.gmane.org>
Message-ID: <53755A8F.4070806@msapiro.net>

On 05/15/2014 08:58 AM, Gibbs, David wrote:
> 
> You can see the headers from a test message I sent when tracking down the problem here: http://code.midrange.com/ab8c5f0363.html


It appears there are two incomplete sets of headers there. Lines 1-22
with some of the headers (Received: headers at least omitted) from a
message from 2.1.18-1 and lines 26-47 with some headers from a message
from 2.1.17 and the 2.1.17 headers include Reply-To: and 2.1.18-1's do not.

Unfortunately, there's nothing there that helps me understand the cause
of the issue.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From heller at deepsoft.com  Fri May 16 02:38:03 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 15 May 2014 20:38:03 -0400
Subject: [Mailman-Users] Postings being discarded due to DKIM failures?
In-Reply-To: <5375586E.6090506@msapiro.net>
References: <201405151543.s4FFhMUG023906@sharky2.deepsoft.com> 
 <5375586E.6090506@msapiro.net>
Message-ID: <201405160038.s4G0c3pQ007821@sharky2.deepsoft.com>

At Thu, 15 May 2014 17:14:38 -0700 Mark Sapiro <mark at msapiro.net> wrote:

> 
> On 05/15/2014 08:43 AM, Robert Heller wrote:
> > A list member recently tried to post a message to a list and the message was 
> > discarded for no *appearent* reason.  The only clue is that for some reason 
> > the message is failing the DKIM check (DKIM=fail).  I am using Mailman 2.1.16 
> > on CentOS 5 (python-2.4.3-56.el5, httpd-2.2.3-85.el5.centos, 
> > dkim-milter-2.8.3-8.el5).  Is there some way to get Mailman to log why it is 
> > discarding messages?
> 
> 
> I assume you've seen the vette log entry saying the message was
> discarded, but it doesn't say why.
> 
> Essentially all discards are because the message met some condition for
> which the action is Discard. These are all in the list's web admin
> interface. The most common one is Content filtering with a filter_action
> of discard and a message whose top level Content-Type: is either in
> filter_mime_types or not in pass_mime_types. This could be, e.g., a
> multipart/related message with multipart/alternative and multipart/mixed
> as the only multipart types in pass_mime_types or a text/html message
> without text/html in pass_mime_types. It is a common misconception that
> convert_html_to_plaintext will handle the latter, but you have to accept
> the HTML before you can convert it.
> 
> Other places to look for Discard actions are:
> 
> Privacy options...
>     Sender filters
>         member_moderation_action
>         dmarc_moderation_action (Mailman 2.1.18 and up)
>         discard_these_nonmembers
>         generic_nonmember_action
>     Spam filters
>         header_filter_rules
> 
> If you want to see the reason and the message, change the action from
> Discard to Hold.

It wasn't any of these. I believe I have figured out what happened. The poster
did something 'bad': instead of creating a fresh message he located an old
message with a return address of the list and did a reply and then edited
*some* of the headers: only some of the  'visible' ones and did not delete the 
'hidden' ones,  which confused the list server. 

I discovered this when saw dkim log messages suggesting that the server the 
message came from might be pretending to be my server and then when I looked 
at the headers of another message from this poster that had headers it should 
not have had.

> 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                              

From stephen at xemacs.org  Fri May 16 02:48:13 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 16 May 2014 09:48:13 +0900
Subject: [Mailman-Users] Dealing with rate limiting from
	Roadrunner/Time	Warner
In-Reply-To: <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>
References: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
 <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>
 <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>
Message-ID: <87tx8qczw2.fsf@uwakimon.sk.tsukuba.ac.jp>

Conrad G T Yoder writes:

 > > Are these true bounces (ie, permanent delivery failures) or just the
 > > temporary failures due to rate limiting, causing delays of many hours
 > > or days in delivery?
 > 
 > It is a true bounce - mail is being rejected.  The error message is
 > phrased as a "temporary failure," but the message is bounced at the
 > SMTP transaction.  ?At some point,? they stop bouncing.  RR won?t
 > say when that happens.

The log you display is not a true bounce.  If your host's MTA is
configured properly, you may get DSNs saying that you don't need to do
anything but wait, but your users' bounce counts are not increasing
due to messages like the one below, and they probably are eventually
being delivered (although that can't be determined from the log below).

 > <user at roadrunner.com>: delivery temporarily suspended: host
 >    cdptpa-pub-iedge-vip.email.rr.com[107.14.166.70] refused to talk to me: 421
 >    4.7.1 - Connection refused - <66.33.216.56> -  Too many concurrent
 >    connections ( <2> ) from source IP

This is absolutely clearly with no doubt whatsoever a problem that
only can be resolved by reconfiguring the MTA at one end or the other.
I gather that your MTA is a DreamHost responsibility, so they are
either amazingly incompetent or lying to you.  I don't blame them for
not wanting to deal with it, by the way, only for trying to blame the
victims (you and your Roadrunner subscribers).  Roadrunner's policy is
brain-damaged, DreamHost's is merely pragmatic (it's very costly to
try to work around a peer site's brain damage).

The only effective measures you can take that I can see based on what
you have written so far are (1) find a competent and responsive host
for your list (there may not be any, though; I'm not sure what to do
to get reliable timely delivery to a system like Roadrunner), or
(2) tell your Roadrunner subscribers that their host is incapable of
supporting reliable mail delivery and that you can't do anything; if
they care about reliable delivery of mailing lists including yours,
they should use an address at a competent provider (GMail is the only
competent and approximately socially responsible freemail provider I
know of).

 > > This may be partly true, if you are falling afoul of the "too many
 > > recipients per message" limit.
 > 
 > I will probably turn that on soon - it is available to me.

This probably won't help, because based on the message above your MTA
will helpfully just execute the deliveries in parallel, and you'll get
*more* delivery failures, not less.

 > On this instance, they haven?t been very helpful.  For the most
 > part, though, they have been decent.  The largest of my lists that
 > I admin has over 7600 subscribers, with about 15 emails going out
 > daily - that?s about 115K total emails a day, and for the price I
 > am paying DH, I haven?t found anywhere near a better deal.  So I
 > accept these (occasional) issues along with the deal I?m getting.

This issue doesn't look "occasional" to me.  However, if what is most
likely a permanent inability to achieve timely delivery to subscribers
at Roadrunner is acceptable to you, I don't have any complaints. :-/

Steve



From Jan at EcoReality.org  Thu May 15 10:01:26 2014
From: Jan at EcoReality.org (Jan Steinman)
Date: Thu, 15 May 2014 01:01:26 -0700
Subject: [Mailman-Users] Virtual Mailman broke!
In-Reply-To: <mailman.54688.1400133895.18129.mailman-users@python.org>
References: <mailman.54688.1400133895.18129.mailman-users@python.org>
Message-ID: <998EF29F-D37A-4FD2-ABD7-4015471A16B8@EcoReality.org>

> From: Mark Sapiro <mark at msapiro.net>
> 
> On 05/14/2014 04:26 PM, Jan Steinman wrote:
>> I'm using the Mailman and postfix that came bundled with MacOS X 10.6 (Snow Leopard) on a Mac Mini Server.
> 
> See the FAQ at <http://wiki.list.org/x/OIDD>. Yes, I know you probably
> can't get help from Apple, but Apple's Mailman is known to be patched in
> ways we have little or no knowledge of, and this affects the help we can
> give you.

>> I have problems adding new lists using the web interface. It's been a problem forever, but I've forgotten the magic fixes to magic files that I've done in the past to correct it.

Thanks for your patient questions, Mark.

When I said I'd been there before, I realized I should search the mailman-users list archive, and there it was!

I used the mailman web form to create the new list, and the initial symptom is that email to that new address bounces with "address unknown" error.

After manually adding the new list to /var/mailman/data "aliases" and "virtual-mailman" to look like the other functioning lists, I ran "postmap virtual-mailman" and "newaliases".

When I went searching through archives for virtual mailman problems and my name, I found a posting that said I needed to run "postalias aliases" in that directory. I did so, and now all is well.

Yes, Apple's implementation appears to be badly broken.

I'm saving this email as text in the /var/mailman/data directory and the /etc/postfix directories, to save myself some pain the next time it happens... :-)

:::: Jan Steinman, EcoReality Co-op ::::


From mneedham at hdfgroup.org  Thu May 15 16:00:45 2014
From: mneedham at hdfgroup.org (Matthew Needham)
Date: Thu, 15 May 2014 14:00:45 +0000
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53739948.8050608@ulticom.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <59162BCF-0C56-46C5-9A92-CCFA374F59D8@hdfgroup.org>


On May 14, 2014, at 22:47 PM, Stephen J. Turnbull <stephen at xemacs.org<mailto:stephen at xemacs.org>> wrote:

If distribution lists are pure forwards, MS365 will be OK.  But I find
it hard to believe that that level of functionality is popular with
users -- there's a reason why all popular MLMs implement subject
prefixes, body headers and body footers, and it isn't "because it's
the Microsoft way".

Exchange Online (standalone or as part of Office 365) really does lack most of the basic mailing list functionality. It does have moderation, but no subject tagging, list footer, etc. I believe the main reason distribution groups get used is because of the integration with Outlook and compatibility with Exchange Calendaring (inviting a Mailman list to a meeting is bad). It is limited, but in many cases is ?good enough?, and many people don?t know what they?re missing.

Here?s a table comparing select features of the two:

[cid:2EBFB349-BF05-4E11-BED3-DCE3885C4D60 at hdfgroup.uiuc.edu]


--

Matthew Needham
mneedham at hdfgroup.org<mailto:mneedham at hdfgroup.org>
217-531-6110

The HDF Group
1800 South Oak Street, Suite 203
Champaign, IL 61820


From cgtyoder at alum.mit.edu  Fri May 16 03:31:51 2014
From: cgtyoder at alum.mit.edu (Conrad G T Yoder)
Date: Thu, 15 May 2014 21:31:51 -0400
Subject: [Mailman-Users] Dealing with rate limiting from Roadrunner/Time
	Warner
In-Reply-To: <87tx8qczw2.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
 <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>
 <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>
 <87tx8qczw2.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <D0172848-1760-4EE8-85C3-477BF9931515@alum.mit.edu>

On May 15, 2014, at 8:48 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> Conrad G T Yoder writes:
> 
>>> Are these true bounces (ie, permanent delivery failures) or just the
>>> temporary failures due to rate limiting, causing delays of many hours
>>> or days in delivery?
>> 
>> It is a true bounce - mail is being rejected.  The error message is
>> phrased as a "temporary failure," but the message is bounced at the
>> SMTP transaction.  ?At some point,? they stop bouncing.  RR won?t
>> say when that happens.
> 
> The log you display is not a true bounce.  If your host's MTA is
> configured properly, you may get DSNs saying that you don't need to do
> anything but wait, but your users' bounce counts are not increasing
> due to messages like the one below, and they probably are eventually
> being delivered (although that can't be determined from the log below).

Gotcha.  I guess someone thought it was a true bounce and configured their servers appropriately. :^)


> The only effective measures you can take that I can see based on what
> you have written so far are (1) find a competent and responsive host
> for your list (there may not be any, though; I'm not sure what to do
> to get reliable timely delivery to a system like Roadrunner), or
> (2) tell your Roadrunner subscribers that their host is incapable of
> supporting reliable mail delivery and that you can't do anything; if
> they care about reliable delivery of mailing lists including yours,
> they should use an address at a competent provider (GMail is the only
> competent and approximately socially responsible freemail provider I
> know of).

I will certainly be encouraging people with RR addresses to switch.  

I have not yet tried the nuclear option - the infamous EECB (Executive Email Carpet Bomb).  This of course should only be used when all other options have been exhausted.  I?ll probably end up doing it with the Time Warner people.  I did it a few years ago when I was (having no success) going through the usual channels of AOL marking mailing list email as spam.  Within 2 hours of the EECB I got a call from one of their Anti-Spam Operations team members, and she gave me her direct phone number and email address at that point for any future needed correspondence.  Things started happening then.

-Conrad

--
Truth is information.


From mark at msapiro.net  Fri May 16 03:36:05 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 18:36:05 -0700
Subject: [Mailman-Users] Postings being discarded due to DKIM failures?
In-Reply-To: <201405160038.s4G0c3pQ007821@sharky2.deepsoft.com>
References: <201405151543.s4FFhMUG023906@sharky2.deepsoft.com>
 <5375586E.6090506@msapiro.net>
 <201405160038.s4G0c3pQ007821@sharky2.deepsoft.com>
Message-ID: <53756B85.3000302@msapiro.net>

On 05/15/2014 05:38 PM, Robert Heller wrote:
> 
> It wasn't any of these. I believe I have figured out what happened. The poster
> did something 'bad': instead of creating a fresh message he located an old
> message with a return address of the list and did a reply and then edited
> *some* of the headers: only some of the  'visible' ones and did not delete the 
> 'hidden' ones,  which confused the list server. 
> 
> I discovered this when saw dkim log messages suggesting that the server the 
> message came from might be pretending to be my server and then when I looked 
> at the headers of another message from this poster that had headers it should 
> not have had.


The only header that should cause an automatic discard is X-BeenThere:
with the list's posting address. MUA's will normally not copy this into
a 'reply', so the poster must have generated the reply in some other way
like 'bounce' or 'remail' to the list.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From heller at deepsoft.com  Fri May 16 04:36:25 2014
From: heller at deepsoft.com (Robert Heller)
Date: Thu, 15 May 2014 22:36:25 -0400
Subject: [Mailman-Users] Postings being discarded due to DKIM failures?
In-Reply-To: <53756B85.3000302@msapiro.net>
References: <201405151543.s4FFhMUG023906@sharky2.deepsoft.com> 
 <5375586E.6090506@msapiro.net> 
 <201405160038.s4G0c3pQ007821@sharky2.deepsoft.com> 
 <53756B85.3000302@msapiro.net>
Message-ID: <201405160236.s4G2aPM7025345@sharky2.deepsoft.com>

At Thu, 15 May 2014 18:36:05 -0700 Mark Sapiro <mark at msapiro.net> wrote:

> 
> On 05/15/2014 05:38 PM, Robert Heller wrote:
> > 
> > It wasn't any of these. I believe I have figured out what happened. The poster
> > did something 'bad': instead of creating a fresh message he located an old
> > message with a return address of the list and did a reply and then edited
> > *some* of the headers: only some of the  'visible' ones and did not delete the 
> > 'hidden' ones,  which confused the list server. 
> > 
> > I discovered this when saw dkim log messages suggesting that the server the 
> > message came from might be pretending to be my server and then when I looked 
> > at the headers of another message from this poster that had headers it should 
> > not have had.
> 
> 
> The only header that should cause an automatic discard is X-BeenThere:
> with the list's posting address. MUA's will normally not copy this into
> a 'reply', so the poster must have generated the reply in some other way
> like 'bounce' or 'remail' to the list.

I don't know *exactly* what he did, but 'bounce' or 'remail' are probably 
likely. I suspect it is a case of having learned how to use a hammer, it was 
easier to just use a hammer for everything, not just nails, but screws, nuts, 
bolts, etc. :-)  The poster is now investigating the new world of the 'address 
book' as a way of keeping track of possible addresses to use to send 
messages...

> 

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                              

From mark at msapiro.net  Fri May 16 04:42:40 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 15 May 2014 19:42:40 -0700
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5374DEA8.1080902@ulticom.com>
References: <53739948.8050608@ulticom.com>	<C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp> <5374D4D5.6010400@ulticom.com>
 <536855F1-525D-4CD3-9D97-6C6EE72F404A@portadmiral.org>
 <5374DEA8.1080902@ulticom.com>
Message-ID: <53757B20.4020208@msapiro.net>

On 05/15/2014 08:35 AM, Gary Algier wrote:
> 
> However, the
> mailing list software will use an envelope address from the list so SPF
> should not fail.


SPF won't fail, but for DMARC purposes, the domain of the Envelope
sender that passes SPF will not "align" with the From: domain, so the
fact that SPF is OK doesn't help.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Fri May 16 11:49:35 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 16 May 2014 18:49:35 +0900
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <5374D4D5.6010400@ulticom.com>
References: <53739948.8050608@ulticom.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5374D4D5.6010400@ulticom.com>
Message-ID: <87sioacats.fsf@uwakimon.sk.tsukuba.ac.jp>

Gary Algier writes:

 > I ran some tests this morning.  I created an Exchange distribution list here 
 > and added myself five ways on the list:
 > 1. On our Exchange server (how I receive internal emails)
 > 2. On a local Linux server running sendmail and dovecot (how I receive "real 
 > mail")
 > 3. A Yahoo address.
 > 4. A Gmail address.
 > 5. An iCloud address.
 > 
 > I then sent an email to the list and to my work sendmail address.

Where did you send the mail from, what address was in "From", and what
host did the DKIM signing?  Does the domain listed in "From" have a
DMARC record?

 > The DKIM checks seem to be good.  So, it seems that nothing has
 > changed in the content or checked header.  It must be SPf.

It could be SPF, but if it is it has nothing to do with DMARC.  DMARC
accepts either SPF or DKIM as evidence of authenticity.  That is,
either may fail as long as at least one succeeds.

If it is indeed SPF, then it doesn't matter what you use.  The problem
is that the host where the distribution list or mailing list is hosted
is not SPF-authorized, and almost certainly not which MTA or MLM you
use.

I'm not sure if you care about DMARC, or just whether it gets
through.  But if the latter, I'm not at all clear on exactly what
you're trying to test.

 > % dig +short TXT _spf.mail.yahoo.com
 > "v=spf1 ptr:yahoo.com ptr:yahoo.net ip4:206.108.40.0/27 ip4:199.16.139.0/26 ?all"

This is mostly unrelated to Yahoo's behavior when receiving messages.

Amusingly enough, RFC 7208 deprecates the "ptr" mechanism strongly.


From gaa at ulticom.com  Fri May 16 16:13:53 2014
From: gaa at ulticom.com (mail.ulticom.com)
Date: Fri, 16 May 2014 10:13:53 -0400
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <87sioacats.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53739948.8050608@ulticom.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp> <5374D4D5.6010400@ulticom.com>
 <87sioacats.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <B7E7942C-A712-46E3-B848-A07F2495E8D2@ulticom.com>


> On May 16, 2014, at 5:49, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Gary Algier writes:
> 
>> I ran some tests this morning.  I created an Exchange distribution list here 
>> and added myself five ways on the list:
>> 1. On our Exchange server (how I receive internal emails)
>> 2. On a local Linux server running sendmail and dovecot (how I receive "real 
>> mail")
>> 3. A Yahoo address.
>> 4. A Gmail address.
>> 5. An iCloud address.
>> 
>> I then sent an email to the list and to my work sendmail address.
> 
> Where did you send the mail from, what address was in "From", and what
> host did the DKIM signing?  Does the domain listed in "From" have a
> DMARC record?
Sorry, I forgot to mention that I sent from yahoo for these tests. The From: header said XXXX at yahoo.com.

> 
>> The DKIM checks seem to be good.  So, it seems that nothing has
>> changed in the content or checked header.  It must be SPf.
> 
> It could be SPF, but if it is it has nothing to do with DMARC.  DMARC
> accepts either SPF or DKIM as evidence of authenticity.  That is,
> either may fail as long as at least one succeeds.
> 
> If it is indeed SPF, then it doesn't matter what you use.  The problem
> is that the host where the distribution list or mailing list is hosted
> is not SPF-authorized, and almost certainly not which MTA or MLM you
> use.
> 
> I'm not sure if you care about DMARC, or just whether it gets
> through.  But if the latter, I'm not at all clear on exactly what
> you're trying to test.
My management wants to replace our in-house email with an Exchange Online (aka MS365) solution. Several high priced consultants have told them that Exchange can do it all.  I am trying to prove otherwise.

Actually to be fare, two consulting firms have said:
1. Exchange can't do what Mailman can. 
2. MS365 can't work with Mailman.
3. MS365 will cost more, don't do it.
They are being ignored because they did not supply the answers wanted.

> 
>> % dig +short TXT _spf.mail.yahoo.com
>> "v=spf1 ptr:yahoo.com ptr:yahoo.net ip4:206.108.40.0/27 ip4:199.16.139.0/26 ?all"
> 
> This is mostly unrelated to Yahoo's behavior when receiving messages.
> 
> Amusingly enough, RFC 7208 deprecates the "ptr" mechanism strongly.

From david at midrange.com  Fri May 16 16:26:56 2014
From: david at midrange.com (Gibbs, David)
Date: Fri, 16 May 2014 09:26:56 -0500
Subject: [Mailman-Users] reply_goes_to_list broken in 2.1.18-1?
In-Reply-To: <53755A8F.4070806@msapiro.net>
References: <ll2jja$81b$1@ger.gmane.org> <5374D923.7010205@msapiro.net>
 <ll2o69$sol$1@ger.gmane.org> <53755A8F.4070806@msapiro.net>
Message-ID: <ll577g$us0$1@ger.gmane.org>

On 5/15/2014 7:23 PM, Mark Sapiro wrote:
> Unfortunately, there's nothing there that helps me understand the
> cause of the issue.

OK.

I'll setup a sandbox install over the weekend and reproduce the issue.

david



-- 
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding a metric century (100 km / 62 miles) in the 2014 Chicagoland Tour de Cure to raise money for diabetes research, education, and advocacy.  Sponsor me by visiting http://email.diabetessucks.net. Any amount is appreciated.

See where I get my donations from ... visit http://email.diabetessucks.net/mapdonations.php for an interactive map (it's a geeky thing).


From mneedham at hdfgroup.org  Fri May 16 18:09:23 2014
From: mneedham at hdfgroup.org (Matthew Needham)
Date: Fri, 16 May 2014 16:09:23 +0000
Subject: [Mailman-Users] Executive summary of DMARC issues
In-Reply-To: <B7E7942C-A712-46E3-B848-A07F2495E8D2@ulticom.com>
References: <53739948.8050608@ulticom.com>
 <C2F1879073AE7347BAB44065F143E1700156F3FD99@nuwvicms2>
 <877g5nem9l.fsf@uwakimon.sk.tsukuba.ac.jp> <5374D4D5.6010400@ulticom.com>
 <87sioacats.fsf@uwakimon.sk.tsukuba.ac.jp>
 <B7E7942C-A712-46E3-B848-A07F2495E8D2@ulticom.com>
Message-ID: <928919F8-C370-42B0-B366-17AFC7D60724@hdfgroup.org>


Around a year ago we started using Exchange Online. In my experience, the undesired responses are correct.

On May 16, 2014, at 09:13 AM, mail.ulticom.com <gaa at ulticom.com> wrote:

> My management wants to replace our in-house email with an Exchange Online (aka MS365) solution. Several high priced consultants have told them that Exchange can do it all.  I am trying to prove otherwise.
> 
> Actually to be fare, two consulting firms have said:
> 1. Exchange can't do what Mailman can. 

It has fancy forwards, but besides rudimentary moderation, very little in the way of traditional mailing list features.


> 2. MS365 can't work with Mailman.

I migrated my lists to a dedicated subdomain to work around this, and some of the details surrounding that are documented in the list archives.


> 3. MS365 will cost more, don't do it.

This may or may not be true. It?s a subscription service, so costs will change. It seems like these services are trending to go down in price as competition goes up and more users sign on, but not always. (We qualified for nonprofit pricing, which has gone from $2/user/mo to FREE, which is nice. However, we?ve been told that we no longer qualify for the nonprofit program.)


Feel free to contact me directly for more details.


-- 

Matthew Needham
mneedham at hdfgroup.org
217-531-6110

The HDF Group
1800 South Oak Street, Suite 203
Champaign, IL 61820


From rstasel at uoregon.edu  Fri May 16 20:45:54 2014
From: rstasel at uoregon.edu (Ryan Stasel)
Date: Fri, 16 May 2014 18:45:54 +0000
Subject: [Mailman-Users] Remove user from all list approved senders list
Message-ID: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>

All, 

Can't seem to find an answer for this, but I'd imagine it would involve list_lists... but we have an employee leave rather poorly, and while I was able to remove them from all the lists with remove_members --fromall <email>, I can't seem to find a way to remove them from all lists approved senders (in sender filters) lists. 

Is there a way to do this? 

Thanks, and apologies if this is documented somewhere... google isn't giving me anything when I search for it in any way, shape, or form. Just how to disable moderation in general. 

Thanks! 

-Ryan Stasel

From mark at msapiro.net  Fri May 16 21:27:21 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 16 May 2014 12:27:21 -0700
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
Message-ID: <53766699.4010502@msapiro.net>

On 05/16/2014 11:45 AM, Ryan Stasel wrote:
> 
> Can't seem to find an answer for this, but I'd imagine it would involve list_lists... but we have an employee leave rather poorly, and while I was able to remove them from all the lists with remove_members --fromall <email>, I can't seem to find a way to remove them from all lists approved senders (in sender filters) lists. 
> 
> Is there a way to do this? 


See the script at <http://www.msapiro.net/scripts/non_members>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From rstasel at uoregon.edu  Fri May 16 22:16:52 2014
From: rstasel at uoregon.edu (Ryan Stasel)
Date: Fri, 16 May 2014 20:16:52 +0000
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <53766699.4010502@msapiro.net>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
Message-ID: <F529D318-97A8-41DD-B612-92CF89CA8323@uoregon.edu>

Awesome, thanks Mark! 

On May 16, 2014, at 12:27 , Mark Sapiro <mark at msapiro.net> wrote:

> On 05/16/2014 11:45 AM, Ryan Stasel wrote:
>> 
>> Can't seem to find an answer for this, but I'd imagine it would involve list_lists... but we have an employee leave rather poorly, and while I was able to remove them from all the lists with remove_members --fromall <email>, I can't seem to find a way to remove them from all lists approved senders (in sender filters) lists. 
>> 
>> Is there a way to do this? 
> 
> 
> See the script at <http://www.msapiro.net/scripts/non_members>.
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/rstasel%40uoregon.edu


From pshute at nuw.org.au  Sat May 17 00:02:50 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Sat, 17 May 2014 08:02:50 +1000
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <53766699.4010502@msapiro.net>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
Message-ID: <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>

> On 17 May 2014, at 5:28 am, "Mark Sapiro" <mark at msapiro.net> wrote:
> 
>> On 05/16/2014 11:45 AM, Ryan Stasel wrote:
>> 
>> Can't seem to find an answer for this, but I'd imagine it would involve list_lists... but we have an employee leave rather poorly, and while I was able to remove them from all the lists with remove_members --fromall <email>, I can't seem to find a way to remove them from all lists approved senders (in sender filters) lists. 
>> 
>> Is there a way to do this?
> 
> 
> See the script at <http://www.msapiro.net/scripts/non_members>.

Is this the same filter as used on the moderation page where it says "Add xyz at xyz.com to one of these filters" if I select the "Accepts" option? If so, is a script the only way to access its contents?

Peter Shute

From mark at msapiro.net  Sat May 17 00:39:00 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 16 May 2014 15:39:00 -0700
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
 <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>
Message-ID: <53769384.4080402@msapiro.net>

On 05/16/2014 03:02 PM, Peter Shute wrote:
>> On 17 May 2014, at 5:28 am, "Mark Sapiro" <mark at msapiro.net> wrote:
>>
>> See the script at <http://www.msapiro.net/scripts/non_members>.
> 
> Is this the same filter as used on the moderation page where it says "Add xyz at xyz.com to one of these filters" if I select the "Accepts" option? If so, is a script the only way to access its contents?


Yes it is the same, and it is in the web admin UI Privacy options ... ->
Sender filters -> *_these_nonmembers.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Sat May 17 02:56:43 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Sat, 17 May 2014 10:56:43 +1000
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <53769384.4080402@msapiro.net>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
 <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>
 <53769384.4080402@msapiro.net>
Message-ID: <478C4CF1-97F0-4300-8697-6A4A6E56B768@nuw.org.au>

> On 05/16/2014 03:02 PM, Peter Shute wrote:
>>> On 17 May 2014, at 5:28 am, "Mark Sapiro" <mark at msapiro.net> wrote:
>>> 
>>> See the script at <http://www.msapiro.net/scripts/non_members>.
>> 
>> Is this the same filter as used on the moderation page where it says "Add xyz at xyz.com to one of these filters" if I select the "Accepts" option? If so, is a script the only way to access its contents?
> 
> 
> Yes it is the same, and it is in the web admin UI Privacy options ... ->
> Sender filters -> *_these_nonmembers.

Thanks, found it. I didn't realise there were sub menus for that stuff.

Peter Shute

From stephen at xemacs.org  Sat May 17 09:08:10 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 17 May 2014 16:08:10 +0900
Subject: [Mailman-Users] Dealing with rate limiting from
	Roadrunner/Time	Warner
In-Reply-To: <D0172848-1760-4EE8-85C3-477BF9931515@alum.mit.edu>
References: <72D1B331-C092-4F08-9B32-3E3E3E48FF78@alum.mit.edu>
 <8761l7ekp6.fsf@uwakimon.sk.tsukuba.ac.jp>
 <768A9413-A13C-46CD-9A1B-CC444FC8AA81@alum.mit.edu>
 <87tx8qczw2.fsf@uwakimon.sk.tsukuba.ac.jp>
 <D0172848-1760-4EE8-85C3-477BF9931515@alum.mit.edu>
Message-ID: <87mwegdgrp.fsf@uwakimon.sk.tsukuba.ac.jp>

Conrad G T Yoder writes:
 > On May 15, 2014, at 8:48 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:

 > > The log you display is not a true bounce.
 > 
 > Gotcha.  I guess someone thought it was a true bounce and
 > configured their servers appropriately. :^) 

Could be.

The other possibility is that you have enough Roadrunner subscribers
that when a post goes out, one connection gets through, a bunch get a
temporary fail and requeued.  4 hours later, your MTA tries a bunch
and one gets through.  A bunch minus 1 get a temporary fail, and
requeued.  8 hours later, your MTA tries a bunch minus 1 and one gets
through.  A bunch minus 2 get a temporary fail, and requeued.  This
happens up to 5 times with approximately exponential backoff.  If the
5th retry fails, it will be considered a permanent failure (by your
MTA).  So if "a bunch" is bigger than 5, you'll get "true bounces".
If any of these retries overlaps with a new post, the problem gets
compounded.  (All the concrete numbers depend on your MTA's
configuration, but they're pretty typical, I believe).

At this point, it should be clear why I consider Roadrunner's policy
to be braindamaged.  They're wasting your resources and DoS'ing their
own users.

BTW, it should be possible to reconfigure your Mailman and MTA so that
Mailman sends the maximum number of addresses per SMTP connection (for
this you need to turn personalization OFF) permitted by Roadrunner in
one shot, and the MTA does as well.  It may be possible to get your
MTA or Mailman to sequence contacts to Roadrunner so that only one
SMTP connection is open at a time.  Maybe Roadrunner will tell you
what the relevant numbers are, or even give you a higher limit.

Nevertheless, as long as they have this policy, the possibility of a
retry cascade exists.  And the numbers that Roadrunner offers may be
much smaller than your MTA's optimal configuration from your point of
view.

 > I have not yet tried the nuclear option - the infamous EECB
 > (Executive Email Carpet Bomb).

Bu-wha-ha-ha-ha!  But I hope things don't go that far.

Steve

From stephen at xemacs.org  Sat May 17 09:14:40 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sat, 17 May 2014 16:14:40 +0900
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <478C4CF1-97F0-4300-8697-6A4A6E56B768@nuw.org.au>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
 <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>
 <53769384.4080402@msapiro.net>
 <478C4CF1-97F0-4300-8697-6A4A6E56B768@nuw.org.au>
Message-ID: <87lhu0dggv.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > Thanks, found it. I didn't realise there were sub menus for that stuff.

That's not good.  Is there something we could do to help make it
obvious that (many) more settings are accessible?


From jsetton at waycast.com  Sat May 17 10:28:50 2014
From: jsetton at waycast.com (Jacques Setton (Waycast Corp))
Date: Sat, 17 May 2014 10:28:50 +0200
Subject: [Mailman-Users] Missing sections in the latest version of the
	Mailman List Administration Manual
Message-ID: <002b01cf71aa$07d71970$17854c50$@waycast.com>

Hi,

In the latest PDF revision of the GNU Mailman - List Administration Manual
<http://www.gnu.org/software/mailman/mailman-admin.pdf> , dated May 9 -
2014, the text content is missing for sections beyond 2.10 and till the end
of the manual (i.e. section 6) .

Is there any particular reason why this text content is missing ? Is it
published elsewhere online ?

Along the same vein, has an updated PDF version for the  GNU Mailman - List
Member Manual <http://www.list.org/mailman-member.pdf> , dated September 28
- 2013, been released ?  

 

Thanks for clarifying the status regarding the up-to-date  Mailman published
documentation.

- - - 

 Jacques Setton

jsetton at waycast.com

  


From pshute at nuw.org.au  Sat May 17 11:20:52 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Sat, 17 May 2014 19:20:52 +1000
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <87lhu0dggv.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
 <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>
 <53769384.4080402@msapiro.net>
 <478C4CF1-97F0-4300-8697-6A4A6E56B768@nuw.org.au>
 <87lhu0dggv.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <2AACD8DC-A7ED-46EF-8036-34B9E25A1940@nuw.org.au>

> On 17 May 2014, at 5:14 pm, "Stephen J. Turnbull" <stephen at xemacs.org> wrote:
> 
> Peter Shute writes:
> 
>> Thanks, found it. I didn't realise there were sub menus for that stuff.
> 
> That's not good.  Is there something we could do to help make it
> obvious that (many) more settings are accessible?

Probably not necessary. I've only had an admin password for a few days, so I'm still not familiar with the interface. I found the reference to "sub categories" in the manual, but took a while to work out their parameters weren't just listed on the main Privacy section.

I do think it's slightly unusual to have a multicolumn menu expanding out like that, so perhaps other newbies haven't spotted them too. Hiding them doesn't really save a lot of space in the menu.

Peter Shute

From mark at msapiro.net  Sat May 17 18:43:52 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 17 May 2014 09:43:52 -0700
Subject: [Mailman-Users] Missing sections in the latest version of the
 Mailman List Administration Manual
In-Reply-To: <002b01cf71aa$07d71970$17854c50$@waycast.com>
References: <002b01cf71aa$07d71970$17854c50$@waycast.com>
Message-ID: <537791C8.3060406@msapiro.net>

On 05/17/2014 01:28 AM, Jacques Setton (Waycast Corp) wrote:
> 
> In the latest PDF revision of the GNU Mailman - List Administration Manual
> <http://www.gnu.org/software/mailman/mailman-admin.pdf> , dated May 9 -
> 2014, the text content is missing for sections beyond 2.10 and till the end
> of the manual (i.e. section 6) .
> 
> Is there any particular reason why this text content is missing ? Is it
> published elsewhere online ?


As it says at <http://www.gnu.org/software/mailman/admins.html> (and
<http://www.list.org/admins.html>) "The GNU Mailman - List
administrator's Manual by Terri Oda is available, but not yet complete."
This is still the case.

There is some documentation of the things in sections 2.11 - 5 in the
web UI itself, but that's all.

The intent is that this manual will be at
<http://wiki.list.org/display/DOC/Mailman+2.1+List+Administrators+Manual>,
but the version there is currently even less complete.


> Along the same vein, has an updated PDF version for the  GNU Mailman - List
> Member Manual <http://www.list.org/mailman-member.pdf> , dated September 28
> - 2013, been released ?  


That manual has not been updated because as far as I know, no updates
are needed. If this is not the case, let me know.

Also note that the "current" version of this manual is at
<http://wiki.list.org/display/DOC/Mailman+2.1+Members+Manual>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sat May 17 18:47:18 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 17 May 2014 09:47:18 -0700
Subject: [Mailman-Users] Remove user from all list approved senders list
In-Reply-To: <2AACD8DC-A7ED-46EF-8036-34B9E25A1940@nuw.org.au>
References: <025955F3-54F6-435C-82BE-44D6E36F5E80@uoregon.edu>
 <53766699.4010502@msapiro.net>
 <811A1E9A-9BD2-4420-B592-10FE4B78734B@nuw.org.au>
 <53769384.4080402@msapiro.net>
 <478C4CF1-97F0-4300-8697-6A4A6E56B768@nuw.org.au>
 <87lhu0dggv.fsf@uwakimon.sk.tsukuba.ac.jp>
 <2AACD8DC-A7ED-46EF-8036-34B9E25A1940@nuw.org.au>
Message-ID: <53779296.6050209@msapiro.net>

On 05/17/2014 02:20 AM, Peter Shute wrote:
> 
> I do think it's slightly unusual to have a multicolumn menu expanding out like that, so perhaps other newbies haven't spotted them too. Hiding them doesn't really save a lot of space in the menu.


The idea is that when the category name ends with '...', there are
sub-categories, but obviously, this is not clear.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sun May 18 03:18:55 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 17 May 2014 18:18:55 -0700
Subject: [Mailman-Users] Avoiding DMARC unsubscribes by enabling VERP_PROBES
Message-ID: <53780A7F.7000608@msapiro.net>

A post in another thread reminded me of something I had overlooked until
now.

If you are a site admin and you are only concerned about users being
unsubscribed because of DMARC policy bounces, and you are not concerned
about the mail delivery issues - i.e., it's OK if they miss the
occasional post from a Yahoo or AOL user; someone else will quote it
anyway ;) - you can set

VERP_PROBES = Yes

in mm_cg.py. I added a note about this to the FAQ at
<http://wiki.list.org/x/ggARAQ>

This works because with VERP_PROBES enabled, a user whose bounce score
reaches threshold does not have delivery immediately disabled. Instead,
the user's bounce score is reset and a VERP like probe is sent to the
user. If the probe bounces, the user's delivery is then disabled, but if
the original bounces were for DMARC, the probe won't bounce because it
is From: the list.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Sun May 18 10:14:48 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Sun, 18 May 2014 18:14:48 +1000
Subject: [Mailman-Users] Avoiding DMARC unsubscribes by enabling
 VERP_PROBES
In-Reply-To: <53780A7F.7000608@msapiro.net>
References: <53780A7F.7000608@msapiro.net>
Message-ID: <8BEEC1BC-927A-4AD7-B67B-97237E79BFF4@nuw.org.au>

Why isn't this the default setting? Is there some disadvantage to it?

Peter Shute

Sent from my iPad

> On 18 May 2014, at 11:19 am, "Mark Sapiro" <mark at msapiro.net> wrote:
> 
> A post in another thread reminded me of something I had overlooked until
> now.
> 
> If you are a site admin and you are only concerned about users being
> unsubscribed because of DMARC policy bounces, and you are not concerned
> about the mail delivery issues - i.e., it's OK if they miss the
> occasional post from a Yahoo or AOL user; someone else will quote it
> anyway ;) - you can set
> 
> VERP_PROBES = Yes
> 
> in mm_cg.py. I added a note about this to the FAQ at
> <http://wiki.list.org/x/ggARAQ>
> 
> This works because with VERP_PROBES enabled, a user whose bounce score
> reaches threshold does not have delivery immediately disabled. Instead,
> the user's bounce score is reset and a VERP like probe is sent to the
> user. If the probe bounces, the user's delivery is then disabled, but if
> the original bounces were for DMARC, the probe won't bounce because it
> is From: the list.
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/pshute%40nuw.org.au

From stephen at xemacs.org  Sun May 18 16:28:15 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sun, 18 May 2014 23:28:15 +0900
Subject: [Mailman-Users] Avoiding DMARC unsubscribes by enabling
 VERP_PROBES
In-Reply-To: <8BEEC1BC-927A-4AD7-B67B-97237E79BFF4@nuw.org.au>
References: <53780A7F.7000608@msapiro.net>
 <8BEEC1BC-927A-4AD7-B67B-97237E79BFF4@nuw.org.au>
Message-ID: <87oayvf9fk.fsf@uwakimon.sk.tsukuba.ac.jp>

Peter Shute writes:

 > Why isn't this the default setting? Is there some disadvantage to
 > it?

Until now, you only needed it when one of your peers was seriously
broken.  DMARC p=reject now means that AOL and Yahoo! are breaking
other hosts en masse.

Disadvantage, yes.  It requires resources from hosts which aren't
broken, both yours and those of completely innocent third parties
whose only "crime" is to participate in mailing lists on your host.
It covers up the fact that the messages that bounce are also wasting
your and third parties' resources.  *These* resources are significant,
because they involve cryptographic checks on whole messages, messages
which are typically already bloated by a factor of 5 or so by HTML,
and sometimes much more by "cute" background images and the like.

We really really want to stop these bounces in their tracks.
*Everybody* does; they do not help anybody.

Regards,


From mark at msapiro.net  Sun May 18 20:50:10 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 18 May 2014 11:50:10 -0700
Subject: [Mailman-Users] Avoiding DMARC unsubscribes by enabling
	VERP_PROBES
In-Reply-To: <8BEEC1BC-927A-4AD7-B67B-97237E79BFF4@nuw.org.au>
References: <53780A7F.7000608@msapiro.net>
 <8BEEC1BC-927A-4AD7-B67B-97237E79BFF4@nuw.org.au>
Message-ID: <537900E2.80403@msapiro.net>

On 05/18/2014 01:14 AM, Peter Shute wrote:
> Why isn't this the default setting? Is there some disadvantage to it?


In addition to what Stephen said, VERP_PROBES requires that your MTA be
configured to recognize address local parts of the form
listname-bounces+token and deliver them the same as listname-bounces (In
Postfix, 'recipient_delimiter = +') or to use a different delimiter that
VERP_PROBE_FORMAT and VERP_PROBE_REGEXP be adjusted.

Since we can't rely on that, and since if it doesn't work, no one will
ever have delivery disabled or be removed by bounce processing, the
default is No.

When this feature was first implemented in 2.1.5, it was always on. It
was soon realized that this was a mistake and in 2.1.6 it was controlled
by a switch and defaulted to off.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From incoming-pythonlists at rjl.com  Mon May 19 09:42:52 2014
From: incoming-pythonlists at rjl.com (Natu)
Date: Mon, 19 May 2014 00:42:52 -0700
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <53725A99.6020605@msapiro.net>
References: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
 <5371A042.50303@msapiro.net>
 <C462F217-E68D-426D-BA8A-8AC87BA63CC1@Nathanson.org>
 <53725A99.6020605@msapiro.net>
Message-ID: <5379B5FC.6030006@rjl.com>

On 05/13/2014 10:47 AM, Mark Sapiro wrote:
>> Today I experimented with first_strip_reply_to set to No.  
>>
>> This means that a reply is addressed to both the list and to previous author. 
>> If nodups = Yes. 
>> Then the previous author will get only 1 copy of the message. But the copy they get is the direct mail (including senders email address), not the list mail. When that person replies to the message, it will only go to the most recent previous author, not to the list. 
>>
>> Maybe this is acceptable(?), since most of the time people don't reply to their own list messages?  
>
> DMARC has forced mitigation responses. As far as I can tell, there are
> no ways to deal with this that don't involve impacts on message
> readability, replies or both other than not accepting messages From:
> domains with DMARC p=reject.
>
>
>

I have chosen, at least temporarily, to rewrite the from header as follows:

s/^(From:.*)([^ \t<>]+)@((yahoo|aol)\.com)/\1\2-AT-\3 at mydomain.com/

So, addresses get rewritten as:

From: yahoousername-AT-yahoo.com at mydomain.com

and I do this only for domains which use p=reject and I make sure that
there is always a reply-to header, since the From is no longer a valid
email address.

My sense is that someone could come up with arguments as to why this is
a bad idea, but so far I like what it looks like to the user better than
other options I have seen.

I have not yet installed the 2.1.18 release though I hope to do that soon.

Nataraj



From jsetton at waycast.com  Mon May 19 13:15:07 2014
From: jsetton at waycast.com (Jacques Setton (Waycast Corp))
Date: Mon, 19 May 2014 13:15:07 +0200
Subject: [Mailman-Users] Missing sections in the latest version of the
	Mailman List Administration Manual
In-Reply-To: <537791C8.3060406@msapiro.net>
References: <002b01cf71aa$07d71970$17854c50$@waycast.com>
 <537791C8.3060406@msapiro.net>
Message-ID: <010a01cf7353$989a69d0$c9cf3d70$@waycast.com>


>> As it says at <http://www.gnu.org/software/mailman/admins.html> (and
>> <http://www.list.org/admins.html>) "The GNU Mailman - List
administrator's 
>> Manual by Terri Oda is available, but not yet complete."
>> This is still the case.

I had noticed that the new PDF Admin's Manual released on May 9 / 2014 was
showing 
the same missing sections as in the one released on  Sept 28 / 2013. Hence
my question...

>> That manual has not been updated because as far as I know, no updates are
needed. 
>> If this is not the case, let me know. Also note that the "current"
version of this manual is 
>> at <http://wiki.list.org/display/DOC/Mailman+2.1+Members+Manual>

Thanks Mark for this clarification and for sharing the current Members'
Manual link location.
Should I have comments about any element requiring an update in it, I'll let
you know.

- - - 
 Jacques Setton
 jsetton at waycast.com

-----Message d'origine-----
De?: Mark Sapiro [mailto:mark at msapiro.net] 
Envoy??: samedi 17 mai 2014 18:44
??: mailman-users at python.org
Objet?: Re: [Mailman-Users] Missing sections in the latest version of the
Mailman List Administration Manual



From sergiodj at sergiodj.net  Mon May 19 08:41:05 2014
From: sergiodj at sergiodj.net (Sergio Durigan Junior)
Date: Mon, 19 May 2014 03:41:05 -0300
Subject: [Mailman-Users] Mailman + Exim + strange headers
Message-ID: <87bnuul18e.fsf@sergiodj.net>

Hi there,

I've recently set up Mailman on my server, which runs Exim as the MTA
(Debian).  Things worked almost like a charm, except for one little
detail: the messages' headers seem a little strange to me.  Take a look
at this example:

--8<---------------cut here---------------start------------->8---
Received: from localhost ([::1] helo=host.bla)
	by host.bla with esmtp (Exim 4.80)
	(envelope-from <list-bounces at list.bla>)
	id 1Wm4qV-0004Xb-2z; Sun, 18 May 2014 14:25:59 -0300
Received: from smtp.ble ([ANY.IP])
 by host.bla with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.80) (envelope-from <user at ble>)
 id 1Wm4qU-0004XV-9S
 for list at list.bla; Sun, 18 May 2014 14:25:58 -0300
Received: from [ANY.IP] (helo=localhost)
 by smtp.ble with esmtpsa (TLSv1:AES128-SHA:128)
 (Exim 4.62) (envelope-from <user at ble>)
 id 1Wm4qO-0005mm-GQ
 for list at list.bla; Sun, 18 May 2014 14:25:52 -0300

[...]

References: <ref1> <ref2>
 <ref3>

[...]
--8<---------------cut here---------------end--------------->8---

As you can see, the first two "Received:" headers got messed up somehow,
and the lines are not being prefix by \t but by one single space char.
The same thing happens with the "References:", and all the other headers
below.

After some investigation (and lots of email back and forth), I decided
it is not Exim's fault, because it doesn't happen on situations when I
use Exim without Mailman, so maybe it is Mailman or some weird scenario
of Mailman + Exim modifying the e-mails without permission.

I am using Debian Wheezy (7.1), with Exim 4.80-7 and Mailman 2.1.15-1.
I can provide my configuration files for Mailman and Exim, but basically
what I did was to follow <http://www.exim.org/howto/mailman21.html>.

Any help is appreciated.  Thanks,

-- 
Sergio

From markr at signal100.com  Mon May 19 06:45:02 2014
From: markr at signal100.com (Mark Rousell)
Date: Mon, 19 May 2014 05:45:02 +0100
Subject: [Mailman-Users] Possible to include unique link to archive in each
	message?
Message-ID: <53798C4E.6080505@signal100.com>

I've often wanted to know the URL of a specific message in an archive of
a Mailman list so that I could refer to it in a later message. Unless
I'm missing something, finding the URL requires manually going to the
archive and searching for the message even if I happen to have it in
front of me in my mail client. I can't directly derive the archive URL
just from looking at the message header or body in the mail client.

Can Mailman include the web archive URL for a message in the message
header itself? Say in something like a "X-This-Message-In-Archive"
header or perhaps in a footer in the body?

I've never noticed this in a Mailman list and I don't know if it is
possible but it seems like something that would be quite useful. It
would save manual steps when people need to refer to an existing message.

Apologies if this is possible and I've just missed it (or if it's not
turned on by most lists).

As far as I can see, Mailman should have all the info it needs to be
able to add such a header or footer field.



-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From stephen at xemacs.org  Mon May 19 16:29:45 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 19 May 2014 23:29:45 +0900
Subject: [Mailman-Users] Possible to include unique link to archive in
	each	message?
In-Reply-To: <53798C4E.6080505@signal100.com>
References: <53798C4E.6080505@signal100.com>
Message-ID: <877g5hdep2.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Rousell writes:

 > Can Mailman include the web archive URL for a message in the message
 > header itself?

Mailman 2 can't.  Mailman 3 is able to do it, but I'm not sure what
the state of the art on implementing this conveniently for list owers
is.

 > As far as I can see, Mailman should have all the info it needs to be
 > able to add such a header or footer field.

Nope.  Mailman core doesn't have the sequence number as used in the
archive (it is not necessarily the same as the one that would be put
in the Subject header).  It's the province of the archiver, which is a
separate progrom.  So Mailman has no idea what the sequence number is.
What Mailman 3 provides is a way for the archiver to tell Mailman what
the URL will be.

From stephen at xemacs.org  Mon May 19 16:43:16 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 19 May 2014 23:43:16 +0900
Subject: [Mailman-Users]  Mailman + Exim + strange headers
In-Reply-To: <87bnuul18e.fsf@sergiodj.net>
References: <87bnuul18e.fsf@sergiodj.net>
Message-ID: <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp>

Sergio Durigan Junior writes:

 > As you can see, the first two "Received:" headers got messed up somehow,

I don't understand what you mean by "messed up".  They looked
perfectly readable and RFC-conforming to me.

 > and the lines are not being prefix by \t but by one single space
 > char.

This is the RFC 5322 recommendation for folding header fields (use a
space, not a tab).

 > use Exim without Mailman, so maybe it is Mailman or some weird scenario
 > of Mailman + Exim modifying the e-mails without permission.

Older versions of Mailman (I'm not sure how old) are known to
sometimes modify the headers by unfolding them and then refolding them
when reassembling the message.  This may still be true of the most
recent versions.  I believe this is considered a bug but hard to fix,
and probably not worth fixing for that reason.  Is this actually
causing problems, or is it just ugly?





From markr at signal100.com  Mon May 19 17:00:03 2014
From: markr at signal100.com (Mark Rousell)
Date: Mon, 19 May 2014 16:00:03 +0100
Subject: [Mailman-Users] Possible to include unique link to archive in
 each message?
In-Reply-To: <877g5hdep2.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53798C4E.6080505@signal100.com>
 <877g5hdep2.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <537A1C73.5070109@signal100.com>

On 19/05/2014 15:29, Stephen J. Turnbull wrote:
> Mark Rousell writes:
> 
>  > Can Mailman include the web archive URL for a message in the message
>  > header itself?
> 
> Mailman 2 can't.  Mailman 3 is able to do it, but I'm not sure what
> the state of the art on implementing this conveniently for list owers
> is.
> 
>  > As far as I can see, Mailman should have all the info it needs to be
>  > able to add such a header or footer field.
> 
> Nope.  Mailman core doesn't have the sequence number as used in the
> archive (it is not necessarily the same as the one that would be put
> in the Subject header).  It's the province of the archiver, which is a
> separate progrom.  So Mailman has no idea what the sequence number is.
> What Mailman 3 provides is a way for the archiver to tell Mailman what
> the URL will be.

Many thanks.


-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From drew.tenenholz at isid.org  Mon May 19 17:09:30 2014
From: drew.tenenholz at isid.org (Drew Tenenholz)
Date: Mon, 19 May 2014 11:09:30 -0400
Subject: [Mailman-Users] Approve/Deny moderated posts via email - my failure
 to understand how
Message-ID: <p06240825cf9fcb1cfdd2@[192.168.2.167]>

All --

I must be confused about approving/denying moderated posts via email.  Let's assume that, for the time being, I do not have access to the moderator web interface and MUST use email.

When a moderated message came in this morning, I _thought_ I followed the instructions by hitting reply, then adding the Approved header to the top of the message body as below.

What happened instead was that my message (I'm also an approved list member) got sent to the list VERBATIM, including the display of the list password.  This is a minor list, and the damage is minimal, but I don't want this to happen again.  I've had similar problems before, and thus stayed clear of the email method to approve/deny, but now that the web interface is down, I NEED this to work correctly.

What's the trick to being able to approve/deny via email?

Sincerely,
Drew Tenenholz


>To: list-owner at domain.tld
>From: drew.tenenholz at isid.org (a list owner)
>Subject: Re: LISTNAME post from sender at domain.tld requires approval
>
>Body:  Approved: <password>
>and the rest of the message...
>
>--===============2033675339==
>Content-Type: text/plain; charset="us-ascii"
>MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit
>
>As list administrator, your authorization is requested for the
>following mailing list posting:
>
>    List:    LISTNAME at donain.tld
>    From:    sender at gmail.com
>    Subject: Fwd: Some sily subject
>    Reason:  Message body is too big: 1173463 bytes with a limit of 400 KB


From sergiodj at sergiodj.net  Mon May 19 18:56:28 2014
From: sergiodj at sergiodj.net (Sergio Durigan Junior)
Date: Mon, 19 May 2014 13:56:28 -0300
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp> (Stephen J. Turnbull's
 message of "Mon, 19 May 2014 23:43:16 +0900")
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <m3d2f9hflv.fsf@sergiodj.net>

On Monday, May 19 2014, Stephen J. Turnbull wrote:

> Sergio Durigan Junior writes:
>
>  > As you can see, the first two "Received:" headers got messed up somehow,
>
> I don't understand what you mean by "messed up".  They looked
> perfectly readable and RFC-conforming to me.
>
>  > and the lines are not being prefix by \t but by one single space
>  > char.
>
> This is the RFC 5322 recommendation for folding header fields (use a
> space, not a tab).

Thanks for pointing the RFC.  I had the impression that, a while ago, I
read an RFC explicitly mentioning that it should be a \t, not a space.
Probably a thinko.

>  > use Exim without Mailman, so maybe it is Mailman or some weird scenario
>  > of Mailman + Exim modifying the e-mails without permission.
>
> Older versions of Mailman (I'm not sure how old) are known to
> sometimes modify the headers by unfolding them and then refolding them
> when reassembling the message.  This may still be true of the most
> recent versions.  I believe this is considered a bug but hard to fix,
> and probably not worth fixing for that reason.  Is this actually
> causing problems, or is it just ugly?

I am not exactly sure, but I wanted to try "fixing" this and see if
things got better.  The real problem is Google/Gmail tagging the mailing
list messages as Spam, but since the headers are fine, the cause must be
something else.

Thank you,

-- 
Sergio

From johnl at taugh.com  Mon May 19 19:02:57 2014
From: johnl at taugh.com (John Levine)
Date: 19 May 2014 17:02:57 -0000
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <5379B5FC.6030006@rjl.com>
Message-ID: <20140519170257.39394.qmail@joyce.lan>

>So, addresses get rewritten as:
>
>From: yahoousername-AT-yahoo.com at mydomain.com

>My sense is that someone could come up with arguments as to why this is
>a bad idea, ...

It's a bad idea for the same reason that all of the other anti-DMARC
hacks are a bad idea, they break the existing usage of mail.

Under the current unpleasant circumstances, it's not much worse than
any other, give or take what you do with the replies.  Do you forward
them back to the original user?  Reject with a mysterious failure
code?  Discard them?

RFC nitpick: the mailbox part of an address is limited to 64
characters, so this has some risk of violating that limit, and there
are a few MTAs that care.  The domain part can be up to 256 which is
why I put my noise there.

R's,
John

From fmouse at fmp.com  Mon May 19 19:35:02 2014
From: fmouse at fmp.com (Lindsay Haisley)
Date: Mon, 19 May 2014 12:35:02 -0500
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
References: <FB9A1A72-0BA2-4A72-9D34-51B7136A7A24@nathanson.org>
Message-ID: <1400520902.13050.55.camel@pudina.fmp.com>

On Mon, 2014-05-12 at 20:45 -0700, Dave Nathanson wrote:
> Since DEMARC we don't know who is authoring list messages anymore. 

The use of DMARC p=reject by ESPs _implies_ either some loss of
information, or the necessity to encapsulate a list post losslessly as a
MIME spec'd attachment.  The former solution unavoidably violates RFCs,
while the latter is RFC compliant.  But because the world is full of
MUAs which don't handle the required Content-Type uniformly, and
non-tech email users who are confused/put off by this, it may be judged
to be a Bad Idea from a practical point of view.

As Mark pointed out, the best possible selection of current alternatives
is available in MM 2.1.18-1, where both options are available.

My guess is that going forward, authenticated email of one sort or
another will become more common, and that MIME encapsulation of
contents, like double-boxing fragile items when shipping them, will be
come a standard practice, requiring better standardization in MUAs as to
how this is presented.

Email protocols were developed in an era of a kinder, gentler Internet
where every SMTP server was an open relay and spamming and phishing were
very much the exception rather than the rule.  It's an incredible
testament to the folks who designed these protocols that the Internet
email system, arguably the most stressed of all Internet services, still
works at all, but it's fairly obvious that something is going to have to
change.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |          --- The Roadie
http://www.fmp.com    |


From incoming-pythonlists at rjl.com  Mon May 19 23:02:51 2014
From: incoming-pythonlists at rjl.com (Natu)
Date: Mon, 19 May 2014 14:02:51 -0700
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <20140519170257.39394.qmail@joyce.lan>
References: <20140519170257.39394.qmail@joyce.lan>
Message-ID: <537A717B.1000503@rjl.com>

On 05/19/2014 10:02 AM, John Levine wrote:
>> So, addresses get rewritten as:
>>
>> From: yahoousername-AT-yahoo.com at mydomain.com
>> My sense is that someone could come up with arguments as to why this is
>> a bad idea, ...
> It's a bad idea for the same reason that all of the other anti-DMARC
> hacks are a bad idea, they break the existing usage of mail.
>
> Under the current unpleasant circumstances, it's not much worse than
> any other, give or take what you do with the replies.  Do you forward
> them back to the original user?  Reject with a mysterious failure
> code?  Discard them?

Thank you for your feedback.  I'm most inclined to handle replies based
on the needs of the particular list.  Personally I find myself sending
most replies to the list address and for small lists like the ones I
run, I think that's the best choice.   So I'm inclined to add/replace
the reply to header to the list address.   I know many high traffic
lists prefer the reply to default directly to the sender.  In that case,
if there is an existing reply-to, I would keep that, otherwise, copy the
original from header into the reply-to.

I run a mail client (thunderbird) which recognizes mailing lists, and so
provides me with a reply and a reply-list button.  My sense is that
there are alot of mail clients that don't do that, so the default has to
take that into consideration.  I think the defaults should provide the
best support for non-technical/inexperienced users.  Yahoo, by default
adds a reply-to header.

>
> RFC nitpick: the mailbox part of an address is limited to 64
> characters, so this has some risk of violating that limit, and there
> are a few MTAs that care.  The domain part can be up to 256 which is
> why I put my noise there.

Ok, I will consider that, though if I really get mailbox names that
long, maybe they should be treated as spam anyway.





>
> R's,
> John


From johnl at taugh.com  Tue May 20 01:49:03 2014
From: johnl at taugh.com (John Levine)
Date: 19 May 2014 23:49:03 -0000
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <537A717B.1000503@rjl.com>
Message-ID: <20140519234903.3697.qmail@joyce.lan>

>>> From: yahoousername-AT-yahoo.com at mydomain.com

>> Under the current unpleasant circumstances, it's not much worse than
>> any other, give or take what you do with the replies.  Do you forward
>> them back to the original user?  Reject with a mysterious failure
>> code?  Discard them?
>
>Thank you for your feedback.  I'm most inclined to handle replies based
>on the needs of the particular list. ...

No, I mean what will you do when people respond to your synthesized
names?  At some point you'll get mail at the server for mydomain.com
for yahoousername-AT-yahoo.com at mydomain.com.  What will you do with it?

One of the reasons I did the .invalid hack (which you can do with
essentially the same code you're using) is that it's clear that the
address isn't deliverable so there's no question of what happens to it.

R's,
John

From aoife at meherbabamariposa.org  Mon May 19 13:32:16 2014
From: aoife at meherbabamariposa.org (Cheryl D Johnson)
Date: Mon, 19 May 2014 04:32:16 -0700
Subject: [Mailman-Users] What's the best choice as a list-owner w/out
	server-lvl access ?
Message-ID: <5379EBC0.3020207@meherbabamariposa.org>

Hi folks,

My webhost is running Mailman 2.1.15 at the moment and no indication 
if/when Mailman will be updated to 2.1.18-1. I'm managing several lists 
with Yahoo and AOL subscribers (and my boss) who are upset
that they've been moderated and don't care to hear about the reasons why.

What are the best (and quickest) choices for a list-admin with no 
server-level access to Mailman? To turn off the bounces and/or set the 
'reply-to' to something specific like the list address? Or something else?

Or do we have to wait until the webhost updates to 2.1.18-1?

Thanks for any assistance,

Cheryl D Johnson

From mark at msapiro.net  Tue May 20 02:43:28 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 19 May 2014 17:43:28 -0700
Subject: [Mailman-Users] Missing sections in the latest version of the
 Mailman List Administration Manual
In-Reply-To: <010a01cf7353$989a69d0$c9cf3d70$@waycast.com>
References: <002b01cf71aa$07d71970$17854c50$@waycast.com>
 <537791C8.3060406@msapiro.net> <010a01cf7353$989a69d0$c9cf3d70$@waycast.com>
Message-ID: <537AA530.4090106@msapiro.net>

On 05/19/2014 04:15 AM, Jacques Setton (Waycast Corp) wrote:
> 
> I had noticed that the new PDF Admin's Manual released on May 9 / 2014 was
> showing 
> the same missing sections as in the one released on  Sept 28 / 2013. Hence
> my question...


It was updated only to add some from_is_list and dmarc_moderation info.

Note that all formats of these manuals other than those at wiki.list.org
are produced from LaTeX masters, and they get new dates any time they
are regenerated from the master, so even when the date is changed, the
contents may not have been.


> Thanks Mark for this clarification and for sharing the current Members'
> Manual link location.
> Should I have comments about any element requiring an update in it, I'll let
> you know.


Thank you.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 20 02:51:25 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 19 May 2014 17:51:25 -0700
Subject: [Mailman-Users] What's the best choice as a list-owner w/out
 server-lvl access ?
In-Reply-To: <5379EBC0.3020207@meherbabamariposa.org>
References: <5379EBC0.3020207@meherbabamariposa.org>
Message-ID: <537AA70D.5050302@msapiro.net>

On 05/19/2014 04:32 AM, Cheryl D Johnson wrote:
> 
> What are the best (and quickest) choices for a list-admin with no
> server-level access to Mailman? To turn off the bounces and/or set the
> 'reply-to' to something specific like the list address? Or something else?


A list owner with no server access can only do items 2), 3) or 6) in the
FAQ at <http://wiki.list.org/x/ggARAQ>. None of these is really a
satisfactory solution. In fact, even if you have server access and
Mailman2.1.18-1, there are no really satisfactory solutions.


> Or do we have to wait until the webhost updates to 2.1.18-1?


Mailman 2.1.18-1 gives the list owner more and better options, but still
may create issues with readability and/or replies.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From cherylaoife at meherbabamariposa.org  Tue May 20 02:56:28 2014
From: cherylaoife at meherbabamariposa.org (Cheryl 'Aoife' Johnson)
Date: Mon, 19 May 2014 17:56:28 -0700
Subject: [Mailman-Users] What's the best choice as a list-owner w/out
 server-lvl access ?
In-Reply-To: <537AA70D.5050302@msapiro.net>
References: <5379EBC0.3020207@meherbabamariposa.org>
 <537AA70D.5050302@msapiro.net>
Message-ID: <537AA83C.8060109@meherbabamariposa.org>

Thanks, Mark. I get there are no really satisfactory solutions - I just 
needed something to try, to try and appease those who won't switch ESPs.

Cheers,
Cheryl


On 05/19/2014 05:51 PM, Mark Sapiro wrote:
> On 05/19/2014 04:32 AM, Cheryl D Johnson wrote:
>> What are the best (and quickest) choices for a list-admin with no
>> server-level access to Mailman? To turn off the bounces and/or set the
>> 'reply-to' to something specific like the list address? Or something else?
>
> A list owner with no server access can only do items 2), 3) or 6) in the
> FAQ at <http://wiki.list.org/x/ggARAQ>. None of these is really a
> satisfactory solution. In fact, even if you have server access and
> Mailman2.1.18-1, there are no really satisfactory solutions.
>
>
>> Or do we have to wait until the webhost updates to 2.1.18-1?
>
> Mailman 2.1.18-1 gives the list owner more and better options, but still
> may create issues with readability and/or replies.
>

-- 


------------------------------------------------------------------------
Cheryl D Johnson


From mark at msapiro.net  Tue May 20 03:31:14 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 19 May 2014 18:31:14 -0700
Subject: [Mailman-Users] Approve/Deny moderated posts via email - my
 failure to understand how
In-Reply-To: <p06240825cf9fcb1cfdd2@[192.168.2.167]>
References: <p06240825cf9fcb1cfdd2@[192.168.2.167]>
Message-ID: <537AB062.8010501@msapiro.net>

On 05/19/2014 08:09 AM, Drew Tenenholz wrote:
> 
> When a moderated message came in this morning, I _thought_ I followed the instructions by hitting reply, then adding the Approved header to the top of the message body as below.
> 
> What happened instead was that my message (I'm also an approved list member) got sent to the list VERBATIM, including the display of the list password.  This is a minor list, and the damage is minimal, but I don't want this to happen again.  I've had similar problems before, and thus stayed clear of the email method to approve/deny, but now that the web interface is down, I NEED this to work correctly.


If you replied to the message, your reply was only sent to the list
owners and moderators, not to the whole list, and the approved pseudo
header wasn't stripped because it isn't anticipated the messages to
-owner have one.


> What's the trick to being able to approve/deny via email?


The thing that told you you could reply to this message to discard the
post or with an Approved: header or first body line to accept it, was a
separate message/rfc822 part, ant it was telling you to reply to that
part, not the outer message. That message is From: the list -request
address with Subject: confirm <confirmation token>.

So the trick is to send a message to the list -request address with
Subject: confirm <confirmation token> (or maybe Re: confirm
<confirmation token>) and with the Approved: header or first body line,
which you can do by replying to the message/rfc822 sub-part if your MUA
supports that. Otherwise you need some copy and paste.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 20 03:52:21 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 19 May 2014 18:52:21 -0700
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <537AB555.9040006@msapiro.net>

On 05/19/2014 07:43 AM, Stephen J. Turnbull wrote:
> 
> Older versions of Mailman (I'm not sure how old) are known to
> sometimes modify the headers by unfolding them and then refolding them
> when reassembling the message.  This may still be true of the most
> recent versions.  I believe this is considered a bug but hard to fix,
> and probably not worth fixing for that reason.  Is this actually
> causing problems, or is it just ugly?


It is still true for current Mailman 2.1.x.

As of 2.1.13, Mailman no longer re-folds headers in message sub-parts in
order to fix <https://bugs.launchpad.net/mailman/+bug/265967>, but the
outer message headers may still be re-folded to conform to RFC length
recommendations.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From incoming-pythonlists at rjl.com  Tue May 20 04:25:21 2014
From: incoming-pythonlists at rjl.com (Natu)
Date: Mon, 19 May 2014 19:25:21 -0700
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <20140519234903.3697.qmail@joyce.lan>
References: <20140519234903.3697.qmail@joyce.lan>
Message-ID: <537ABD11.6000209@rjl.com>

On 05/19/2014 04:49 PM, John Levine wrote:
>> Thank you for your feedback.  I'm most inclined to handle replies based
>> on the needs of the particular list. ...
> No, I mean what will you do when people respond to your synthesized
> names?  At some point you'll get mail at the server for mydomain.com
> for yahoousername-AT-yahoo.com at mydomain.com.  What will you do with it?
>
> One of the reasons I did the .invalid hack (which you can do with
> essentially the same code you're using) is that it's clear that the
> address isn't deliverable so there's no question of what happens to it.
>
> R's,
> John

I had previously missed the thread about the .INVALID thing (I'm not on
the developers list).  I have postfix configured so that the smtp server
will return a 5XX response of "No such User".  One difference between my
method and yours is that my mail logs will show that somebody actually
replied to that address where as with yours the reply would stop at the
senders SMTP server.  Not that significant, but it might be useful to
know if users are using those addresses.   I could add something that
will make it clear that the addresses is not emailable, though my sense
is that most users would get that the way it is, especially if they
tried to email it and it failed.


Nataraj

From incoming-pythonlists at rjl.com  Tue May 20 06:44:32 2014
From: incoming-pythonlists at rjl.com (Natu)
Date: Mon, 19 May 2014 21:44:32 -0700
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <m3d2f9hflv.fsf@sergiodj.net>
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp> <m3d2f9hflv.fsf@sergiodj.net>
Message-ID: <537ADDB0.5040000@rjl.com>

On 05/19/2014 09:56 AM, Sergio Durigan Junior wrote:
> I am not exactly sure, but I wanted to try "fixing" this and see if
> things got better.  The real problem is Google/Gmail tagging the mailing
> list messages as Spam, but since the headers are fine, the cause must be
> something else.

My experience is that goggle sometimes will stop tagging emails as spam
if they have a valid dkim signature. This probably means either:

1) rewriting the from to be your local mailman server and signing the
outbound message with dkim
        OR
2) passing through any valid DKIM signature, which means running a
recent version of mailman and avoid adding any headers/footers which
would break the signature.
        OR
3) possibly having no DKIM signature at all (better than having a
signature which fails verification)

If there is a dkim signature and it fails google will treat it as spam

Goggle and the other various FREEMAILs maintain a rating of the
credibility of email coming from your mailserver.  DKIM signing (with a
signature that will verify correctly) will increase your rating.

I was getting messages like the following from gmail and they stopped
when I implemented DKIM signatures (must be a keysize of at least 1024):

Jan 21 16:36:06 myserv postfix/smtp[5374]: 68972108248: host
gmail-smtp-in.l.google.com[74.125.142.26] said: 421-4.7.0 [1.2.3.4] Our
system has detected an unusual rate of 421-4.7.0 unsolicited mail
originating from your IP address. To protect our 421-4.7.0 users from
spam, mail sent from your IP address has been temporarily 421-4.7.0
blocked. Please visit http://www.google.com/mail/help/bulk_mail.html 421
4.7.0 to review our Bulk Email Senders Guidelines. ih5si10430009icb.36 -
gsmtp (in reply to end of DATA command)

You may also benefit from using DMARC (probably not technically, but
politically).

You may not be doing bulk mailings, but the information here may be helpful:
https://support.google.com/mail/answer/81126

Also you can try things like
https://duckduckgo.com/?q=gmail+flags+my+mail+as+spam&t=canonical
<https://duckduckgo.com/?q=gmail+flags+my+mail+as+spam&t=canonical>
Also check http://multirbl.valli.org/ to make sure your mail server is
not on any DNS blocklists.

Nataraj


From stephen at xemacs.org  Tue May 20 09:24:25 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Tue, 20 May 2014 16:24:25 +0900
Subject: [Mailman-Users] Who authored the message?
In-Reply-To: <537ABD11.6000209@rjl.com>
References: <20140519234903.3697.qmail@joyce.lan>
	<537ABD11.6000209@rjl.com>
Message-ID: <871tvodiae.fsf@uwakimon.sk.tsukuba.ac.jp>

Natu writes:

 > One difference between my method and yours is that my mail logs
 > will show that somebody actually replied to that address where as
 > with yours the reply would stop at the senders SMTP server.  Not
 > that significant, but it might be useful to know if users are using
 > those addresses.

If you want that information you might as well run the forwarding
service.  You're imposing what may be significant costs for non-
technical users, who are likely to be confused by the fact that your
server at rjl.com is responding to a message they sent to aol.com.

 > I could add something that will make it clear that the addresses is
 > not emailable, though my sense is that most users would get that
 > the way it is, especially if they tried to email it and it failed.

But the percentage of AOL and Yahoo! users who would understand is
likely to be much lower, if not a small minority.  People use those
services *because* they don't want to learn about email, they just
want it to work.  And the posters are likely to get upset if you make
it hard for them to receive personal replies; a send -- DSN -- resend
cycle may take a long time (especially if the sender has to ask
technical support "WTF?" :-/ )

I thank my lucky star that almost none of my users use those domains,
and so far 100% of those that do have thanked me for explaining the
problem and switched to posting from GMail or whatever.

Steve

From stephen at xemacs.org  Tue May 20 14:17:41 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Tue, 20 May 2014 21:17:41 +0900
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <537ADDB0.5040000@rjl.com>
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp>
 <m3d2f9hflv.fsf@sergiodj.net> <537ADDB0.5040000@rjl.com>
Message-ID: <87wqdgbq56.fsf@uwakimon.sk.tsukuba.ac.jp>

Natu writes:

 > If there is a dkim signature and it fails google will treat it as
 > spam

Note that, taking your words literally, this is against the DKIM RFCs
-- a failed signature is supposed to be treated the same as a lack of
a signature.

That doesn't mean that Google can't or doesn't use it.  In particular,
if the percentage of spam in the "failed or no signature" class goes
up (which it will if you start signing), your "failed or no signature"
rating will slump.  That effect might be enough to send unsigned mail
from your site to the spambucket.

But you can be sure that a valid DKIM signature will improve your
site's reputation.



From incoming-pythonlists at rjl.com  Tue May 20 18:25:44 2014
From: incoming-pythonlists at rjl.com (Natu)
Date: Tue, 20 May 2014 09:25:44 -0700
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <87wqdgbq56.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp> <m3d2f9hflv.fsf@sergiodj.net>
 <537ADDB0.5040000@rjl.com> <87wqdgbq56.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <537B8208.50704@rjl.com>

On 05/20/2014 05:17 AM, Stephen J. Turnbull wrote:
> Natu writes:
>
>  > If there is a dkim signature and it fails google will treat it as
>  > spam
>
> Note that, taking your words literally, this is against the DKIM RFCs
> -- a failed signature is supposed to be treated the same as a lack of
> a signature.
>
> That doesn't mean that Google can't or doesn't use it.  In particular,
> if the percentage of spam in the "failed or no signature" class goes
> up (which it will if you start signing), your "failed or no signature"
> rating will slump.  That effect might be enough to send unsigned mail
> from your site to the spambucket.
>
> But you can be sure that a valid DKIM signature will improve your
> site's reputation.
>
>

I believe you are correct Stephen.  When I had the problem, in addition
to signing outbound messages, I also increased the level of spam
control.  In particular I have a small number of users that forward
their mail to gmail, and gmail was blocking us because of the spam that
was getting forwarded.  I suspect that it may only have effected the
forwarded email from those accounts.    I also made efforts to increase
spam detected and thus reduced the amount of forwarded spam.

With Yahoo, I was also getting complaints that I was sending them spam
(i.e. rejected mail from their smtp server).  I registered with yahoo's
complaint feedback loop, where they claim they will forward to you (the
registered Mail administrator for the domain) any email they receive
from your domain that they think is spam or that their users have
flagged as spam.  After I both turned on dkim and registered, I never
got a single complaint from them.  Note that we do NOT send any kind of
marketing mail from this mailserver.

One other thing that might cause problems with the freemail providers is
as follows:  If mailman sends a large number of messages to a freemail
provider that are almost the same, i.e. the exact same email, but
addressed to many different recipient, then they might think your are
sending bulk unsolicited mail.  Having your mailing list mail test
positive in DCC is probably a good indication that this is happening.  
There may be an option in mailman to ensure that outbound messages from
a single post don't all look identical.  If so, you could try turning
that on.

Also, if you are dealing with lists that send high volumes of email to
gmail, destination specific metering of your outbound mail, as well as
adjusting the number of recipients in a single smtp transmission may
help.  If you are running postfix, discussions about how to implement
this can be found in the postfix archives.

Nataraj


From stephen at xemacs.org  Wed May 21 08:40:24 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Wed, 21 May 2014 15:40:24 +0900
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <537B8208.50704@rjl.com>
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp>
 <m3d2f9hflv.fsf@sergiodj.net> <537ADDB0.5040000@rjl.com>
 <87wqdgbq56.fsf@uwakimon.sk.tsukuba.ac.jp> <537B8208.50704@rjl.com>
Message-ID: <87oayrbpnr.fsf@uwakimon.sk.tsukuba.ac.jp>

Natu writes:

 > When I had the problem, in addition to signing outbound messages, I
 > also increased the level of spam control.  In particular I have a
 > small number of users that forward their mail to gmail, and gmail
 > was blocking us because of the spam that was getting forwarded.  I
 > suspect that it may only have effected the forwarded email from
 > those accounts.  I also made efforts to increase spam detected and
 > thus reduced the amount of forwarded spam.

It sometimes happens that there is a way past a host's inbound
filters.  This shouldn't happen, of course, so when running mailing
lists you want to filter on the way in.

But it might be an "amusing" test to hook up the spam checker to the
*outgoing* MTA -- if it catches anything on the way out, then you have
a backdoor into your MTA somewhere.  For example, I trusted my
secondary MXes to filter (in fact the evidence suggests their
filtering was better than mine), until one day the spamchecker at one
of them fell over, and they continued to forward mail addressed to us
-- *including* the spam.

I happened to be online when it happened, or shortly after, so only a
few hundred (!) got through, mostly to invalid addresses (thank
heavens for really stupid spammers! at least that time :-).  It turned
out that *for me* there was no degradation of service when I stopped
whitelisting that MX, and I ended up just checking *all* mail always
regardless of my trust in the MX.  But YMMV, be careful -- spam
checking is resource intensive!

Also, if you're an ESP and your users keep their addressbooks on
Windows machines, you probably should be filtering outbound anyway.
In that case it's probably a good idea to keep your lists on a
separate IP from your other users, which allows you to filter only on
the way in (much more efficient).

 > With Yahoo, I was also getting complaints that I was sending them spam
 > (i.e. rejected mail from their smtp server).  I registered with yahoo's
 > complaint feedback loop, where they claim they will forward to you (the
 > registered Mail administrator for the domain) any email they receive
 > from your domain that they think is spam or that their users have
 > flagged as spam.  After I both turned on dkim and registered, I never
 > got a single complaint from them.

Cool!  Nice to hear that actually works (we've heard complaints here
about Yahoo!s responsiveness in the past).

 > One other thing that might cause problems with the freemail providers is
 > as follows:  If mailman sends a large number of messages to a freemail
 > provider that are almost the same, i.e. the exact same email, but
 > addressed to many different recipient, then they might think your are
 > sending bulk unsolicited mail.  Having your mailing list mail test
 > positive in DCC is probably a good indication that this is happening.  
 > There may be an option in mailman to ensure that outbound messages from
 > a single post don't all look identical.  If so, you could try turning
 > that on.

The option is "personalization".  Many lists use it so the user gets a
direct URL to their personal config page in the footer.

For the big ESPs like Yahoo!, just registering with their feedback
loop or bulk mailer list often helps here, too.  It may be worth
experimenting with that, because turning on personalization may be a
serious resource drain if you have hundreds of subscribers at one
domain.

 > Also, if you are dealing with lists that send high volumes of email to
 > gmail, destination specific metering of your outbound mail, as well as
 > adjusting the number of recipients in a single smtp transmission may
 > help.  If you are running postfix, discussions about how to implement
 > this can be found in the postfix archives.

All good advice!  Thank you for an excellent summary!

Steve

From hathawulf at yahoo.com  Tue May 20 23:50:35 2014
From: hathawulf at yahoo.com (Hathawulf Spearbreaker)
Date: Tue, 20 May 2014 14:50:35 -0700 (PDT)
Subject: [Mailman-Users] Umbrella list and filter sub list members
Message-ID: <1400622635.64718.YahooMailNeo@web161302.mail.bf1.yahoo.com>

Hi,

We are using Mailman version 2.1.15.

I have read everything I can find about filtering for a member of a sub list to send to an umbrella list and not have it moderated.
However, it doesn't seem to work for me.

I was wondering if someone could comment on my setup to see where I might be going wrong.

I have two lists:
? ? Testlist at domain
? ? Testumbrella at domain

Testlist@ has me as a user; ?-- name at yahoo.com
--There are no filters set on this list.

TestUmbrella@ has 1 member; --Testlist at domain
I have tried many filter combinations but currently I have set

--Sender Filter --> Non-member filters --> accept_these_nonmembers has @Testlist
-- -- I have tried @Testlist, Testlist at domain, ^@TestList, nothing

--Recipient Filter --> acceptable_alias has @Testlist
-- -- same tries as Sender filter both independent and combined combinations.

My goal:
? ? A member of the sublist (Testlist@) posts to umbrella list (Testumbrealla@) and because they are a member of a sub list, Testumbrealla@ will let their message go to anyone/list subscribed to Testumbrella.


The way I have set it up seems to be how the FAQ says to do so, yet it keeps bouncing saying that my email is a non-member email.
Most members will not have an email of the same DOMAIN as the list so filtering by domain is not acceptable.
I would like to not have to individually add each member of any sublist under an umbrella to the accetable members filters but that is what it is looking like.

Am I filtering incorrectly?
Can I accomplish my goal?

Thanks for any help,
David Dammann

From nataraj at rjl.com  Tue May 20 18:51:23 2014
From: nataraj at rjl.com (Nataraj)
Date: Tue, 20 May 2014 09:51:23 -0700
Subject: [Mailman-Users] Mailman + Exim + strange headers
In-Reply-To: <537B8208.50704@rjl.com>
References: <87bnuul18e.fsf@sergiodj.net>
 <8761l1de2j.fsf@uwakimon.sk.tsukuba.ac.jp> <m3d2f9hflv.fsf@sergiodj.net>
 <537ADDB0.5040000@rjl.com> <87wqdgbq56.fsf@uwakimon.sk.tsukuba.ac.jp>
 <537B8208.50704@rjl.com>
Message-ID: <537B880B.8040600@rjl.com>

On 05/20/2014 09:25 AM, Natu wrote:
> Also, if you are dealing with lists that send high volumes of email to
> gmail, destination specific metering of your outbound mail, as well as
> adjusting the number of recipients in a single smtp transmission may
> help.  If you are running postfix, discussions about how to implement
> this can be found in the postfix archives.

I would check your MTA logs and determine if you are experiencing any
kind of throttling or rejection of mailing list mail sent to valid email
addresses or if the only problem is that the messages are being put in
the users spam or bulk folder.

Nataraj


From mark at msapiro.net  Wed May 21 17:07:37 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 May 2014 08:07:37 -0700
Subject: [Mailman-Users] Umbrella list and filter sub list members
In-Reply-To: <1400622635.64718.YahooMailNeo@web161302.mail.bf1.yahoo.com>
References: <1400622635.64718.YahooMailNeo@web161302.mail.bf1.yahoo.com>
Message-ID: <537CC139.501@msapiro.net>

On 05/20/2014 02:50 PM, Hathawulf Spearbreaker wrote:
> 
> I have two lists:
>     Testlist at domain
>     Testumbrella at domain
> 
> Testlist@ has me as a user;  -- name at yahoo.com
> --There are no filters set on this list.
> 
> TestUmbrella@ has 1 member; --Testlist at domain
> I have tried many filter combinations but currently I have set
> 
> --Sender Filter --> Non-member filters --> accept_these_nonmembers has @Testlist
> -- -- I have tried @Testlist, Testlist at domain, ^@TestList, nothing


This is accept_these_nonmembers set for the TestUmbrella list.

@Testlist or @testlist should work unless this is cPanel, in which case
it needs to be @testlist_domain (i.e. the cPanel internal list name
prefixed with '@')

Can you post to testlist?


> --Recipient Filter --> acceptable_alias has @Testlist
> -- -- same tries as Sender filter both independent and combined combinations.


This is acceptable_aliases set for the Testlist list.

It should be Testumbrella at domain, but just Testumbrella should work.


> My goal:
>     A member of the sublist (Testlist@) posts to umbrella list (Testumbrealla@) and because they are a member of a sub list, Testumbrealla@ will let their message go to anyone/list subscribed to Testumbrella.
> 
> 
> The way I have set it up seems to be how the FAQ says to do so, yet it keeps bouncing saying that my email is a non-member email.


It should work for what you have. Later if you have more lists as
members of the umbrella, you may have an issue that sublist1 does not
accept a post from the umbrella from a member of sublist2. This is
addressed in the FAQ at <http://wiki.list.org/x/boA9>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From hathawulf at yahoo.com  Wed May 21 19:07:55 2014
From: hathawulf at yahoo.com (Hathawulf Spearbreaker)
Date: Wed, 21 May 2014 10:07:55 -0700 (PDT)
Subject: [Mailman-Users] Umbrella list and filter sub list members
In-Reply-To: <537CC139.501@msapiro.net>
References: <1400622635.64718.YahooMailNeo@web161302.mail.bf1.yahoo.com>
 <537CC139.501@msapiro.net>
Message-ID: <1400692075.45660.YahooMailNeo@web161303.mail.bf1.yahoo.com>

I am using CPanel.

Thanks for the info, that works great. ?I must have missed that someone in the FAQ's.

-David Dammann

From bernie at fantasyfarm.com  Thu May 22 03:11:07 2014
From: bernie at fantasyfarm.com (Bernie Cosell)
Date: Wed, 21 May 2014 21:11:07 -0400
Subject: [Mailman-Users] Changing parameters for one [or many] users from
	the command line
Message-ID: <537D4EAB.31054.174D7671@bernie.fantasyfarm.com>

I'd like to change several of the parameters [digest, nomail, etc] for a 
bunch of users on one of my lists.  I've looked through the list of 
commands in /bin and I don't see a way to modify the parameter settings 
from the command line [and it'll be real tedious to do it one at a time 
from the admin interface].  Is there a way to do it?

Thanks!
   /bernie\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie at fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--       




From mark at msapiro.net  Thu May 22 05:03:50 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 21 May 2014 20:03:50 -0700
Subject: [Mailman-Users] Changing parameters for one [or many] users
 from the command line
In-Reply-To: <537D4EAB.31054.174D7671@bernie.fantasyfarm.com>
References: <537D4EAB.31054.174D7671@bernie.fantasyfarm.com>
Message-ID: <537D6916.9050307@msapiro.net>

On 05/21/2014 06:11 PM, Bernie Cosell wrote:
> I'd like to change several of the parameters [digest, nomail, etc] for a 
> bunch of users on one of my lists.  I've looked through the list of 
> commands in /bin and I don't see a way to modify the parameter settings 
> from the command line [and it'll be real tedious to do it one at a time 
> from the admin interface].  Is there a way to do it?


Assuming you want to set the same settings for all members, it's easy
via withlist, See for example the script at
<http://www.msapiro.net/scripts/set_nodups.py>. This sets all members of
a list to "nodups". If you wanted to set all members to receive dups,
you would change the line

        mlist.setMemberOption(member, mm_cfg.DontReceiveDuplicates, 1)

to

        mlist.setMemberOption(member, mm_cfg.DontReceiveDuplicates, 0)

If you wanted to set all members to not receive dups, not receive their
own posts and receive acknowledgement of their posts, you would leave
the one line as in the original and add two more as follows:

        mlist.setMemberOption(member, mm_cfg.DontReceiveDuplicates, 1)
        mlist.setMemberOption(member, mm_cfg.DontReceiveOwnPosts, 1)
        mlist.setMemberOption(member, mm_cfg.AcknowledgePosts, 1)

See the section "Bitfield for user options" in Mailman/Defaults.py for
the symbolic names of the options as used above.

Note that the comment in that section about Digests not needing a bit
flag doesn't imply you don't (re)set it this way. You'd still use

        mlist.setMemberOption(member, mm_cfg.Digests, 1)

to set members to digest and

        mlist.setMemberOption(member, mm_cfg.Digests, 0)

to set them to messages, but also see
<http://www.msapiro.net/scripts/set_nodigest.py>

Also, nomail is handled differently. Here you'd need

from Mailman import MemberAdaptor

at the beginning of your script and

        mlist.setDeliveryStatus(member, MemberAdaptor.BYADMIN)

to set nomail by admin. There's a script at
<http://www.msapiro.net/scripts/set_nomail.py> that sets nomail, but it
probably has more options than you need.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bernie at fantasyfarm.com  Thu May 22 16:34:00 2014
From: bernie at fantasyfarm.com (Bernie Cosell)
Date: Thu, 22 May 2014 10:34:00 -0400
Subject: [Mailman-Users] Changing parameters for one [or many] users
	from the command line
In-Reply-To: <537D6916.9050307@msapiro.net>
References: <537D4EAB.31054.174D7671@bernie.fantasyfarm.com>,
 <537D6916.9050307@msapiro.net>
Message-ID: <537E0AD8.5376.1A2C878F@bernie.fantasyfarm.com>

On 21 May 2014 at 20:03, Mark Sapiro wrote:

> On 05/21/2014 06:11 PM, Bernie Cosell wrote:
> > I'd like to change several of the parameters [digest, nomail, etc] for
> a 
> > bunch of users on one of my lists.  I've looked through the list of 
> > commands in /bin and I don't see a way to modify the parameter
> settings 
> > from the command line [and it'll be real tedious to do it one at a
> time 
> > from the admin interface].  Is there a way to do it?
> 
> Assuming you want to set the same settings for all members, it's easy
> via withlist,

Alas, I only need to mess with 80 out of 400.  BUT in this case setting 
them *all* to "mail" [i.e., not-nomail] would be OK, so I'll look at 
withlist...

> Also, nomail is handled differently. Here you'd need
> 
> from Mailman import MemberAdaptor
> 
> at the beginning of your script and
> 
>         mlist.setDeliveryStatus(member, MemberAdaptor.BYADMIN)
> 
> to set nomail by admin. There's a script at
> <http://www.msapiro.net/scripts/set_nomail.py> that sets nomail, but
> it
> probably has more options than you need.

How would you clear nomail?  Because that looks OK if it does just one 
member.  I can easily whip up a shell script to generate the .py file 
with the commands for the 80 members I need to tweak.

Thanks!   /b\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie at fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--       




From mark at msapiro.net  Thu May 22 22:41:19 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 22 May 2014 13:41:19 -0700
Subject: [Mailman-Users] Changing parameters for one [or many] users
 from the command line
In-Reply-To: <537E0AD8.5376.1A2C878F@bernie.fantasyfarm.com>
References: <537D4EAB.31054.174D7671@bernie.fantasyfarm.com>,
 <537D6916.9050307@msapiro.net>
 <537E0AD8.5376.1A2C878F@bernie.fantasyfarm.com>
Message-ID: <537E60EF.5000605@msapiro.net>

On 05/22/2014 07:34 AM, Bernie Cosell wrote:
> On 21 May 2014 at 20:03, Mark Sapiro wrote:
> 
> Alas, I only need to mess with 80 out of 400.  BUT in this case setting 
> them *all* to "mail" [i.e., not-nomail] would be OK, so I'll look at 
> withlist...


You might also look at Mailman's bin/list-members --nomail= command to
list the members you're interested in.


>> Also, nomail is handled differently. Here you'd need
>>
>> from Mailman import MemberAdaptor
>>
>> at the beginning of your script and
>>
>>         mlist.setDeliveryStatus(member, MemberAdaptor.BYADMIN)
>>
>> to set nomail by admin. There's a script at
>> <http://www.msapiro.net/scripts/set_nomail.py> that sets nomail, but
>> it
>> probably has more options than you need.
>
> How would you clear nomail?


        mlist.setDeliveryStatus(member, MemberAdaptor.ENABLED)


> Because that looks OK if it does just one 
> member.  I can easily whip up a shell script to generate the .py file 
> with the commands for the 80 members I need to tweak.


Also, see the script at
<http://www.msapiro.net/scripts/reset_bounce.py>. I could be more
specific with my advice if I knew exactly what you want to do.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From peter at look.net  Fri May 23 19:28:58 2014
From: peter at look.net (Peter Weyland)
Date: Fri, 23 May 2014 13:28:58 -0400
Subject: [Mailman-Users] Making a Mailman legacy archive searchable?
In-Reply-To: <20130411134521.693b7a0b@anarchist>
References: <CAN7=Vv_ASUPs4cYF0TSzUvAsgmFcNjuGv+mpd8CDUZyr=1ZAxw@mail.gmail.com>
 <87obdl59wr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20130411134521.693b7a0b@anarchist>
Message-ID: <C5D82772-ECB8-46A0-A9FD-FFFE6FE073BA@look.net>

Anyone recommend a searchable archive for MM? We are up to date with version 2.1.18


On Apr 11, 2013, at 1:45 PM, Barry Warsaw wrote:

> On Apr 12, 2013, at 01:06 AM, Stephen J. Turnbull wrote:
> 
>> FreeWAIS (oldie but still goodie), Namazu, and Xapian come to mind.
>> They all require some effort on the part of the user, though.  I don't
>> know of anything that you can trivially install (eg, from RPM or
>> .deb).
> 
> Whoosh is technology I'm looking at for Mailman 3.
> 
> https://pypi.python.org/pypi/Whoosh/2.4.1
> 
> -Barry
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-users/jeff%40look.net
> 


From chris at westnet.com  Fri May 23 19:39:56 2014
From: chris at westnet.com (Christopher X. Candreva)
Date: Fri, 23 May 2014 13:39:56 -0400 (EDT)
Subject: [Mailman-Users] Making a Mailman legacy archive searchable?
In-Reply-To: <C5D82772-ECB8-46A0-A9FD-FFFE6FE073BA@look.net>
References: <CAN7=Vv_ASUPs4cYF0TSzUvAsgmFcNjuGv+mpd8CDUZyr=1ZAxw@mail.gmail.com>
 <87obdl59wr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20130411134521.693b7a0b@anarchist>
 <C5D82772-ECB8-46A0-A9FD-FFFE6FE073BA@look.net>
Message-ID: <alpine.GSO.2.11.1405231339270.5572@westnet.com>

On Fri, 23 May 2014, Peter Weyland wrote:

> Anyone recommend a searchable archive for MM? We are up to date with version 2.1.18

I like swish-e

http://swish-e.org/


==========================================================
Chris Candreva  -- chris at westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/

From mark at msapiro.net  Fri May 23 20:48:04 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 23 May 2014 11:48:04 -0700
Subject: [Mailman-Users] Making a Mailman legacy archive searchable?
In-Reply-To: <C5D82772-ECB8-46A0-A9FD-FFFE6FE073BA@look.net>
References: <CAN7=Vv_ASUPs4cYF0TSzUvAsgmFcNjuGv+mpd8CDUZyr=1ZAxw@mail.gmail.com>
 <87obdl59wr.fsf@uwakimon.sk.tsukuba.ac.jp>
 <20130411134521.693b7a0b@anarchist>
 <C5D82772-ECB8-46A0-A9FD-FFFE6FE073BA@look.net>
Message-ID: <537F97E4.9030709@msapiro.net>

On 05/23/2014 10:28 AM, Peter Weyland wrote:
> Anyone recommend a searchable archive for MM? We are up to date with version 2.1.18


I've been using ht://Dig together with my update of Richard Barrett's
Mailman integration patches for some time.

The latest 2.1.18 patch can be found at
<http://www.msapiro.net/mm/index_htdig.patch.2.1.18> (mirrored at
<http://fog.ccsf.edu/~msapiro/mm/index_htdig.patch.2.1.18>).

Other relevant things of interest in that directory are:

_README  -> description of what's there
INSTALL.htdig-mm.html -> Richards installation document
htdig/ - ht://Dig documentation
nightly_htdig   \
rundig          /  patches to files of the same name to implement and
                   use an 'update' option to rundig to update rather
                   than rebuild existing search indexes from scratch.

Also, see the FAQ at <http://wiki.list.org/x/MoA9>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From shdwdrgn at sourpuss.net  Sat May 24 16:52:00 2014
From: shdwdrgn at sourpuss.net (Jeff Taylor)
Date: Sat, 24 May 2014 08:52:00 -0600
Subject: [Mailman-Users] Problems with multi-machine slicing
Message-ID: <5380B210.5050905@sourpuss.net>

After doing some upgrades, I noticed yesterday that my multi-machine 
setup is no longer properly slicing the queue between machines.  I 
probably missed something, but after going through all my notes on the 
setup I cannot figure out what the problem in.  Hopefully someone else 
can spot the issue?

I have four mail servers.  Three of them are supposed to slice the queue 
between them, and the fourth machine is set as a backup to process any 
remaining messages after 2 minutes.  On the three slice machines, I have 
patched mailmanctl as:
----------
def start_all_runners():
     kids = {}
 >>>
     for qrname, count, machine, nummachines in mm_cfg.QRUNNERS:
         for slice in range(machine, count, nummachines):
<<<
             # queue runner name, slice, numslices, restart count
             info = (qrname, slice, count, 0)
             pid = start_runner(qrname, slice, count)
             kids[pid] = info
     return kids
----------

Each of these machines has a QRUNNERS section added to mm_cfg.py which 
defines the slice of each machine --  3,0,3  /   3,1,3  / 3,2,3
and contains the line: QRUNNER_MESSAGE_IS_OLD_DELAY = None

On the fourth (backup) machine, I have patched Switchboard.py as:
----------
             if ext <> extension:
                 continue
             when, digest = filebase.split('+')
 >>>
             now = time.time()
             age = now - float(when)
             # Only process defined 'old' entries.
             if not (
                 hasattr(mm_cfg, 'QRUNNER_MESSAGE_IS_OLD_DELAY') and
                 mm_cfg.QRUNNER_MESSAGE_IS_OLD_DELAY and
                 age > mm_cfg.QRUNNER_MESSAGE_IS_OLD_DELAY):
                 continue
<<<
             # Throw out any files which don't match our bitrange. BAW: test
             # performance and end-cases of this algorithm.  MAS: both
             # comparisons need to be <= to get complete range.
----------

On this fourth machine I have added to mm_cfg.py: 
QRUNNER_MESSAGE_IS_OLD_DELAY = minutes(2)
This machine has NOT had the slices patch added to mailmanctl, so there 
is no QRUNNERS section in mm_cfg.py.


OK, so if I only have the backuo machine running, mailman will deliver 
my test message after 2 minutes.  That part works fine. However with the 
three slice machines running, the first machine (3,0,3) sends ALL of the 
messages out immediately.  If I shut down the first machine and leave 
the other two running, no messages are sent out until after the 2-minute 
period, then the backup machine sends them.  In other words, the queue 
is not being sliced, and only the first machine is capable of sending 
out list messages.

I have referenced back to the original article on this subject: 
https://mail.python.org/pipermail/mailman-users/2008-March/060753.html
but it appears I did the correct changes.  Has something changed in 
newer versions of mailman that now prevent this technique from working 
the same way? Or was there something more to getting slicing to work 
that was not mentioned in that article?

From mark at msapiro.net  Sat May 24 19:14:36 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 24 May 2014 10:14:36 -0700
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <5380B210.5050905@sourpuss.net>
References: <5380B210.5050905@sourpuss.net>
Message-ID: <5380D37C.6020905@msapiro.net>

On 05/24/2014 07:52 AM, Jeff Taylor wrote:
> After doing some upgrades, I noticed yesterday that my multi-machine
> setup is no longer properly slicing the queue between machines.  I
> probably missed something, but after going through all my notes on the
> setup I cannot figure out what the problem in.  Hopefully someone else
> can spot the issue?
> 
> I have four mail servers.  Three of them are supposed to slice the queue
> between them, and the fourth machine is set as a backup to process any
> remaining messages after 2 minutes.  On the three slice machines, I have
> patched mailmanctl as:
> ----------
> def start_all_runners():
>     kids = {}
>>>>
>     for qrname, count, machine, nummachines in mm_cfg.QRUNNERS:
>         for slice in range(machine, count, nummachines):
> <<<
>             # queue runner name, slice, numslices, restart count
>             info = (qrname, slice, count, 0)
>             pid = start_runner(qrname, slice, count)
>             kids[pid] = info
>     return kids
> ----------
> 
> Each of these machines has a QRUNNERS section added to mm_cfg.py which
> defines the slice of each machine --  3,0,3  /   3,1,3  / 3,2,3
> and contains the line: QRUNNER_MESSAGE_IS_OLD_DELAY = None


What exactly are the QRUNNERS = assignments in the 3 machines mm_cfg.py
files.

If you do


ps -fwA | grep runner=

on the three machines, what are the --runner= arguments for the sliced
queues?

You should be seeing one of

--runner=IncomingRunner:0:3
--runner=IncomingRunner:1:3
--runner=IncomingRunner:2:3

on each of the 3 machines.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From shdwdrgn at sourpuss.net  Sat May 24 21:14:51 2014
From: shdwdrgn at sourpuss.net (Jeff Taylor)
Date: Sat, 24 May 2014 13:14:51 -0600
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <5380D37C.6020905@msapiro.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
Message-ID: <5380EFAB.7000602@sourpuss.net>

The entire QRUNNERS section on the machines looks like this:

QRUNNERS = [
     ('ArchRunner',     3,0,3), # messages for the archiver
     ('BounceRunner',   3,0,3), # for processing the qfile/bounces directory
     ('CommandRunner',  3,0,3), # commands and bounces from the outside 
world
     ('IncomingRunner', 3,0,3), # posts from the outside world
     ('NewsRunner',     3,0,3), # outgoing messages to the nntpd
     ('OutgoingRunner', 3,0,3), # outgoing messages to the smtpd
     ('VirginRunner',   3,0,3), # internally crafted (virgin birth) messages
     ('RetryRunner',    3,0,3), # retry temporarily failed deliveries
     ]

Per your ps command, on this machine I get:

list     11516 11512  0 08:50 ?        00:00:02 /usr/bin/python 
/var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:3 -s

(plus the runners for each of the other sections as well).  On machine 
#2 I have 3,1,3 in the cfg and ps shows --runner=IncomingRunner:1:3.  
And on machine #3 I have 3,2,3 in the cfg and ps shows 
--runner=IncomingRunner:2:3.

I also double-checked that the mailmanctl patch was applied on all three 
machines, and that the Switchboard.py was NOT applied to these three.  
Any other suggestions?


On 05/24/2014 11:14 AM, Mark Sapiro wrote:
>
> What exactly are the QRUNNERS = assignments in the 3 machines mm_cfg.py
> files.
>
> If you do
>
>
> ps -fwA | grep runner=
>
> on the three machines, what are the --runner= arguments for the sliced
> queues?
>
> You should be seeing one of
>
> --runner=IncomingRunner:0:3
> --runner=IncomingRunner:1:3
> --runner=IncomingRunner:2:3
>
> on each of the 3 machines.
>


From mark at msapiro.net  Sat May 24 21:37:30 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 24 May 2014 12:37:30 -0700
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <5380EFAB.7000602@sourpuss.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net>
Message-ID: <5380F4FA.6060709@msapiro.net>

On 05/24/2014 12:14 PM, Jeff Taylor wrote:
> The entire QRUNNERS section on the machines looks like this:
> 
> QRUNNERS = [
>     ('ArchRunner',     3,0,3), # messages for the archiver
...


OK. That's as it should be.


> Per your ps command, on this machine I get:
> 
> list     11516 11512  0 08:50 ?        00:00:02 /usr/bin/python
> /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:3 -s
> 
> (plus the runners for each of the other sections as well).  On machine
> #2 I have 3,1,3 in the cfg and ps shows --runner=IncomingRunner:1:3. 
> And on machine #3 I have 3,2,3 in the cfg and ps shows
> --runner=IncomingRunner:2:3.


OK. That's good too.


> I also double-checked that the mailmanctl patch was applied on all three
> machines, and that the Switchboard.py was NOT applied to these three. 
> Any other suggestions?


I'm stumped. It should work.  Look in Mailman's qrunner logs for these
machines. When a runner exits (unfortunately not when it starts)
mailmanctl reports several things including its slice info. Do you see
any of these and do they look as expected, e.g., 0/3 on the first
machine, 1/3 on the second and 2/3 on the third?.

Also, from what to what did you upgrade?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From hansen at rc.org  Sat May 24 22:24:31 2014
From: hansen at rc.org (Allan Hansen)
Date: Sat, 24 May 2014 13:24:31 -0700
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <mailman.54133.1399941150.18129.mailman-users@python.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
Message-ID: <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>

I just realized that setting the digest option could be a temporary solution for my Yahoo and AOL subscribers until things get sorted (hopefully by Yahoo and AOL stopping this nonsense). My Mailman installation comes with the system (Mac OS X). Maiman is 2.1.14 and the OS is 10.5.8. I have no plans to upgrade either any time soon.

The idea of using the list address as the From: address is not good. It hides the sender and it messes up the archives.

Yours,

	Allan Hansen
	Westminster, CA





From Richard at Damon-Family.org  Sat May 24 23:27:04 2014
From: Richard at Damon-Family.org (Richard Damon)
Date: Sat, 24 May 2014 17:27:04 -0400
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
Message-ID: <53810EA8.4050208@Damon-Family.org>

On 5/24/14, 4:24 PM, Allan Hansen wrote:
> I just realized that setting the digest option could be a temporary solution for my Yahoo and AOL subscribers until things get sorted (hopefully by Yahoo and AOL stopping this nonsense). My Mailman installation comes with the system (Mac OS X). Maiman is 2.1.14 and the OS is 10.5.8. I have no plans to upgrade either any time soon.
>
> The idea of using the list address as the From: address is not good. It hides the sender and it messes up the archives.
>
> Yours,
>
> 	Allan Hansen
> 	Westminster, CA
Making Yahoo and AOL subscribers to be on digest will do nothing about
the problem. It is them posting that causes the problem.

Putting everyone on systems that respect the DMARC settings (which
include Yahoo, AOL, plus a number of others including Comcast, SBC,  and
others) will "fix" the problem, as the digests don't claim to come from
Yahoo or AOL, so their DMARC settings don't matter, but with all the
problems of the digest instead.

>From what I have seen, any version of Mailman before 2.1.16 (and
preferably 2.1.18) just isn't compatible with DMARC and you need to make
a hard decision of what to do if you can't (or won't) update to a
version that is compatible. (I don't see Yahoo and AOL changing their
policies in the near future).

You can just ban all Yahoo and AOL users.
You can allow Yahoo and AOL users, but just not let them post.
You can set you list to be anonymous.
You can hack something into your email system to get around the problem.
You can implement some semi-manual system to mitigate the problem.
You can ignore the problem, and get a lot of you subscribers
unsubscribed from bounces (or turn off bounce processing), live with the
missing emails, and the possible loss of reputation from your email
system due to all the "unauthorized" email that comes from it.

What I did while waiting for the 2.1.18 update was to place on
moderation (via a "spam" filter, not actually going in a putting on
moderation) all Yahoo and AOL email addresses, and when a message from
one of them came in, I would temporarily switch the list to anonymous,
release the message, and return the list to normal. This was a pain,
which I was willing to endure til the fix came in, I would not want to
commit to this long term. An alternative option would be to manually
resubmit the messages, rewriting the from address to something that
won't cause a problem (like adding .invalid to the domain of the
address). Again, this would be a pain if you can't automate it.

My own opinion is that if there is any way you can upgrade to 2.1.18-1,
do that, anything less will be draconian or a pain.

-- 
Richard Damon


From shdwdrgn at sourpuss.net  Sun May 25 00:05:26 2014
From: shdwdrgn at sourpuss.net (Jeff Taylor)
Date: Sat, 24 May 2014 16:05:26 -0600
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <5380F4FA.6060709@msapiro.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
Message-ID: <538117A6.2040801@sourpuss.net>

After stopping mailman, machine #1 shows:
May 24 15:23:34 2014 (11512) Master qrunner detected subprocess exit
(pid: 11516, sig: None, sts: 15, class: IncomingRunner, slice: 1/3)

Machine #2:
May 24 15:21:56 2014 (12767) Master qrunner detected subprocess exit
(pid: 12769, sig: None, sts: 15, class: BounceRunner, slice: 2/3)

Machine #3:
May 24 15:22:16 2014 (31849) Master qrunner detected subprocess exit
(pid: 31858, sig: None, sts: 15, class: VirginRunner, slice: 3/3)

Now for even more strangeness...  After restarting mailman I sent 
another test message.  Just so you know, my test list has three email 
addresses in it, so I would expect the messages to get split up 
generally between the three machines (and please confirm my 
understanding... if the list has three users on it, each one of the 
three machines should forward one message to one user from the list?).  
However after restarting and sending 7 more tests, it seems to bounce 
between machine #1 and #2 sending the messages.  In each case, one 
machine sends the message to ALL users.  After waiting about 15 minutes 
I sent several more test messages.  Now it seems to be randomly picking 
one of the three machines to send from, but again the copy to all users 
is sent from that one machine.  I suppose that is better than it was -- 
at least now all three machines are being used.  Is this the way its 
supposed to be working?

Regarding the upgrade version, its been too long, I'm afraid I don't 
know what the old version was.  The old machines are running ubuntu 
oneiric and now have mailman 2.1.14.  The newer machines have debian 
wheezy and mailman 2.1.15.  The upgrades happened a few months back, but 
I only noticed the issue yesterday because I am trying to get rid of the 
ubuntu machines and replace them with the debian machines.  The messages 
have been getting delivered, but apparently one machine was handling 
everything.


On 05/24/2014 01:37 PM, Mark Sapiro wrote:
>
> I'm stumped. It should work.  Look in Mailman's qrunner logs for these
> machines. When a runner exits (unfortunately not when it starts)
> mailmanctl reports several things including its slice info. Do you see
> any of these and do they look as expected, e.g., 0/3 on the first
> machine, 1/3 on the second and 2/3 on the third?.
>
> Also, from what to what did you upgrade?
>


From stephen at xemacs.org  Sun May 25 00:22:01 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sun, 25 May 2014 07:22:01 +0900
Subject: [Mailman-Users]  Digest option for Yahoo and AOL subscribers?
In-Reply-To: <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
Message-ID: <87ha4eakc6.fsf@uwakimon.sk.tsukuba.ac.jp>

Allan Hansen writes:

 > I just realized that setting the digest option could be a temporary
 > solution for my Yahoo and AOL subscribers

Just make sure you set it for *all* users, not just those using Yahoo!
and AOL.  The important thing is that non-AOL/Yahoo! subscribers be
protected from the denial of service attack that the DMARC "p=reject"
policy induces.  You must also make it clear that changing their own
setting back is likely to result in them losing posts and getting
booted off the list.

Also be prepared for a spate of posts that break threading because
both subject and reference message IDs refer to the digest message
rather than the actual posts.

Steve




From stephen at xemacs.org  Sun May 25 00:26:57 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sun, 25 May 2014 07:26:57 +0900
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <53810EA8.4050208@Damon-Family.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
 <53810EA8.4050208@Damon-Family.org>
Message-ID: <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>

Richard Damon writes:

 > From what I have seen, any version of Mailman before 2.1.16 (and
 > preferably 2.1.18) just isn't compatible with DMARC

Please, it's the other way around! ;-)  DMARC is the interloper, and
some insiders fear that this mess will derail progress to RFC status
of the useful informational part of DMARC as well as the pernicious
"p=reject" policy.


From hansen at rc.org  Sun May 25 00:12:34 2014
From: hansen at rc.org (Allan Hansen)
Date: Sat, 24 May 2014 15:12:34 -0700
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <mailman.54133.1399941150.18129.mailman-users@python.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
Message-ID: <C686071A-3A3F-4DB5-8AE6-D2B26F1936D0@rc.org>

Well, never mind. I would have to do this for all users, not just these.  A pain this is.
Sorry.
Allan


I just realized that setting the digest option could be a temporary solution for my Yahoo and AOL subscribers until things get sorted (hopefully by Yahoo and AOL stopping this nonsense). My Mailman installation comes with the system (Mac OS X). Maiman is 2.1.14 and the OS is 10.5.8. I have no plans to upgrade either any time soon.

The idea of using the list address as the From: address is not good. It hides the sender and it messes up the archives.

Yours,

	Allan Hansen
	Westminster, CA





From mark at msapiro.net  Sun May 25 00:56:36 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 24 May 2014 15:56:36 -0700
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <538117A6.2040801@sourpuss.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net>
Message-ID: <538123A4.9090409@msapiro.net>

On 05/24/2014 03:05 PM, Jeff Taylor wrote:
> After stopping mailman, machine #1 shows:
> May 24 15:23:34 2014 (11512) Master qrunner detected subprocess exit
> (pid: 11516, sig: None, sts: 15, class: IncomingRunner, slice: 1/3)
> 
> Machine #2:
> May 24 15:21:56 2014 (12767) Master qrunner detected subprocess exit
> (pid: 12769, sig: None, sts: 15, class: BounceRunner, slice: 2/3)
> 
> Machine #3:
> May 24 15:22:16 2014 (31849) Master qrunner detected subprocess exit
> (pid: 31858, sig: None, sts: 15, class: VirginRunner, slice: 3/3)


OK, that looks good.


> Now for even more strangeness...  After restarting mailman I sent
> another test message.  Just so you know, my test list has three email
> addresses in it, so I would expect the messages to get split up
> generally between the three machines (and please confirm my
> understanding... if the list has three users on it, each one of the
> three machines should forward one message to one user from the list?).


No. That's not the way it works. See below.


> However after restarting and sending 7 more tests, it seems to bounce
> between machine #1 and #2 sending the messages.  In each case, one
> machine sends the message to ALL users.  After waiting about 15 minutes
> I sent several more test messages.  Now it seems to be randomly picking
> one of the three machines to send from, but again the copy to all users
> is sent from that one machine.  I suppose that is better than it was --
> at least now all three machines are being used.  Is this the way its
> supposed to be working?


I think so.

Here's the detail. First the general flow.

1) A post arrives and is queued in the in/ queue.
2) It is picked up by IncomingRunner and processed through the handler
pipeline.
3) Assuming it is not held for any reason, it will get queued in the
archive/ queue for ArchRunner and in the out/ queue for OutgoingRunner.
It will also be added to the list's digest.mbox for eventually being
sent to digest members as part of a digest which will be created and
queued in the virgin/ queue for VirginRunner which will ultimately queue
it in out/ for delivery
4) ArchRunner will pick up the message from the archive/ queue and
archive it.
5) OutgoingRunner will pick up the message from the out/ queue and
deliver it to the recipients.

Before we look at slicing, we see that once OutgoingRunner has a
message, it will deliver it to all it's recipients, so a single post
will always be delivered from the one machine who's OutgoingRunner
picked it up from the out/ queue.

Now for slicing. Whenever a message is queued, whether for the in/ queue
by mail delivery or some other queue by some handler or other process,
it gets a file name of the form tttt+hhhhhhhh.pck. the tttt part is a
time stamp so we can ensure fifo processing. The hhhhhhhh part is a hex
digest of a sha1 hash of the message, the listname and the current time.
Slicing works by dividing that hash space into n equal slices (in your
case 3 with slice 0 being the first third, slice 1 the middle third and
slice 2 the last third).

So when a runner that is processing slice 0 say, looks at its queue, it
will only process those messages in the first third of the hash space.

So bottom line, an incoming message will be queued in the in/ queue and
it has an equal chance of being in any slice and will be picked up by
the machine processing that slice. Then the message will be later
requeued in out/ probably with a different hash. The time is in seconds
and may or may not have changed, but the message has likely changed due
to subject prefixing, content filtering and/or header refolding. So it
will be picked up by the OutgoinRunner processing its slice, and that
one runner will deliver to all recipients.


> Regarding the upgrade version, its been too long, I'm afraid I don't
> know what the old version was.  The old machines are running ubuntu
> oneiric and now have mailman 2.1.14.  The newer machines have debian
> wheezy and mailman 2.1.15.  The upgrades happened a few months back, but
> I only noticed the issue yesterday because I am trying to get rid of the
> ubuntu machines and replace them with the debian machines.  The messages
> have been getting delivered, but apparently one machine was handling
> everything.


I was curious because it would help me know if there had been relevant
changes, but I think it's working as it's supposed to and probably as it
wads before.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From johnl at taugh.com  Sun May 25 01:42:37 2014
From: johnl at taugh.com (John Levine)
Date: 24 May 2014 23:42:37 -0000
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <87ha4eakc6.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <20140524234237.62026.qmail@joyce.lan>

> > I just realized that setting the digest option could be a temporary
> > solution for my Yahoo and AOL subscribers
>
>Just make sure you set it for *all* users, not just those using Yahoo!
>and AOL.

You only need to implement it for subscribers using mail systems that
implement DMARC rejections.  Currently those include AOL, Yahoo,
Comcast, and SBC.  Gmail sort of does, putting it in the spam folder
rather than rejecting.


From Richard at Damon-Family.org  Sun May 25 02:00:52 2014
From: Richard at Damon-Family.org (Richard Damon)
Date: Sat, 24 May 2014 20:00:52 -0400
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>	<3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>	<53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <538132B4.8050404@Damon-Family.org>

On 5/24/14, 6:26 PM, Stephen J. Turnbull wrote:
> Richard Damon writes:
>
>  > From what I have seen, any version of Mailman before 2.1.16 (and
>  > preferably 2.1.18) just isn't compatible with DMARC
>
> Please, it's the other way around! ;-)  DMARC is the interloper, and
> some insiders fear that this mess will derail progress to RFC status
> of the useful informational part of DMARC as well as the pernicious
> "p=reject" policy.
>
Actually, from my reading of the proposal for DMARC, it really isn't
that bad for what it is supposed to do. The BIG problem is that domains
using DMARC are really saying that the identity of the posters of their
emails are important, and that emails from this domain should be
verifiable to having come from that domain. This is great for things
like Banks and such. Any such domain should have in it TOS/AUP that
users are not to send messages that would break this check (I.e.
addresses are not to be used for things like mailing list, or 3rd party
mailings). Yahoo and AOL have no such rule, and in fact have in the past
even encouraged their use for mailing list.

The "problem" isn't DMARC, the problem is it's abuse by Yahoo and AOL.
These are big players, and it isn't really practical for lists to just
say they are breaking the rules so we won't let them play anymore. (If
only for the old days of usenet where abusive servers were given the
"death penalty" and they lost their connectivity for a while).

-- 
Richard Damon


From ron at vnetworx.net  Sun May 25 02:29:28 2014
From: ron at vnetworx.net (Ron Guerin)
Date: Sat, 24 May 2014 20:29:28 -0400
Subject: [Mailman-Users] DMARC mung not munging in 2.1.16 (Debian)
Message-ID: <53813968.5060909@vnetworx.net>

With great sadness, I'm trying to deal with the DMARC problem certain
providers have decided to create for everyone else, and for some reason,
even after turning the mung option on in the web interface, there's no
munging going on. (wrap doesn't wrap either)

I have ALLOW_FROM_IS_LIST = Yes in mm_cfg.py . I have restarted Mailman.

Am I doing something wrong?

- Ron

From shdwdrgn at sourpuss.net  Sun May 25 03:53:19 2014
From: shdwdrgn at sourpuss.net (Jeff Taylor)
Date: Sat, 24 May 2014 19:53:19 -0600
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <538123A4.9090409@msapiro.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net> <538123A4.9090409@msapiro.net>
Message-ID: <53814D0F.1080001@sourpuss.net>

Its odd, I could have sworn the slicing used to be done per recipient, 
not per message.  I've had to check logs for a client to confirm her 
messages went out, and generally had check all three machines to verify 
every user received the message.

The rest of the process works as I expected it to.  I think were I 
flubbed up initially (last time I thought it wasn't working right and 
went through my process again) was that I had applied the patch to 
Switchboard.py to all four machines.  Its just weird that it took so 
many restarts (and some reboots) before it started slicing properly 
again.  I haven't made any config changes since I sent my initial plea 
for help to the list last night.

At least now it looks like I have my notes in order and I can finish 
getting rid of the other ubuntu machines.  Thanks for the help!


On 05/24/2014 04:56 PM, Mark Sapiro wrote:
> On 05/24/2014 03:05 PM, Jeff Taylor wrote:
>> After stopping mailman, machine #1 shows:
>> May 24 15:23:34 2014 (11512) Master qrunner detected subprocess exit
>> (pid: 11516, sig: None, sts: 15, class: IncomingRunner, slice: 1/3)
>>
>> Machine #2:
>> May 24 15:21:56 2014 (12767) Master qrunner detected subprocess exit
>> (pid: 12769, sig: None, sts: 15, class: BounceRunner, slice: 2/3)
>>
>> Machine #3:
>> May 24 15:22:16 2014 (31849) Master qrunner detected subprocess exit
>> (pid: 31858, sig: None, sts: 15, class: VirginRunner, slice: 3/3)
>
> OK, that looks good.
>
>
>> Now for even more strangeness...  After restarting mailman I sent
>> another test message.  Just so you know, my test list has three email
>> addresses in it, so I would expect the messages to get split up
>> generally between the three machines (and please confirm my
>> understanding... if the list has three users on it, each one of the
>> three machines should forward one message to one user from the list?).
>
> No. That's not the way it works. See below.
>
>
>> However after restarting and sending 7 more tests, it seems to bounce
>> between machine #1 and #2 sending the messages.  In each case, one
>> machine sends the message to ALL users.  After waiting about 15 minutes
>> I sent several more test messages.  Now it seems to be randomly picking
>> one of the three machines to send from, but again the copy to all users
>> is sent from that one machine.  I suppose that is better than it was --
>> at least now all three machines are being used.  Is this the way its
>> supposed to be working?
>
> I think so.
>
> Here's the detail. First the general flow.
>
> 1) A post arrives and is queued in the in/ queue.
> 2) It is picked up by IncomingRunner and processed through the handler
> pipeline.
> 3) Assuming it is not held for any reason, it will get queued in the
> archive/ queue for ArchRunner and in the out/ queue for OutgoingRunner.
> It will also be added to the list's digest.mbox for eventually being
> sent to digest members as part of a digest which will be created and
> queued in the virgin/ queue for VirginRunner which will ultimately queue
> it in out/ for delivery
> 4) ArchRunner will pick up the message from the archive/ queue and
> archive it.
> 5) OutgoingRunner will pick up the message from the out/ queue and
> deliver it to the recipients.
>
> Before we look at slicing, we see that once OutgoingRunner has a
> message, it will deliver it to all it's recipients, so a single post
> will always be delivered from the one machine who's OutgoingRunner
> picked it up from the out/ queue.
>
> Now for slicing. Whenever a message is queued, whether for the in/ queue
> by mail delivery or some other queue by some handler or other process,
> it gets a file name of the form tttt+hhhhhhhh.pck. the tttt part is a
> time stamp so we can ensure fifo processing. The hhhhhhhh part is a hex
> digest of a sha1 hash of the message, the listname and the current time.
> Slicing works by dividing that hash space into n equal slices (in your
> case 3 with slice 0 being the first third, slice 1 the middle third and
> slice 2 the last third).
>
> So when a runner that is processing slice 0 say, looks at its queue, it
> will only process those messages in the first third of the hash space.
>
> So bottom line, an incoming message will be queued in the in/ queue and
> it has an equal chance of being in any slice and will be picked up by
> the machine processing that slice. Then the message will be later
> requeued in out/ probably with a different hash. The time is in seconds
> and may or may not have changed, but the message has likely changed due
> to subject prefixing, content filtering and/or header refolding. So it
> will be picked up by the OutgoinRunner processing its slice, and that
> one runner will deliver to all recipients.
>
>
>> Regarding the upgrade version, its been too long, I'm afraid I don't
>> know what the old version was.  The old machines are running ubuntu
>> oneiric and now have mailman 2.1.14.  The newer machines have debian
>> wheezy and mailman 2.1.15.  The upgrades happened a few months back, but
>> I only noticed the issue yesterday because I am trying to get rid of the
>> ubuntu machines and replace them with the debian machines.  The messages
>> have been getting delivered, but apparently one machine was handling
>> everything.
>
> I was curious because it would help me know if there had been relevant
> changes, but I think it's working as it's supposed to and probably as it
> wads before.
>


From stephen at xemacs.org  Sun May 25 09:45:59 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Sun, 25 May 2014 16:45:59 +0900
Subject: [Mailman-Users]  DMARC mung not munging in 2.1.16 (Debian)
In-Reply-To: <53813968.5060909@vnetworx.net>
References: <53813968.5060909@vnetworx.net>
Message-ID: <87egzi9u88.fsf@uwakimon.sk.tsukuba.ac.jp>

Ron Guerin writes:

 > With great sadness, I'm trying to deal with the DMARC problem certain
 > providers have decided to create for everyone else, and for some reason,
 > even after turning the mung option on in the web interface, there's no
 > munging going on. (wrap doesn't wrap either)
 > 
 > I have ALLOW_FROM_IS_LIST = Yes in mm_cfg.py . I have restarted Mailman.

Debian has a habit of moving configuration files around.  On my
Debian system:

-rw-r--r-- 1 root root 4629 Apr 16 05:15 /etc/mailman/mm_cfg.py
lrwxrwxrwx 1 root root   22 Feb  3 22:33 /usr/lib/mailman/Mailman/mm_cfg.py -> /etc/mailman/mm_cfg.py

Figure out where your mm_cfg.py file or files are, make sure that the
one you're editing is the one that actually controls Mailman.


From markr at signal100.com  Sun May 25 17:30:17 2014
From: markr at signal100.com (Mark Rousell)
Date: Sun, 25 May 2014 16:30:17 +0100
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <538132B4.8050404@Damon-Family.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>	<3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>	<53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538132B4.8050404@Damon-Family.org>
Message-ID: <53820C89.8020201@signal100.com>

(Not sent to list previously, apologies).

On 25/05/2014 01:00, Richard Damon wrote:
> The "problem" isn't DMARC, the problem is it's abuse by Yahoo and AOL.
> These are big players, and it isn't really practical for lists to just
> say they are breaking the rules so we won't let them play anymore. (If
> only for the old days of usenet where abusive servers were given the
> "death penalty" and they lost their connectivity for a while).

I t think your comments are compatible with DMARC being the
"interloper", as Stephen put it. DMARC (whether in general or in terms
of Yahoo's and AOL's use/misuse/abuse of it) is the interloper (i.e.
newcomer) that is in practice impacting pre-existing and legitimate
usage patterns.

I agree that the idea behind DMARC is a good one the reality is less good.

Whilst Yahoo and AOL are the ones who have chosen to use/misuse/abuse
DMARC in this way, it could also be said that DMARC (and all its backers
on its current form) are to blame precisely because DMARC *allows*
Yahoo's/AOL's behaviour. If the standard has been properly finished and
properly thought through from all angles then ways could surely have
been found to allow it to be used without harming existing,
standards-compliant behaviour. The consortium behind DMARC simply
weren't willing to wait or play along. It seems that some of them were
particularly desperate and were willing to harm interoperability.



-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From markr at signal100.com  Sun May 25 17:31:24 2014
From: markr at signal100.com (Mark Rousell)
Date: Sun, 25 May 2014 16:31:24 +0100
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <C686071A-3A3F-4DB5-8AE6-D2B26F1936D0@rc.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <C686071A-3A3F-4DB5-8AE6-D2B26F1936D0@rc.org>
Message-ID: <53820CCC.4070108@signal100.com>

On 24/05/2014 23:12, Allan Hansen wrote:
> The idea of using the list address as the From: address is not good.
> It hides the sender and it messes up the archives.

It seems to me that this can be mitigated in the long term if archive
software (and mail clients for that matter) can be altered to recognise
the X-Original-From header. Yahoo Groups are adding this to their mail
lists and it seems like a good idea (although I am not for a second
suggesting that it is the whole answer to the problem).


-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From markr at signal100.com  Sun May 25 17:48:38 2014
From: markr at signal100.com (Mark Rousell)
Date: Sun, 25 May 2014 16:48:38 +0100
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
Message-ID: <538210D6.1010307@signal100.com>

What do you think of Yahoo Groups' From munging style and their
X-Original-From header?

Here is an example:

X-Original-From: Mark Rousell <markr at signal100.com>
From: "Mark Rousell markr at signal100.com [some-mail-list]"
	<some-mail-list at yahoogroups.com>


I feel this is one of the better combinations of munging and new
headers. All the information is there (and is very clear) and the
X-Original-From header could (in due course) be recognised by mail
clients and mailing list archive software.

I realise that this falls foul of
http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html
and yet it does seem to offer many benefits, especially the
X-Original-From header and the promise it holds for automated recognition.

It is also possible to add X-Original-From to the .INVALID/.REMOVEME
munging that some prefer too:

X-Original-From: Mark Rousell <markr at p-reject-domain.com>
From: "Mark Rousell [via some-mail-list]"
	<markr at p-reject-domain.com.REMOVEME>



Any thoughts?



-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From mark at msapiro.net  Sun May 25 18:52:43 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 25 May 2014 09:52:43 -0700
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <53814D0F.1080001@sourpuss.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net> <538123A4.9090409@msapiro.net>
 <53814D0F.1080001@sourpuss.net>
Message-ID: <53821FDB.1090102@msapiro.net>

On 05/24/2014 06:53 PM, Jeff Taylor wrote:
> Its odd, I could have sworn the slicing used to be done per recipient,
> not per message.  I've had to check logs for a client to confirm her
> messages went out, and generally had check all three machines to verify
> every user received the message.


Mailman's outgoing message which includes the addresses of all
recipients in the message's metadata is in one out/ queue entry.
Whatever slice that's in, it will be picked up by the OutgoingRunner
processing that slice of the queue and all recipients will be delivered
to that runner's outgoing MTA (default on localhost).

Perhaps there is also some load balancing between MTAs that allows them
to share the delivery.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Sun May 25 19:27:42 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Mon, 26 May 2014 03:27:42 +1000
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <538210D6.1010307@signal100.com>
References: <538210D6.1010307@signal100.com>
Message-ID: <234AA5C5-55FC-4736-9238-E460324E0C25@nuw.org.au>

I'm not comfortable with an email address in the display name not matching the real address. If I saw that in a non list email, it would look spammy to me.

I don't like the idea of users getting used to seeing that sort of thing as normal, and there's the problem that lots of mail clients will only show the first few characters of the long display name. Would this be better:
From: " [some-mail-list] Mark Rousell markr at signal100.com <some-mail-list at yahoogroups.com>

Peter Shute

Sent from my iPad

> On 26 May 2014, at 1:49 am, "Mark Rousell" <markr at signal100.com> wrote:
> 
> What do you think of Yahoo Groups' From munging style and their
> X-Original-From header?
> 
> Here is an example:
> 
> X-Original-From: Mark Rousell <markr at signal100.com>
> From: "Mark Rousell markr at signal100.com [some-mail-list]"
>    <some-mail-list at yahoogroups.com>
> 
> 
> I feel this is one of the better combinations of munging and new
> headers. All the information is there (and is very clear) and the
> X-Original-From header could (in due course) be recognised by mail
> clients and mailing list archive software.
> 
> I realise that this falls foul of
> http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html
> and yet it does seem to offer many benefits, especially the
> X-Original-From header and the promise it holds for automated recognition.
> 
> It is also possible to add X-Original-From to the .INVALID/.REMOVEME
> munging that some prefer too:
> 
> X-Original-From: Mark Rousell <markr at p-reject-domain.com>
> From: "Mark Rousell [via some-mail-list]"
>    <markr at p-reject-domain.com.REMOVEME>
> 
> 
> 
> Any thoughts?
> 
> 
> 
> -- 
> Mark Rousell
> 
> PGP public key: http://www.signal100.com/markr/pgp
> Key ID: C9C5C162
> 
> 
> 
> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/pshute%40nuw.org.au

From Richard at Damon-Family.org  Sun May 25 19:48:01 2014
From: Richard at Damon-Family.org (Richard Damon)
Date: Sun, 25 May 2014 13:48:01 -0400
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <538210D6.1010307@signal100.com>
References: <538210D6.1010307@signal100.com>
Message-ID: <53822CD1.5050607@Damon-Family.org>

On 5/25/14, 11:48 AM, Mark Rousell wrote:
> What do you think of Yahoo Groups' From munging style and their
> X-Original-From header?
>
> Here is an example:
>
> X-Original-From: Mark Rousell <markr at signal100.com>
> From: "Mark Rousell markr at signal100.com [some-mail-list]"
> 	<some-mail-list at yahoogroups.com>
>
>
> I feel this is one of the better combinations of munging and new
> headers. All the information is there (and is very clear) and the
> X-Original-From header could (in due course) be recognised by mail
> clients and mailing list archive software.
>
> I realise that this falls foul of
> http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html
> and yet it does seem to offer many benefits, especially the
> X-Original-From header and the promise it holds for automated recognition.
>
> It is also possible to add X-Original-From to the .INVALID/.REMOVEME
> munging that some prefer too:
>
> X-Original-From: Mark Rousell <markr at p-reject-domain.com>
> From: "Mark Rousell [via some-mail-list]"
> 	<markr at p-reject-domain.com.REMOVEME>
>
>
>
> Any thoughts?
>
My view is that any attempt to have the Mail User Agent show a message
that went through a mailing list as if it originated from the original
poster (and only from that poster) is doomed, because the whole point of
DMARC, is that domains that that are using DMARC are indicating that
email that appears to be from their domain is only supposed to get to
you from that domain, and others aren't supposed to be able to
masquerade as it. If mailing list could do it, so could phishers. And if
this became somewhat common, DMARC, to achieve its goal of confirming
sender identity would need to add checking that.

The only possible option for that would be wrapping, where the wrapped
message was EXACTLY as sent (thus no content filtering, and all
additions are added to the wrapper, not the original message).

The problem we are seeing is that we have domains that don't really need
that restriction are using it, and the world is needing to figure out
how to make this work.

The real solution, in my opinion, would be a standard that deals with
how MUA display the senders of messages, and a system similar to https
certificates where domains (or email addresses) that really need
verification could get a certificate and be able to have their addresses
displayed a "verified", email pretending to be from them but not
properly signed could be rejected or marked suspicious, but most
personal mail would just be unverified.  It should make it clear that
any ESP that uses this has an obligation to let is users understand the
rules, and that it users are not allowed to let 3rd parties (like
mailing list or other 3rd party mailers) send on their behalf (unless
the standard allows a given email address to provide a cert to a 3rd
party it indicate they are an authorized remailer for them). This should
deal with the phish problem, at least once people are taught to look for
the verified icon from "important" sources.



-- 
Richard Damon


From markr at signal100.com  Sun May 25 20:01:25 2014
From: markr at signal100.com (Mark Rousell)
Date: Sun, 25 May 2014 19:01:25 +0100
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <234AA5C5-55FC-4736-9238-E460324E0C25@nuw.org.au>
References: <538210D6.1010307@signal100.com>
 <234AA5C5-55FC-4736-9238-E460324E0C25@nuw.org.au>
Message-ID: <53822FF5.2050700@signal100.com>

On 25/05/2014 18:27, Peter Shute wrote:
> I'm not comfortable with an email address in the display name not matching the real address. If I saw that in a non list email, it would look spammy to me.

I agree with you in the case of a non-list email but for a list email it
seems to me to make perfect sense to include the original author's email
address in the comment section and the list's address in the address
section.

> I don't like the idea of users getting used to seeing that sort of thing as normal, and there's the problem that lots of mail clients will only show the first few characters of the long display name. Would this be better:
> From: " [some-mail-list] Mark Rousell markr at signal100.com <some-mail-list at yahoogroups.com>

If a mail client only shows the first few characters then I think
putting the mailing list name first would not be beneficial since users
would not be able to see who wrote the message. The original author's
name really does need to go first in my opinion.

I was alerted to this issue by complaints by the users of a Yahoo Groups
mailing list of which I am a member. They are using Thunderbird which by
default does an address book lookup on the From address. Naturally this
was showing the mailing list name as the message author (for those of
them with the mailing list in their address books) and not the original
author. When the setting ('Show only display name for people in my
address book') was disabled, then they could see the raw contents of the
>From header. Thus the original author's name really does need to appear
first but it would be even better if the mail client recognised the
X-Original-From header.


-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From Richard at Damon-Family.org  Sun May 25 20:07:26 2014
From: Richard at Damon-Family.org (Richard Damon)
Date: Sun, 25 May 2014 14:07:26 -0400
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <53814D0F.1080001@sourpuss.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net> <538123A4.9090409@msapiro.net>
 <53814D0F.1080001@sourpuss.net>
Message-ID: <5382315E.3090206@Damon-Family.org>

On 5/24/14, 9:53 PM, Jeff Taylor wrote:
> Its odd, I could have sworn the slicing used to be done per recipient,
> not per message.  I've had to check logs for a client to confirm her
> messages went out, and generally had check all three machines to
> verify every user received the message.
>
> The rest of the process works as I expected it to.  I think were I
> flubbed up initially (last time I thought it wasn't working right and
> went through my process again) was that I had applied the patch to
> Switchboard.py to all four machines.  Its just weird that it took so
> many restarts (and some reboots) before it started slicing properly
> again.  I haven't made any config changes since I sent my initial plea
> for help to the list last night.
>
> At least now it looks like I have my notes in order and I can finish
> getting rid of the other ubuntu machines.  Thanks for the help!
>
Could your earlier tests have been done with verp or personalization
enabled? That might have made the slicing work per recipient as the
messages were broken up before sending.

-- 
Richard Damon


From Richard at Damon-Family.org  Sun May 25 20:04:20 2014
From: Richard at Damon-Family.org (Richard Damon)
Date: Sun, 25 May 2014 14:04:20 -0400
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <53820C89.8020201@signal100.com>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>	<3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>	<53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538132B4.8050404@Damon-Family.org> <53820C89.8020201@signal100.com>
Message-ID: <538230A4.3050307@Damon-Family.org>

On 5/25/14, 11:30 AM, Mark Rousell wrote:
> (Not sent to list previously, apologies).
>
> On 25/05/2014 01:00, Richard Damon wrote:
>> The "problem" isn't DMARC, the problem is it's abuse by Yahoo and AOL.
>> These are big players, and it isn't really practical for lists to just
>> say they are breaking the rules so we won't let them play anymore. (If
>> only for the old days of usenet where abusive servers were given the
>> "death penalty" and they lost their connectivity for a while).
> I t think your comments are compatible with DMARC being the
> "interloper", as Stephen put it. DMARC (whether in general or in terms
> of Yahoo's and AOL's use/misuse/abuse of it) is the interloper (i.e.
> newcomer) that is in practice impacting pre-existing and legitimate
> usage patterns.
>
> I agree that the idea behind DMARC is a good one the reality is less good.
>
> Whilst Yahoo and AOL are the ones who have chosen to use/misuse/abuse
> DMARC in this way, it could also be said that DMARC (and all its backers
> on its current form) are to blame precisely because DMARC *allows*
> Yahoo's/AOL's behaviour. If the standard has been properly finished and
> properly thought through from all angles then ways could surely have
> been found to allow it to be used without harming existing,
> standards-compliant behaviour. The consortium behind DMARC simply
> weren't willing to wait or play along. It seems that some of them were
> particularly desperate and were willing to harm interoperability.
>
My understanding is that DMARC WAS going through the standardization
process, and actually was to the state where experimental use was
justified (and in some sense actually required). The problem that
happened is that Yahoo jumped into the limited clinical trial and
experimented with millions before we had a chance to find out the side
effects of the medicine.

I suppose that the communities response should have been to just kick
off all Yahoo (and later AOL) users from mailing list (as that is really
one meaning of the DMARC setting announced), but the community had too
much compassion for the "innocent" users (since the real problem was
with Yahoo "management" not it's users). Perhaps if we had been
hard-lined, they would get enough complaints and people leaving to force
them to change their mind, but I more expect we would have punished a
lot of innocent users who really don't want to go through the hassle of
changing email providers, and are more apt to just drop off mailing lists. 

-- 
Richard Damon


From shdwdrgn at sourpuss.net  Sun May 25 20:14:52 2014
From: shdwdrgn at sourpuss.net (Jeff Taylor)
Date: Sun, 25 May 2014 12:14:52 -0600
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <53821FDB.1090102@msapiro.net>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net> <538123A4.9090409@msapiro.net>
 <53814D0F.1080001@sourpuss.net> <53821FDB.1090102@msapiro.net>
Message-ID: <5382331C.1020200@sourpuss.net>

There is some load-balancing on the incoming side that splits messages 
between servers, but nothing on the outgoing side.  Mailman is run 
directly on each of the SMTP servers.  I started doing the slicing 
awhile back when I was having trouble with mailman crashing 
occasionally, and wanted to add more redundancy to ensure the out queue 
would get processed, even if it took a couple minutes for a backup 
machine to get to them.

On 05/25/2014 10:52 AM, Mark Sapiro wrote:
> On 05/24/2014 06:53 PM, Jeff Taylor wrote:
>> Its odd, I could have sworn the slicing used to be done per recipient,
>> not per message.  I've had to check logs for a client to confirm her
>> messages went out, and generally had check all three machines to verify
>> every user received the message.
>
> Mailman's outgoing message which includes the addresses of all
> recipients in the message's metadata is in one out/ queue entry.
> Whatever slice that's in, it will be picked up by the OutgoingRunner
> processing that slice of the queue and all recipients will be delivered
> to that runner's outgoing MTA (default on localhost).
>
> Perhaps there is also some load balancing between MTAs that allows them
> to share the delivery.
>


From mark at msapiro.net  Sun May 25 20:15:04 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 25 May 2014 11:15:04 -0700
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <5382315E.3090206@Damon-Family.org>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net> <538123A4.9090409@msapiro.net>
 <53814D0F.1080001@sourpuss.net> <5382315E.3090206@Damon-Family.org>
Message-ID: <53823328.2080401@msapiro.net>

On 05/25/2014 11:07 AM, Richard Damon wrote:

> Could your earlier tests have been done with verp or personalization
> enabled? That might have made the slicing work per recipient as the
> messages were broken up before sending.


That wouldn't do it. The VERPing or personalization is done in the
OutgoingRunner process which will still be the one process doing the
SMTP for all recipients. The only way this won't happen is if some
recipients are refused during SMTP and the message is requeued for retry
of the failed recipients. The requeued message might then be in a
different slice.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From shdwdrgn at sourpuss.net  Sun May 25 20:12:12 2014
From: shdwdrgn at sourpuss.net (Jeff Taylor)
Date: Sun, 25 May 2014 12:12:12 -0600
Subject: [Mailman-Users] Problems with multi-machine slicing
In-Reply-To: <5382315E.3090206@Damon-Family.org>
References: <5380B210.5050905@sourpuss.net> <5380D37C.6020905@msapiro.net>
 <5380EFAB.7000602@sourpuss.net> <5380F4FA.6060709@msapiro.net>
 <538117A6.2040801@sourpuss.net> <538123A4.9090409@msapiro.net>
 <53814D0F.1080001@sourpuss.net> <5382315E.3090206@Damon-Family.org>
Message-ID: <5382327C.10401@sourpuss.net>

I'm honestly not sure about that.  Other than the slicing, mailman is 
pretty much set up with defaults.  The only changes I make on the lists 
is setting them so that replies only come back to the admin, not to the 
entire list (they are mostly used to send notices to cell phones as text 
messages).

On 05/25/2014 12:07 PM, Richard Damon wrote:
> On 5/24/14, 9:53 PM, Jeff Taylor wrote:
>> Its odd, I could have sworn the slicing used to be done per recipient,
>> not per message.  I've had to check logs for a client to confirm her
>> messages went out, and generally had check all three machines to
>> verify every user received the message.
>>
>> The rest of the process works as I expected it to.  I think were I
>> flubbed up initially (last time I thought it wasn't working right and
>> went through my process again) was that I had applied the patch to
>> Switchboard.py to all four machines.  Its just weird that it took so
>> many restarts (and some reboots) before it started slicing properly
>> again.  I haven't made any config changes since I sent my initial plea
>> for help to the list last night.
>>
>> At least now it looks like I have my notes in order and I can finish
>> getting rid of the other ubuntu machines.  Thanks for the help!
>>
> Could your earlier tests have been done with verp or personalization
> enabled? That might have made the slicing work per recipient as the
> messages were broken up before sending.
>


From markr at signal100.com  Sun May 25 20:31:39 2014
From: markr at signal100.com (Mark Rousell)
Date: Sun, 25 May 2014 19:31:39 +0100
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <53822CD1.5050607@Damon-Family.org>
References: <538210D6.1010307@signal100.com>
 <53822CD1.5050607@Damon-Family.org>
Message-ID: <5382370B.3030100@signal100.com>

On 25/05/2014 18:48, Richard Damon wrote:
> On 5/25/14, 11:48 AM, Mark Rousell wrote:
> My view is that any attempt to have the Mail User Agent show a message
> that went through a mailing list as if it originated from the original
> poster (and only from that poster) is doomed, because the whole point of
> DMARC, is that domains that that are using DMARC are indicating that
> email that appears to be from their domain is only supposed to get to
> you from that domain, and others aren't supposed to be able to
> masquerade as it.

Three initial responses to this occur to me:

(1) Who says that DMARC will be successful? (Note that I am not opposed
to DMARC or its intent but there is no guarantee of its long term success).

(2) In any case, this is not the problem of mailing lists or mail clients.

(3) Both forms of munging (both Yahoo's and the .INVALID approach), with
or without the X-Original-From header, do *not* make it seem as if a
message did not go through a mailing list. Indeed, they are simply ways
of making it clear who the original author of a message was whilst not
hiding that the message went through a mailing list.

See also below: I *do not* in fact think that this attacks DMARC.

> If mailing list could do it, so could phishers.

Scammers and spammers do what they can. They will do what they can
regardless of what other people do in order to continue operating
effectively.

One might also observe that if "p=reject" DMARC users effectively
externalise some aspects of their spam problem, it seems only
appropriate and pragmatic for the rest of us to similarly externalise
the problems so created.

> And if
> this became somewhat common, DMARC, to achieve its goal of confirming
> sender identity would need to add checking that.

Not necessarily. There are two aspects to DMARC's protection mechanism:
(1) What users of email from DMARC policy publishing domains see, and
(2) what mail servers do before the user sees the email (if the user
sees it at all).

Whilst mail client recognition of the X-Original-From header would alter
what users see (which is in fact a key goal in this context, not a bug),
DMARC would nevertheless still be effective in terms of its own design
goals in that mail servers could still adhere to DMARC and reject or
spamfilter non-compliant messages.

Why would this be harmless for mail lists but bad for spam? Because From
munging and mail client parsing of the X-Original-From header will not
impact on the automated effectiveness of DMARC in preventing users from
seeing spam: Spammers would still be left with the difficulty of
obtaining a valid DKIM header that aligns with their chosen From address
whereas legitimate mail lists would not have this problem.

To put it another way, spammers might well use X-Original-From but this
would not help them to get end users to see their spam emails if mail
servers block or spamfilter non-DMARC-compliant messages (whereas mail
lists emails would get through fine).

> The only possible option for that would be wrapping, where the wrapped
> message was EXACTLY as sent (thus no content filtering, and all
> additions are added to the wrapper, not the original message).

Yes, wrapping would be ideal but I reckon this would be even more
difficult in terms of mail client acceptance than X-Original-From would
be. In other words, getting mail clients to correctly view wrapped
messages is not going to happen any time soon but recognising and
parsing X-Original-From (if it is present) is an easier thing to code.

> The problem we are seeing is that we have domains that don't really need
> that restriction are using it, and the world is needing to figure out
> how to make this work.

I agree and the above (a combination of semantically useful From munging
and a programmatically parseable X-Original-From header that does *not*
interfere with automated DMARC filtering by mail servers) seems to me to
be the basis of an effective and de facto-standardisable workaround to it.

> The real solution, in my opinion, would be a standard that deals with
> how MUA display the senders of messages, and a system similar to https
> certificates where domains (or email addresses) that really need
> verification could get a certificate and be able to have their addresses
> displayed a "verified", email pretending to be from them but not
> properly signed could be rejected or marked suspicious, but most
> personal mail would just be unverified.  It should make it clear that
> any ESP that uses this has an obligation to let is users understand the
> rules, and that it users are not allowed to let 3rd parties (like
> mailing list or other 3rd party mailers) send on their behalf (unless
> the standard allows a given email address to provide a cert to a 3rd
> party it indicate they are an authorized remailer for them). This should
> deal with the phish problem, at least once people are taught to look for
> the verified icon from "important" sources.

A good idea in theory but I suspect it falls down on the user education
part. Most users don't learn.

The number of parties who would need to convert to it is also
problematic, but conceivably something like this might be a part of some
entirely new mail system, an as yet imaginary "MTPng" or similar.


-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From markr at signal100.com  Sun May 25 20:36:01 2014
From: markr at signal100.com (Mark Rousell)
Date: Sun, 25 May 2014 19:36:01 +0100
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <538230A4.3050307@Damon-Family.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>	<3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>	<53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538132B4.8050404@Damon-Family.org> <53820C89.8020201@signal100.com>
 <538230A4.3050307@Damon-Family.org>
Message-ID: <53823811.8020003@signal100.com>

On 25/05/2014 19:04, Richard Damon wrote:
> I suppose that the communities response should have been to just kick
> off all Yahoo (and later AOL) users from mailing list (as that is really
> one meaning of the DMARC setting announced), but the community had too
> much compassion for the "innocent" users (since the real problem was
> with Yahoo "management" not it's users). Perhaps if we had been
> hard-lined, they would get enough complaints and people leaving to force
> them to change their mind, but I more expect we would have punished a
> lot of innocent users who really don't want to go through the hassle of
> changing email providers, and are more apt to just drop off mailing lists. 

Sadly I don't think this would have worked (although there might still
be time). It seems to me that the reason that Yahoo and AOL (especially
Yahoo) can get away with this at all is because of their market size.
All mail lists providers are tiny in terms of Yahoo's size and so what
they do has no real effect on Yahoo. Yahoo doesn't need to care if a few
of its users are inconvenienced; on their scale of operations it will
never be enough people to matter.


-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From johnl at taugh.com  Sun May 25 22:13:23 2014
From: johnl at taugh.com (John Levine)
Date: 25 May 2014 20:13:23 -0000
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <538230A4.3050307@Damon-Family.org>
Message-ID: <20140525201323.69530.qmail@joyce.lan>

>My understanding is that DMARC WAS going through the standardization
>process, and actually was to the state where experimental use was
>justified (and in some sense actually required). ...

No, not at all.  DMARC was designed and implemented by a small closed
group of large companies listed on the DMARC web site at
http://www.dmarc.org/about.html

It had been running for about two years at various ISPs with little
trouble until AOL and Yahoo jumped the shark last month.  There are
free libraries which work pretty well, and I've been collecting DMARC
reports on my various domains since Feb 2012 (but not, of course,
paying attention to anyone's published policies on inbound mail.)

The DMARC group has asked the RFC Editor to publish the spec as a
non-standards-track non-IETF independent submission.  There was
briefly talk of making it standards track until the DMARC group
realized that gave the IETF change control, and we likely would change
it, which they didn't want.  The RFC Editor is currently thinking
about it, and probably will publish on the theory that even if it's a
bad idea, it might as well be documented.

R's,
John

PS: This is first hand. I know the people involved.

From mark at msapiro.net  Mon May 26 02:31:59 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 25 May 2014 17:31:59 -0700
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <5382370B.3030100@signal100.com>
References: <538210D6.1010307@signal100.com>
 <53822CD1.5050607@Damon-Family.org> <5382370B.3030100@signal100.com>
Message-ID: <53828B7F.1090504@msapiro.net>

On 05/25/2014 11:31 AM, Mark Rousell wrote:
> 
> Whilst mail client recognition of the X-Original-From header would alter
> what users see (which is in fact a key goal in this context, not a bug),
> DMARC would nevertheless still be effective in terms of its own design
> goals in that mail servers could still adhere to DMARC and reject or
> spamfilter non-compliant messages.


Until spammers figure out they can send mail

From: spammer at evildomain.com
X-Original-From: whatever at yahoo.com

DMARC doesn't stop it because evildomain.com doesn't publish a DMARC
policy, and the 'evolved' MUAs display the message as if it's from
whatever at yahoo.com, just what DMARC is intended to stop.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From johnl at taugh.com  Mon May 26 04:22:19 2014
From: johnl at taugh.com (John Levine)
Date: 26 May 2014 02:22:19 -0000
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <53828B7F.1090504@msapiro.net>
Message-ID: <20140526022219.70585.qmail@joyce.lan>

>Until spammers figure out they can send mail
>
>From: spammer at evildomain.com
>X-Original-From: whatever at yahoo.com

This is one of the most annoying things about Yahoo and AOL's misuse
of DMARC -- they're practically forcing people to use hacks to show
unauthenticated fake From: lines.

R's,
John



From markr at signal100.com  Mon May 26 06:23:20 2014
From: markr at signal100.com (Mark Rousell)
Date: Mon, 26 May 2014 05:23:20 +0100
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <53828B7F.1090504@msapiro.net>
References: <538210D6.1010307@signal100.com>
 <53822CD1.5050607@Damon-Family.org> <5382370B.3030100@signal100.com>
 <53828B7F.1090504@msapiro.net>
Message-ID: <5382C1B8.30107@signal100.com>

On 26/05/2014 01:31, Mark Sapiro wrote:
> On 05/25/2014 11:31 AM, Mark Rousell wrote:
>>
>> Whilst mail client recognition of the X-Original-From header would
>> alter what users see (which is in fact a key goal in this context,
>> not a bug), DMARC would nevertheless still be effective in terms of
>> its own design goals in that mail servers could still adhere to
>> DMARC and reject or spamfilter non-compliant messages.
>
>
> Until spammers figure out they can send mail
>
> From: spammer at evildomain.com
> X-Original-From: whatever at yahoo.com
>
> DMARC doesn't stop it because evildomain.com doesn't publish a DMARC
> policy, and the 'evolved' MUAs display the message as if it's from
> whatever at yahoo.com, just what DMARC is intended to stop.

Yup, I understand that. However:

a) It seems to me that this or something like it (i.e. new de facto
standard headers to work around the problem) is surely an almost
inevitable outcome anyway.

b) The way things are going all domains will sooner or later publish a
DMARC policy if they want their mail to be accepted anywhere.

c) In fact, I rather assumed in my suggestion (but did not explicitly
state it, apologies) that lack of a DMARC policy (or whatever comes
after DMARC) will, in and of itself, sooner or later have the effect of
massively increasing an email's chance of being rejected or quarantined.

d) It seems very clear that the goal of the DMARC project is for *every*
domain to publish a DMARC policy and they don't care about domains that
don't publish a DMARC policy. Their market volume means that they have
stolen the lead from IETF and others will follow. Something like
X-Original-From is just, in effect, following their lead.

e) It is not our problem. As I said, if "p=reject" DMARC users can
effectively externalise some aspects of their spam problem, it seems
only appropriate and pragmatic for the rest of us to similarly
externalise the problems so created.


In short, X-Original-From becoming a de facto standard would benefit the
users of mail clients receiving mail from legitimate resenders such as
mail lists (admittedly when taken together with a presumption that lack
of DMARC would automatically cause a very high spam score either on
receiving mail servers or in the mail client itself).

I also envisage a UI that highlights the fact that a X-Original-From
header is being used and that the sending domain does not publish a
DMARC policy (in suitably end user-friendly language). A user might be
able to whitelist mail from mail lists known to him/her with a single
click/tap without having to understand the underlying issues.

[I do note that none of this would not alleviate the issue of spam sent
through a mail server that does issue a DMARC policy and correctly
aligns its From field with the policy but that is a separate issue.
Notably it seems to me that DMARC will only increase the attempts by
spammers/scammers to hijack accounts on ESPs like Yahoo!]

I admit that in taking this domineering attitude I am simply following
the technique of social engineering demonstrated by the DMARC group: By
pushing through a change they are forcing others to follow suit and/or
adapt.

It's not how I'd like things to be but we seem to be entering a world
where Internet protocols are driven less by voluntary adherence to
widely agreed standards and more by what some groups can push through.
If one can't beat them, perhaps one should join them in their approach!



-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From markr at signal100.com  Mon May 26 06:27:50 2014
From: markr at signal100.com (Mark Rousell)
Date: Mon, 26 May 2014 05:27:50 +0100
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <20140526022219.70585.qmail@joyce.lan>
References: <20140526022219.70585.qmail@joyce.lan>
Message-ID: <5382C2C6.7010801@signal100.com>

On 26/05/2014 03:22, John Levine wrote:
>> Until spammers figure out they can send mail
>>
>> From: spammer at evildomain.com
>> X-Original-From: whatever at yahoo.com
> 
> This is one of the most annoying things about Yahoo and AOL's misuse
> of DMARC -- they're practically forcing people to use hacks to show
> unauthenticated fake From: lines.

Indeed. It's a natural response. We might as well accept it and make the
best of it.



-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From stephen at xemacs.org  Mon May 26 06:46:02 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 26 May 2014 13:46:02 +0900
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <538230A4.3050307@Damon-Family.org>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
 <53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538132B4.8050404@Damon-Family.org>
 <53820C89.8020201@signal100.com>
 <538230A4.3050307@Damon-Family.org>
Message-ID: <87zji587w5.fsf@uwakimon.sk.tsukuba.ac.jp>

Richard Damon writes:
 > On 5/25/14, 11:30 AM, Mark Rousell wrote:

 > > Whilst Yahoo and AOL are the ones who have chosen to
 > > use/misuse/abuse DMARC in this way, it could also be said that
 > > DMARC (and all its backers on its current form) are to blame
 > > precisely because DMARC *allows* Yahoo's/AOL's behaviour.

The "p=reject" policy option is useful, perhaps necessary, to prevent
phishing at financial institutions.  My bank (Tokyo-Mitsubishi-UFJ) is
in a total panic to the point where they are running a major
television campaign (multiple channels, hitting all the major
demographics) displaying a typical MUA (Outlook, of course) showing a
typical phishing message and putting a big red X over the password
input field.

 > > If the standard has been properly finished and properly thought
 > > through from all angles then ways could surely have been found to
 > > allow it to be used without harming existing, standards-compliant
 > > behaviour.

DMARC's purely informational protocols have been in use successfully
for years, and nobody ever noticed.  Some banks have been using
"p=reject" for quite a long time (more than a year), and nobody ever
noticed.

 > > The consortium behind DMARC simply weren't willing to wait or
 > > play along.

I don't think the evidence supports that belief.  The design of the
protocol has been very careful, with multiple ways to mitigate the
kind of effects we saw in April.  Yahoo! and AOL simply don't care who
gets hurt as long as they can present it to their own users as a
necessary measure to combat spam (and other mail abuse).

 > My understanding is that DMARC WAS going through the standardization
 > process, and actually was to the state where experimental use was
 > justified (and in some sense actually required). The problem that
 > happened is that Yahoo jumped into the limited clinical trial and
 > experimented with millions before we had a chance to find out the side
 > effects of the medicine.

According to one of the editors of the Internet Draft (message to a
closed list), use by ESPs of "p=reject" was never envisioned by the
working group, and he believed (until it actually happened) that
Yahoo!  and AOL knew that because they have active representatives in
the group.  I'm not sure I really believe that, since one of the DMARC
proponents on Mailman channels clearly believes that any problems are
the fault of misconfigured lists, and one of the editors of the DMARC
Internet Draft has a Yahoo! affiliation listed.

 > I suppose that the communities response should have been to just kick
 > off all Yahoo (and later AOL) users from mailing list (as that is really
 > one meaning of the DMARC setting announced), but the community had too
 > much compassion for the "innocent" users

In many cases, there's no "compassion" involved, just a hard-headed
business calculation about whether the list can afford to offend the
paying customers.  In any case, it's pretty clear that

 > a lot of innocent users ... really don't want to go through the
 > hassle of changing email providers, and are more apt to just drop
 > off mailing lists.

which both AOL and Yahoo! would find convenient for their own busienss
models.  (I don't think that's their aim, I just don't think they'll
shed any tears as long as their spin control is successful.)

So I certainly don't recommend it if you don't have substantial and
unshakably legitimate influence over your subscribers.

*I* can and do play hardball, and (as mentioned in a previous post)
the fiasco at yahoo.com triggered a reaction in the Japanese research
and education communities (including an official advisory from the
Ministry of Education, Culture, Science and Technology), so that
students and to some extent faculty and researcher have switched to
GMail en masse -- entirely unnecessary since yahoo.co.jp doesn't seem
to publish a DMARC policy at all!

But my situation is very unusual.

Steve

From markr at signal100.com  Mon May 26 07:12:44 2014
From: markr at signal100.com (Mark Rousell)
Date: Mon, 26 May 2014 06:12:44 +0100
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <87zji587w5.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
 <53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538132B4.8050404@Damon-Family.org> <53820C89.8020201@signal100.com>
 <538230A4.3050307@Damon-Family.org>
 <87zji587w5.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5382CD4C.4050400@signal100.com>

On 26/05/2014 05:46, Stephen J. Turnbull wrote:
> Richard Damon writes:
>  > On 5/25/14, 11:30 AM, Mark Rousell wrote:
> 
>  > > Whilst Yahoo and AOL are the ones who have chosen to
>  > > use/misuse/abuse DMARC in this way, it could also be said that
>  > > DMARC (and all its backers on its current form) are to blame
>  > > precisely because DMARC *allows* Yahoo's/AOL's behaviour.
> 
> The "p=reject" policy option is useful, perhaps necessary, to prevent
> phishing at financial institutions.  My bank (Tokyo-Mitsubishi-UFJ) is
> in a total panic to the point where they are running a major
> television campaign (multiple channels, hitting all the major
> demographics) displaying a typical MUA (Outlook, of course) showing a
> typical phishing message and putting a big red X over the password
> input field.
> 
>  > > If the standard has been properly finished and properly thought
>  > > through from all angles then ways could surely have been found to
>  > > allow it to be used without harming existing, standards-compliant
>  > > behaviour.
> 
> DMARC's purely informational protocols have been in use successfully
> for years, and nobody ever noticed.  Some banks have been using
> "p=reject" for quite a long time (more than a year), and nobody ever
> noticed.

Of course (in fact I recently said words to the same effect as what you
say here on the mozilla.support.thunderbird group when the problem was
raised there) but the issue at hand is not appropriate usage of
"p=reject": The issue at hand is *inappropriate* usage of "p=reject" and
the way that the protocol in effect almost encourages this (or at least
naturally tends in that direction for a business who is desperate
enough). It seems to me that if a protocol so easily allows (or even
effectively encourages) usage that craps on existing legitimate Internet
usage then the protocol (and its designers) must be in part to blame.

> I don't think the evidence supports that belief.  The design of the
> protocol has been very careful, with multiple ways to mitigate the
> kind of effects we saw in April.

Oh yes, the protocol has been well designed but it has been well
designed by its backers who were naturally looking at it *from a certain
perspective*. The protocol has been well designed to achieve certain
aims and it is likely to be successful at achieving them (including via
Yahoo's and AOL's particular implementation, inappropriate though it is).

If a perhaps wider range of perspectives had been involved, i.e. if it
had been developed through IETF, then perhaps misuse/abuse of the sort
that Yahoo and AOL have demonstrated would have been less easy or less
tempting for them.

> Yahoo! and AOL simply don't care who
> gets hurt as long as they can present it to their own users as a
> necessary measure to combat spam (and other mail abuse).

Exactly. But they have gone ahead and done it, and they have gone ahead
and done it because they can and because the protocol as it stands
almost encourages (and certainly does not discourage) such behaviour.
Yes, they don't care but it seems to me that a protocol that does
nothing to prevent or discourage such behaviour must be to blame too.

> According to one of the editors of the Internet Draft (message to a
> closed list), use by ESPs of "p=reject" was never envisioned by the
> working group, and he believed (until it actually happened) that
> Yahoo!  and AOL knew that because they have active representatives in
> the group.  I'm not sure I really believe that, since one of the DMARC
> proponents on Mailman channels clearly believes that any problems are
> the fault of misconfigured lists, and one of the editors of the DMARC
> Internet Draft has a Yahoo! affiliation listed.

Interesting.

If it is true that the designers never foresaw Yahoo's and AOL's style
of misuse then this seems to me to confirm my point: That a wider range
of perspectives, which the IETF would hopefully have brought to it,
might have helped make possible misuses/abuses clear.

> *I* can and do play hardball, and (as mentioned in a previous post)
> the fiasco at yahoo.com triggered a reaction in the Japanese research
> and education communities (including an official advisory from the
> Ministry of Education, Culture, Science and Technology), so that
> students and to some extent faculty and researcher have switched to
> GMail en masse -- entirely unnecessary since yahoo.co.jp doesn't seem
> to publish a DMARC policy at all!

That's good to hear. Perhaps Yahoo will notice this since I understand
that their shareholding in the Japanese company is profitable for them.



-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From stephen at xemacs.org  Mon May 26 08:24:12 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 26 May 2014 15:24:12 +0900
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <20140526022219.70585.qmail@joyce.lan>
References: <53828B7F.1090504@msapiro.net>
 <20140526022219.70585.qmail@joyce.lan>
Message-ID: <87y4xp83cj.fsf@uwakimon.sk.tsukuba.ac.jp>

John Levine writes:

 > This is one of the most annoying things about Yahoo and AOL's misuse
 > of DMARC -- they're practically forcing people to use hacks to show
 > unauthenticated fake From: lines.

Not only that, they're doing it themselves. :-(



From markr at signal100.com  Mon May 26 08:35:56 2014
From: markr at signal100.com (Mark Rousell)
Date: Mon, 26 May 2014 07:35:56 +0100
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <87y4xp83cj.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53828B7F.1090504@msapiro.net>
 <20140526022219.70585.qmail@joyce.lan>
 <87y4xp83cj.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5382E0CC.8090602@signal100.com>

On 26/05/2014 07:24, Stephen J. Turnbull wrote:
> John Levine writes:
> 
>  > This is one of the most annoying things about Yahoo and AOL's misuse
>  > of DMARC -- they're practically forcing people to use hacks to show
>  > unauthenticated fake From: lines.
> 
> Not only that, they're doing it themselves. :-(

To be fair, they are only including X-Original-From in their mail lists.
No one actually parses it yet as far as I know.

It's up to mail client developers and addon developers to start parsing
it in some way. But this is inevitable, isn't it...


-- 
Mark Rousell

PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
 
 
 


From turnbull at sk.tsukuba.ac.jp  Mon May 26 10:01:19 2014
From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Mon, 26 May 2014 17:01:19 +0900
Subject: [Mailman-Users] [Spam] Re: Digest option for Yahoo and AOL
 subscribers?
In-Reply-To: <20140525201323.69530.qmail@joyce.lan>
References: <538230A4.3050307@Damon-Family.org>
 <20140525201323.69530.qmail@joyce.lan>
Message-ID: <87wqd97yuo.fsf@uwakimon.sk.tsukuba.ac.jp>

John Levine writes:

 > >My understanding is that DMARC WAS going through the standardization
 > >process, and actually was to the state where experimental use was
 > >justified (and in some sense actually required). ...
 > 
 > No, not at all.  DMARC was designed and implemented by a small closed
 > group of large companies listed on the DMARC web site at
 > http://www.dmarc.org/about.html

That's a tiny bit unfair.  Our sister list, mailman-developers, has
been aware of DMARC for at least three years, and our opinions and
even participation have been solicited on at least two occasions.

 > The DMARC group has asked the RFC Editor to publish the spec as a
 > non-standards-track non-IETF independent submission.  There was
 > briefly talk of making it standards track until the DMARC group
 > realized that gave the IETF change control, and we likely would change
 > it, which they didn't want.  The RFC Editor is currently thinking
 > about it, and probably will publish on the theory that even if it's a
 > bad idea, it might as well be documented.

If it goes that way, we should write a one-line BCP:

              Best Current Practice for DMARC "p=reject"

    If your name isn't "J. P. Morgan", don't.

Well, make that two lines:

    AOL and Yahoo!, wake up!  THIS MEANS YOU.

Hm.  AFAICT sec. 3(a)(ii) of "Legal Provisions Relating to IETF
Documents" allows us to make only the necessary changes to their
document, and submit our version to the standards track.  That might
be amusing! :-)


From stephen at xemacs.org  Mon May 26 11:08:02 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Mon, 26 May 2014 18:08:02 +0900
Subject: [Mailman-Users] Digest option for Yahoo and AOL subscribers?
In-Reply-To: <5382CD4C.4050400@signal100.com>
References: <mailman.54133.1399941150.18129.mailman-users@python.org>
 <3145944D-EF97-43B3-A8E6-42CC966F4AE0@rc.org>
 <53810EA8.4050208@Damon-Family.org>
 <87fvjyak3y.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538132B4.8050404@Damon-Family.org>
 <53820C89.8020201@signal100.com>
 <538230A4.3050307@Damon-Family.org>
 <87zji587w5.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5382CD4C.4050400@signal100.com>
Message-ID: <87vbss9abx.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Rousell writes:

 > It seems to me that if a protocol so easily allows (or even
 > effectively encourages) usage that craps on existing legitimate
 > Internet usage then the protocol (and its designers) must be in
 > part to blame.

I don't see any real difference between ESP abuse of "p=reject" and
spam itself, though.  They both use others' resources to accomplish
one's own purposes while harming 3rd parties.  as you may know,
well-meaning people have long argued "freedom of speech" as a moral
justification for spam and Usenet bots and so on.  Well, well-meaning
people are arguing "spam-fighting" as a moral justification for ESP
(ab)use of "p=reject" now.  "To a yahoo with a hammer, every problem
looks like a thumb."  (With all due disrespect to jwz)

 > Oh yes, the protocol has been well designed but it has been well
 > designed by its backers who were naturally looking at it *from a
 > certain perspective*. The protocol has been well designed to
 > achieve certain aims and it is likely to be successful at achieving
 > them (including via Yahoo's and AOL's particular implementation,
 > inappropriate though it is).

Actually, that's apparently false.  John L linked to or posted a graph
provided by AOL which makes it quite clear that *except for one
particular spammer* DMARC p=reject had *no* effect on spam claiming to
originate from AOL.  It just returned to pre-off-the-charts spamming
level.

It *does* seem to be successful at reducing phishing, for now.
Whether it's reducing damage due to phishing, or just weeding out the
less sophisticated felons, I don't know, and I don't think anybody
does.

 > If a perhaps wider range of perspectives had been involved, i.e. if
 > it had been developed through IETF, then perhaps misuse/abuse of
 > the sort that Yahoo and AOL have demonstrated would have been less
 > easy or less tempting for them.

Maybe, but I don't really see that.  As John L points out, at present
DMARC is a private protocol between "consenting adults", and even if
the IETF publishes a competing standards track RFC, Yahoo! and AOL can
continue to (ab)use it.

 > > Yahoo! and AOL simply don't care who
 > > gets hurt as long as they can present it to their own users as a
 > > necessary measure to combat spam (and other mail abuse).
 > 
 > Exactly. But they have gone ahead and done it, and they have gone
 > ahead and done it because they can

IMO, we could put a period here, because I don't see this:

 > and because the protocol as it stands almost encourages (and
 > certainly does not discourage) such behaviour.

Well, it's quite clear from the document that DMARC is intended to
protect domain names from being used in phishing attacks.  AOL and
Yahoo! did not (and AFAICS cannot) suffer from severe phishing
problems.  They explicitly refer to their spam problem (which
continues) as justification.  There is nothing that the document
authors can do to stop that (except maybe resign in protest if they
work for such a domain :-).

The fact is that "p=reject" has been in use at many domains for a long
time with no problem.  The DMARC consortium is surely aware of the bad
effect it would have on reliable delivery to conventionally configured
mailing lists; we've told them often enough, and I doubt we're the
only ones.  Yahoo!'s and AOL's use of p=reject was an act of
desperation AFAICS; even a MUST NOT in an RFC would not have stopped
them.

 > If it is true that the designers never foresaw Yahoo's and AOL's
 > style of misuse

No, what Murray wrote was that it was understood in the working group
that ESP (ab)use of "p=reject" was inappropriate, and I understood
that he believed that AOL and Yahoo! were part of that consensus.  He
went on to say later that he didn't have any insight as to why they
went ahead and did it.

 > then this seems to me to confirm my point: That a wider range of
 > perspectives, which the IETF would hopefully have brought to it,
 > might have helped make possible misuses/abuses clear.

We have known for a long time that use by ESPs like GMail (which
hasn't yet), Hotmail (which hasn't yet), Yahoo!, and AOL would cause
lots of problems for their users, and given the stubborn response of
Mailman list operators on this list and mailman-developers, they
surely were well aware that very few lists would be prepared.  So they
went and DoS'ed their own users!  (Of course they also clearly planned
to blame, not the victims, but any innocent bystanders.  Still, they
should have known that their users would get DoS'ed, and they did it
anyway.)

What wasn't known (to me, anyway) was the nasty effect that this would
have on bounce processing.  AFAIK, nobody anticipated that.  I don't
see how broader participation would have helped -- the ranking expert
(Mark, take a bow!) on bounce processing has been aware of DMARC for a
long time.  I doubt that Yahoo! and AOL have the technical abilities
to figure it out for themselves (they don't know how Mailman bounce
processing works).  So I don't think a more IETF-based process would
have changed their logic.

It would be nice if the current process could get some discouraging
language into the document, but we'll see how that works over the next
few weeks/months.

Steve




From lucio at lambrate.inaf.it  Mon May 26 14:21:50 2014
From: lucio at lambrate.inaf.it (Lucio Chiappetti)
Date: Mon, 26 May 2014 14:21:50 +0200 (CEST)
Subject: [Mailman-Users] multiple mailing list passwords
Message-ID: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>

I am one of the list administrator/moderator for several mailing lists, 
most of which aren't based on my machine (a few are in another continent), 
so I am not the site admin for them.

In particular three of these are on the same machine, therefore my firefox 
is able to remember the password for one mailing list only (if I reply YES 
to the request to change the stored password, it remembers the one of the 
last mailing list visited).

Is anybody aware of any firefox add-on which allows to remember multiple 
password for one hostname (e.g. based on the full url of the list admin 
page) ?

(Preferably one which does NOT store password outside of the local 
machine)

Thanks

-- 
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html

From adam-mailman at amyl.org.uk  Mon May 26 15:24:23 2014
From: adam-mailman at amyl.org.uk (Adam McGreggor)
Date: Mon, 26 May 2014 14:24:23 +0100
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
References: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <20140526132423.GA17313@hendricks.amyl.org.uk>

On Mon, May 26, 2014 at 02:21:50PM +0200, Lucio Chiappetti wrote:
> I am one of the list administrator/moderator for several mailing
> lists, most of which aren't based on my machine (a few are in
> another continent), so I am not the site admin for them.
>
> In particular three of these are on the same machine, therefore my
> firefox is able to remember the password for one mailing list only
> (if I reply YES to the request to change the stored password, it
> remembers the one of the last mailing list visited).

You might be able to set all passwords to be the same -- within your
options page (e.g.,)

    https://lists.example.com/mailman/options/foobaa/foo at example.org

> Is anybody aware of any firefox add-on which allows to remember
> multiple password for one hostname (e.g. based on the full url of
> the list admin page) ?

LastPass / 1password ? 


-- 
"Some people, when confronted with a problem, think,
 'I know, I'll use regular expressions.'
 Now they have two problems."
    -- Jamie Zawinski

From lucio at lambrate.inaf.it  Mon May 26 16:04:55 2014
From: lucio at lambrate.inaf.it (Lucio Chiappetti)
Date: Mon, 26 May 2014 16:04:55 +0200 (CEST)
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <20140526132423.GA17313@hendricks.amyl.org.uk>
References: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
 <20140526132423.GA17313@hendricks.amyl.org.uk>
Message-ID: <alpine.LSU.2.00.1405261600200.32517@cbfrvqba.ynzoengr.vans.vg>

On Mon, 26 May 2014, Adam McGreggor wrote:

> You might be able to set all passwords to be the same -- within your 
> options page (e.g.,)

I do use the same password for stuff which is mine only, but these are 
shared with other co-moderators. And apparently at NASA they are also 
over-concerned (I got the passwords by snail mail, on paper !!)

>> Is anybody aware of any firefox add-on which allows to remember
>> multiple password for one hostname (e.g. based on the full url of
>> the list admin page) ?
>
> LastPass / 1password ?

I should have added "add-on for firefox ON LINUX". Apparently this 
"1password" (which I did not find in the firefox add-on list) is not 
supported on Linux.

I saw LastPass mentioned, but I gathered it stores passwords elsewhere 
than on my local machine (which I would not like). Is that correct ?

Thanks anyhow

From tanstaafl at libertytrek.org  Mon May 26 16:16:44 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Mon, 26 May 2014 10:16:44 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
References: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <53834CCC.50402@libertytrek.org>

On 5/26/2014 8:21 AM, Lucio Chiappetti <lucio at lambrate.inaf.it> wrote:
> Is anybody aware of any firefox add-on which allows to remember multiple
> password for one hostname (e.g. based on the full url of the list admin
> page) ?

My all time favorite:

www.passwordmaker.org

Doesn't store passwords anywhere (generates the password on the fly 
every time based on the detected URL, and other criteria you set when 
you create a specific account)...

I've been using it for many years, and couldn't live without it. I also 
wrote a lot of the wiki text explaining its usage, so can (and am happy 
to) answer any questions abou it.

It isn't perfect, by any stretch, and I have been toying with the idea 
of switching to KeePass, but I really dislike actually storing the 
passwords anywhere...

From heller at deepsoft.com  Mon May 26 16:17:20 2014
From: heller at deepsoft.com (Robert Heller)
Date: Mon, 26 May 2014 10:17:20 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405261600200.32517@cbfrvqba.ynzoengr.vans.vg>
References: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg> 
 <20140526132423.GA17313@hendricks.amyl.org.uk> 
 <alpine.LSU.2.00.1405261600200.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <201405261417.s4QEHKqt008621@sharky2.deepsoft.com>

At Mon, 26 May 2014 16:04:55 +0200 (CEST) Lucio Chiappetti <lucio at lambrate.inaf.it> wrote:

> 
> On Mon, 26 May 2014, Adam McGreggor wrote:
> 
> > You might be able to set all passwords to be the same -- within your 
> > options page (e.g.,)
> 
> I do use the same password for stuff which is mine only, but these are 
> shared with other co-moderators. And apparently at NASA they are also 
> over-concerned (I got the passwords by snail mail, on paper !!)
> 
> >> Is anybody aware of any firefox add-on which allows to remember
> >> multiple password for one hostname (e.g. based on the full url of
> >> the list admin page) ?
> >
> > LastPass / 1password ?
> 
> I should have added "add-on for firefox ON LINUX". Apparently this 
> "1password" (which I did not find in the firefox add-on list) is not 
> supported on Linux.
> 
> I saw LastPass mentioned, but I gathered it stores passwords elsewhere 
> than on my local machine (which I would not like). Is that correct ?

Yes. LastPass stores passwords on their server and you use one *one* password
to access all others.

> 
> Thanks anyhow
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>    

-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments


                                                           

From malcolm.austen at weald.org.uk  Mon May 26 17:16:31 2014
From: malcolm.austen at weald.org.uk (Malcolm Austen)
Date: Mon, 26 May 2014 16:16:31 +0100
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
References: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <op.xgg2yrptg14ka7@mavivo>

On Mon, 26 May 2014 13:21:50 +0100, Lucio Chiappetti  
<lucio at lambrate.inaf.it> wrote:

> Is anybody aware of any firefox add-on which allows to remember multiple  
> password for one hostname (e.g. based on the full url of the list admin  
> page) ?

Not an FF add-on ... but Opera will do this for you, when saving password  
there's a tick box for 'this page only' as opposed to the default of 'this  
site'.

= Malcolm.

-- 
Malcolm Austen <malcolm.austen at weald.org.uk>
GENUKI trustee <genuki at weald.org.uk>
Oxfordshire FHS webmaster <webmaster at ofhs.org.uk>
PUG chairman <chairman at pugweb.org.uk>
FFHS Communications Officer <communications at ffhs.org.uk>

From cgtyoder at alum.mit.edu  Mon May 26 19:24:45 2014
From: cgtyoder at alum.mit.edu (Conrad G T Yoder)
Date: Mon, 26 May 2014 13:24:45 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405261600200.32517@cbfrvqba.ynzoengr.vans.vg>
References: <alpine.LSU.2.00.1405261415460.32517@cbfrvqba.ynzoengr.vans.vg>
 <20140526132423.GA17313@hendricks.amyl.org.uk>
 <alpine.LSU.2.00.1405261600200.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <EB338ED8-E62F-4894-A0BC-E35FF7AFBF40@alum.mit.edu>

On May 26, 2014, at 10:04 AM, Lucio Chiappetti <lucio at lambrate.inaf.it> wrote:

> On Mon, 26 May 2014, Adam McGreggor wrote:
> 
>> You might be able to set all passwords to be the same -- within your options page (e.g.,)
> 
> I do use the same password for stuff which is mine only, but these are shared with other co-moderators. And apparently at NASA they are also over-concerned (I got the passwords by snail mail, on paper !!)
> 
>>> Is anybody aware of any firefox add-on which allows to remember
>>> multiple password for one hostname (e.g. based on the full url of
>>> the list admin page) ?
>> 
>> LastPass / 1password ?
> 
> I should have added "add-on for firefox ON LINUX". Apparently this "1password" (which I did not find in the firefox add-on list) is not supported on Linux.
> 
> I saw LastPass mentioned, but I gathered it stores passwords elsewhere than on my local machine (which I would not like). Is that correct ?

LastPass does do what you ask - store/serve passwords based on full URLs.  It works for me for multiple Mailman lists under 1 domain I have.  LP does indeed store your passwords on their servers, but they do not hold your Master Password, and all decryption is done client-side with in-browser JS.  So if you loose your MP, that?s the end of your PW store.  It?s about as secure as you can get without rolling your own.  It?s all free if you don?t use the mobile plugin feature, otherwise it?s $12/year - quite a deal I would say.

-Conrad

--
Who can you trust?


From johnl at taugh.com  Mon May 26 19:39:39 2014
From: johnl at taugh.com (John Levine)
Date: 26 May 2014 17:39:39 -0000
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <5382C1B8.30107@signal100.com>
Message-ID: <20140526173939.78733.qmail@joyce.lan>

>a) It seems to me that this or something like it (i.e. new de facto
>standard headers to work around the problem) is surely an almost
>inevitable outcome anyway.

I wouldn't count on it.  The reasonable approach to this kind of
nonsense is for the relatively small set of ISPs using DMARC policy to
whitelist the mail they already know it mishandles.

>b) The way things are going all domains will sooner or later publish a
>DMARC policy if they want their mail to be accepted anywhere.

No, not at all.  Comcast sent out a press release specifically saying
that they have no plans to publish a DMARC policy record.  Remember
that AOL and Yahoo had huge security breaches in which crooks stole
customer info including address books, and they're misusing DMARC as
as panic reaction to try to compensate, sort of.

Let's just say this move hasn't made any them friends in the industry.

R's,
John

From mark at msapiro.net  Mon May 26 20:30:34 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 26 May 2014 11:30:34 -0700
Subject: [Mailman-Users] Yahoo Groups' From munging and X-Original-From
In-Reply-To: <5382E0CC.8090602@signal100.com>
References: <53828B7F.1090504@msapiro.net>
 <20140526022219.70585.qmail@joyce.lan>
 <87y4xp83cj.fsf@uwakimon.sk.tsukuba.ac.jp> <5382E0CC.8090602@signal100.com>
Message-ID: <5383884A.80506@msapiro.net>

On 05/25/2014 11:35 PM, Mark Rousell wrote:
> On 26/05/2014 07:24, Stephen J. Turnbull wrote:
>> John Levine writes:
>>
>>  > This is one of the most annoying things about Yahoo and AOL's misuse
>>  > of DMARC -- they're practically forcing people to use hacks to show
>>  > unauthenticated fake From: lines.
>>
>> Not only that, they're doing it themselves. :-(
> 
> To be fair, they are only including X-Original-From in their mail lists.
> No one actually parses it yet as far as I know.


They (Yahoo) are also including the original From: display name and
email address in the display name of their list's munged From:. Given
that some (notably mainstream Microsoft) email clients only show the
display name as From:, this seems to me to totally defeat the intent of
DMARC.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From lucio at lambrate.inaf.it  Tue May 27 12:11:42 2014
From: lucio at lambrate.inaf.it (Lucio Chiappetti)
Date: Tue, 27 May 2014 12:11:42 +0200 (CEST)
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <53834CCC.50402@libertytrek.org>
References: <53834CCC.50402@libertytrek.org>
Message-ID: <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>

On Mon, 26 May 2014, Tanstaafl wrote:

> On 5/26/2014 8:21 AM, Lucio Chiappetti wrote:
>> Is anybody aware of any firefox add-on which allows to remember multiple
>> password for one hostname (e.g. based on the full url of the list admin
>> page) ?
>
> My all time favorite:
> www.passwordmaker.org
> Doesn't store passwords anywhere (generates the password on the fly

Unfortunately this presupposes the ability to change the remote lsit admin 
password, which in my case is fixed since it is shared by various 
co-moderators

I found a solution inspired by Saved Password Editor (but I'm not sure 
whether SPE is required, or just allows to see and edit what is normally 
stored by firefox anyhow. For SPE (and perhaps firefox by default) ...
> > The lookup key for passwords in HTML forms consists of the host 
> > prefix, submit prefix, and username.

If my mailing lists are on a remote server, and accessed via the usual 
mailman authentication form, the host prefix and submit prefix are the 
same. There is no username, so one cannot have separate entries for 
different mailing lists on the same server.

> My workaround was the following.
> 
> 1) I made a local copy (Save Page As ... Web page HTML only) of the
>    remote mailman authentication page
> 
> 2) I edited the <HEAD> adding a <BASE href=...> pointing to the
>    remote site (this is actually the submit prefix !!), so that actions,
>    images, links point to the original site
> 
> 3) I added a new input field. The mailman authentication pages have a
>    sort of heading or title with "listname Administrator Authentication".
>    I replace the word listname with
>    <INPUT NAME="user" VALUE="listname" TYPE="text" DISABLED>
> 
> 4) so I end up with three local pages, each with a different listname
>    which can be captured as username, making therefore a distinct
>    triplet (local host, submit prefix, username)
>
>    ... for which distinct passwords can be captured and stored

-- 
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html

From tanstaafl at libertytrek.org  Wed May 28 17:04:05 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Wed, 28 May 2014 11:04:05 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <5385FAE5.8050007@libertytrek.org>

On 5/27/2014 6:11 AM, Lucio Chiappetti <lucio at lambrate.inaf.it> wrote:
> On Mon, 26 May 2014, Tanstaafl wrote:
>
>> On 5/26/2014 8:21 AM, Lucio Chiappetti wrote:
>>> Is anybody aware of any firefox add-on which allows to remember multiple
>>> password for one hostname (e.g. based on the full url of the list admin
>>> page) ?
>>
>> My all time favorite:
>> www.passwordmaker.org
>> Doesn't store passwords anywhere (generates the password on the fly

> Unfortunately this presupposes the ability to change the remote lsit
> admin password, which in my case is fixed since it is shared by various
> co-moderators

Sorry, but I have no idea what you meant here.

You can create multiple accounts for the same URL with passwordmaker, so 
I think you just don';t understand totally how it works.

From barryg at barryg.org  Wed May 28 20:18:56 2014
From: barryg at barryg.org (Barry Gates)
Date: Wed, 28 May 2014 14:18:56 -0400
Subject: [Mailman-Users] Inserting List address into CC: of received posts
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAJvT3A6L0vlBu7G29x/8iE/CgAAAEAAAAFSSjTzGK4ZPrfjsvNydNfwBAAAAAA==@barryg.org>

Am I missing something?

 

I run a cancer support group.  Is there some way to append the list address
appended to "CC" of incoming messages?  I would like my members to simply
"Reply to all" and share response with the others in the group.

 

Respectfully

Barry Gates

O=


From uckelman at nomic.net  Wed May 28 14:41:24 2014
From: uckelman at nomic.net (Joel Uckelman)
Date: Wed, 28 May 2014 05:41:24 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
Message-ID: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>

Last week I upgraded to Mailman 2.1.18 in order to get the DMARC
workarounds new in that version. I set dmarc_moderation_action for my
list to "Munge From" and waited to see what would happen. Despite that I
seem to still be having DMARC bounces, as this morning I got 22 "Bounce
action notifications" for list subscribers from Mailman.

I'm running the just-released RPM for 2.1.18 on Fedora 20. I have the
python-dns package installed, which I read was required for DMARC
checks. When I grep my logs for 'DMARC', all I see are the bounce
messages in my Postfix log---so if the DMARC checks that should be made
when a post from a yahoo.com account comes to the list are failing,
they're failing in a way which isn't showing up.

There is one unusual thing about my list---namely that it sits at one
end of a bridge to a phpbb forum. That is, all of the posts from the
forum are posted to the list with their Sender set to a special address
which is subscribed to the list, and all post from the list are
received by that special address and posted to the forum from there.
This means that a lot of the addresses in From headers of messages going
out over the list are not actually subscribers to the list. Could this
be tripping up the dmarc_moderation_action?

-- 
J.

From mark at msapiro.net  Thu May 29 05:06:28 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 28 May 2014 20:06:28 -0700
Subject: [Mailman-Users] Inserting List address into CC: of received
	posts
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAJvT3A6L0vlBu7G29x/8iE/CgAAAEAAAAFSSjTzGK4ZPrfjsvNydNfwBAAAAAA==@barryg.org>
References: <!&!AAAAAAAAAAAYAAAAAAAAAJvT3A6L0vlBu7G29x/8iE/CgAAAEAAAAFSSjTzGK4ZPrfjsvNydNfwBAAAAAA==@barryg.org>
Message-ID: <5386A434.9010701@msapiro.net>

On 05/28/2014 11:18 AM, Barry Gates wrote:
> 
> I run a cancer support group.  Is there some way to append the list address
> appended to "CC" of incoming messages?  I would like my members to simply
> "Reply to all" and share response with the others in the group.


Generally, the list address is in the To: header of the mail and "reply
all" will include the list. The only case in which the list address ids
not in To: is on a "fully personalized" list, and in this case, Mailman
puts the list address in Cc:.

I don't understand what the problem is - "reply all" should always
include the list. If it doesn't in your case, what MUA (mail client) are
you using?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May 29 05:38:43 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 28 May 2014 20:38:43 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
Message-ID: <5386ABC3.3050603@msapiro.net>

On 05/28/2014 05:41 AM, Joel Uckelman wrote:
> 
> I'm running the just-released RPM for 2.1.18 on Fedora 20. I have the
> python-dns package installed, which I read was required for DMARC
> checks.


The required package is dnspython. This is not the same as PyDNS. It
looks like the Fedora python-dns package is the right one, but I'm not sure.

What happens when you invoke the python that Mailman is using and type

import dns.resolver
from dns.exception import DNSException

If you get an ImportError, something is wrong. Otherwise things should
be OK. You can see what python Mailman is using by looking at the
command lines reported by

ps -fAw | grep qrunner


> When I grep my logs for 'DMARC', all I see are the bounce
> messages in my Postfix log---so if the DMARC checks that should be made
> when a post from a yahoo.com account comes to the list are failing,
> they're failing in a way which isn't showing up.


There will normally be an entry in Mailman's vette log for every DMARC
p=reject (and p=quarantine if enabled) found and possible entries in
Mailman's error log for lookup errors and other unusual conditions.

If there are no 'DMARC' entries in Mailman's logs, it most likely means
the imports I show above didn't succeed in the python that Mailman is
using, in which case dmarc_moderaction_action will not be done at all.


> There is one unusual thing about my list---namely that it sits at one
> end of a bridge to a phpbb forum. That is, all of the posts from the
> forum are posted to the list with their Sender set to a special address
> which is subscribed to the list, and all post from the list are
> received by that special address and posted to the forum from there.
> This means that a lot of the addresses in From headers of messages going
> out over the list are not actually subscribers to the list. Could this
> be tripping up the dmarc_moderation_action?


What do you mean by Sender? Do you mean the Sender: header or the From:
header or what?

Mailman does DMARC checks on the From: domain of the message it sees,
but then recipient MTAs do DMARC checks on the From: domain of the
message they see.

Perhaps you can explain more precisely what you mean by the above in
terms of the From: header seen by Mailman and the From: header in the
list message that recipients see.

If all you are saying is that a lot of posts are From: non-members
because they come via the phpbb forum, that shouldn't matter. Mailman
should still check the From: domain for DMARC and apply the
dmarc_moderation_action as required regardless of list membership.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at bradakis.com  Thu May 29 05:40:42 2014
From: mark at bradakis.com (Mark J Bradakis)
Date: Wed, 28 May 2014 21:40:42 -0600
Subject: [Mailman-Users] Sigh
Message-ID: <5386AC3A.1050503@bradakis.com>

Currently just over 8,000 queued messages awaiting delivery.  But I don't think it is a mailman issue:


root at autox:~# ping -c 3 gmail.com
PING gmail.com (74.125.225.182) 56(84) bytes of data.
64 bytes from den03s05-in-f22.1e100.net (74.125.225.182): icmp_seq=1 ttl=55 time=20.2 ms
64 bytes from den03s05-in-f22.1e100.net (74.125.225.182): icmp_seq=2 ttl=55 time=22.1 ms
64 bytes from den03s05-in-f22.1e100.net (74.125.225.182): icmp_seq=3 ttl=55 time=20.2 ms

--- gmail.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 20.252/20.891/22.154/0.900 ms
root at autox:~#
root at autox:~# telnet gmail.com 25
Trying 74.125.225.214...
Trying 74.125.225.213...
Trying 2607:f8b0:400f:800::1016...
telnet: Unable to connect to remote host: Network is unreachable
root at autox:~#
root at autox:~# ping -c 3 gmail.com
PING gmail.com (74.125.225.181) 56(84) bytes of data.
64 bytes from den03s05-in-f21.1e100.net (74.125.225.181): icmp_seq=1 ttl=55 time=30.9 ms
64 bytes from den03s05-in-f21.1e100.net (74.125.225.181): icmp_seq=2 ttl=55 time=21.2 ms
64 bytes from den03s05-in-f21.1e100.net (74.125.225.181): icmp_seq=3 ttl=55 time=20.3 ms

--- gmail.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 20.386/24.178/30.933/4.789 ms
root at autox:~#

From mark at msapiro.net  Thu May 29 05:57:38 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 28 May 2014 20:57:38 -0700
Subject: [Mailman-Users] Sigh
In-Reply-To: <5386AC3A.1050503@bradakis.com>
References: <5386AC3A.1050503@bradakis.com>
Message-ID: <5386B032.6030003@msapiro.net>

On 05/28/2014 08:40 PM, Mark J Bradakis wrote:
> Currently just over 8,000 queued messages awaiting delivery.  But I
> don't think it is a mailman issue:


Queued where? in the MTA ?

If so, it's not Mailman.


...
> root at autox:~# telnet gmail.com 25
> Trying 74.125.225.214...
> Trying 74.125.225.213...
> Trying 2607:f8b0:400f:800::1016...
> telnet: Unable to connect to remote host: Network is unreachable


gmail.com is not an MX for gmail.com

$ dig +short mx gmail.com
10 alt1.gmail-smtp-in.l.google.com.
5 gmail-smtp-in.l.google.com.
40 alt4.gmail-smtp-in.l.google.com.
20 alt2.gmail-smtp-in.l.google.com.
30 alt3.gmail-smtp-in.l.google.com.

MXs should be tried in priority order (lowest # is highest priority).

$ telnet gmail-smtp-in.l.google.com 25
Trying 74.125.193.26...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP n2si16658369iga.47 - gsmtp
quit
221 2.0.0 closing connection n2si16658369iga.47 - gsmtp
Connection closed by foreign host.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From stephen at xemacs.org  Thu May 29 07:24:23 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 29 May 2014 14:24:23 +0900
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <5385FAE5.8050007@libertytrek.org>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org>
Message-ID: <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>

Tanstaafl writes:

 > You can create multiple accounts for the same URL with passwordmaker, so 
 > I think you just don';t understand totally how it works.

I have no clue what you're talking about.  The OP shares a password
with several other users, and does not have the right to change it, or
to ask others to change their workflows.  You need to explain how
passwordmaker can do its thing for an *existing* account *and
password*, or it's a non-starter for him.

From stephen at xemacs.org  Thu May 29 07:28:40 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 29 May 2014 14:28:40 +0900
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <5386ABC3.3050603@msapiro.net>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net>
Message-ID: <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > If there are no 'DMARC' entries in Mailman's logs, it most likely means
 > the imports I show above didn't succeed in the python that Mailman is
 > using, in which case dmarc_moderaction_action will not be done at all.

If dmarc_moderation_action is not none (precisely speaking, "accept",
I think?), and the dnspython import fails, Mailman should log this.


From lucio at lambrate.inaf.it  Thu May 29 10:28:01 2014
From: lucio at lambrate.inaf.it (Lucio Chiappetti)
Date: Thu, 29 May 2014 10:28:01 +0200 (CEST)
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <5385FAE5.8050007@libertytrek.org>
References: <5385FAE5.8050007@libertytrek.org>
Message-ID: <alpine.LSU.2.00.1405291017440.32517@cbfrvqba.ynzoengr.vans.vg>

On Wed, 28 May 2014, Tanstaafl wrote:

> You can create multiple accounts for the same URL with passwordmaker, so 
> I think you just don';t understand totally how it works.

That's quite possible.

I did not install it, but read the online documentation, and I gathered 
that it GENERATES passwords to be used on remote sites, requiring to 
CHANGE those currently in use. Did I understand wrong ?

> On 5/27/2014 6:11 AM, Lucio Chiappetti wrote:

>> Unfortunately this presupposes the ability to change the remote lsit
>> admin password, which in my case is fixed since it is shared by various
>> co-moderators
>
> Sorry, but I have no idea what you meant here.

Well, on one hand I meant that I MUST use the CURRENT passwords for the 
remote site, because such password is used by other people too !

I guess it is not uncommon that the role of moderator of a mailman mailing 
list is shared among different people (often in completely different 
countries so that almost all timezones are covered).

On the other hand (and this is mailman specific), the web pages I was 
referring to are the mailman "list administrator authentication" pages. 
They are not properly "accounts" as they contain just a password field 
but no username.

Since apparently firefox password database keys on the triplet (server 
url, submit prefix, username), it is unable to save separate passwords if 
server url and submit prefix are the same and there is no username !

My workaround (see previous post) was to make a local copy of the web 
pages, adding a fake (different) username in a disabled control.

I hope it is clearer now



From uckelman at nomic.net  Thu May 29 12:03:38 2014
From: uckelman at nomic.net (Joel Uckelman)
Date: Thu, 29 May 2014 03:03:38 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <5386ABC3.3050603@msapiro.net>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net>
Message-ID: <20140529100338.2ABE3361E32@charybdis.ellipsis.cx>

Thus spake Mark Sapiro:
> On 05/28/2014 05:41 AM, Joel Uckelman wrote:
> > 
> > I'm running the just-released RPM for 2.1.18 on Fedora 20. I have the
> > python-dns package installed, which I read was required for DMARC
> > checks.
> 
> 
> The required package is dnspython. This is not the same as PyDNS. It
> looks like the Fedora python-dns package is the right one, but I'm not sure.

I'm certain I have the correct package: The URL 'rpm -qi' gives for the
pacakge is http://www.dnspython.org/, which is the same as the one given
by the 2.1.18 release announcement.

> What happens when you invoke the python that Mailman is using and type
> 
> import dns.resolver
> from dns.exception import DNSException

[uckelman at one ~]$ python 
Python 2.7.5 (default, Feb 19 2014, 13:47:28) 
[GCC 4.8.2 20131212 (Red Hat 4.8.2-7)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns.resolver
>>> from dns.exception import DNSException
>>> 

The dns module appears to be found.
 
> If you get an ImportError, something is wrong. Otherwise things should
> be OK. You can see what python Mailman is using by looking at the
> command lines reported by
> 
> ps -fAw | grep qrunner

[uckelman at one ~]$ ps -fAw | grep -m 1 qrunner
mailman   2733  2700  0 May22 ?        00:01:01 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s

Looks like /usr/bin/python, which is the same one as on the path:

[uckelman at one ~]$ which python
/usr/bin/python
 
> There will normally be an entry in Mailman's vette log for every DMARC
> p=reject (and p=quarantine if enabled) found and possible entries in
> Mailman's error log for lookup errors and other unusual conditions.

I have five vette logs handy, going back as far as 5 May (which would be
before I installed 2.1.18). Three are empty; the other two contain one
message each about rejecting a post by a nonsubscriber. There's nothing
about DMARC in any of them.
 
> If there are no 'DMARC' entries in Mailman's logs, it most likely means
> the imports I show above didn't succeed in the python that Mailman is
> using, in which case dmarc_moderaction_action will not be done at all.

Do you still think that given what I found above?
 
> > There is one unusual thing about my list---namely that it sits at one
> > end of a bridge to a phpbb forum. That is, all of the posts from the
> > forum are posted to the list with their Sender set to a special address
> > which is subscribed to the list, and all post from the list are
> > received by that special address and posted to the forum from there.
> > This means that a lot of the addresses in From headers of messages going
> > out over the list are not actually subscribers to the list. Could this
> > be tripping up the dmarc_moderation_action?
> 
> 
> What do you mean by Sender? Do you mean the Sender: header or the From:
> header or what?

Yes, exactly. By "Sender" I'm referring to the Sender: header.
 
> Perhaps you can explain more precisely what you mean by the above in
> terms of the From: header seen by Mailman and the From: header in the
> list message that recipients see.
>
> If all you are saying is that a lot of posts are From: non-members
> because they come via the phpbb forum, that shouldn't matter. Mailman
> should still check the From: domain for DMARC and apply the
> dmarc_moderation_action as required regardless of list membership.

This is exactly what I'm saying. Many messages posted to the list via
the bridge have From: headers with non-list-member addresses in them.
All messages posted to the list via the bridge have the Sender: address
set to a special address which *is* a list subscriber, which is why (I
believe) Mailman does not reject such messages as originating from
non-subscribers.

-- 
J.

From mark at msapiro.net  Thu May 29 15:38:06 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 May 2014 06:38:06 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>	<5386ABC3.3050603@msapiro.net>
 <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <5387383E.4010002@msapiro.net>

On 05/28/2014 10:28 PM, Stephen J. Turnbull wrote:
> Mark Sapiro writes:
> 
>  > If there are no 'DMARC' entries in Mailman's logs, it most likely means
>  > the imports I show above didn't succeed in the python that Mailman is
>  > using, in which case dmarc_moderaction_action will not be done at all.
> 
> If dmarc_moderation_action is not none (precisely speaking, "accept",
> I think?), and the dnspython import fails, Mailman should log this.
> 


Agreed.

<https://bugs.launchpad.net/mailman/+bug/1324541>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May 29 16:04:35 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 May 2014 07:04:35 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <20140529100338.2ABE3361E32@charybdis.ellipsis.cx>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net>
 <20140529100338.2ABE3361E32@charybdis.ellipsis.cx>
Message-ID: <53873E73.1040604@msapiro.net>

On 05/29/2014 03:03 AM, Joel Uckelman wrote:
>  
> Do you still think that given what I found above?


Did you restart Mailman after installing the python-dns package?

Yes, I still think that. If you did restart Mailman and the package is
available, something should be logged unless the DNS lookup of DMARC
policy for the From: domain succeeds and doesn't find a p=reject (or
quarantine).

I have attached a patch to Mailman/Utils.py which is a fix for
<https://bugs.launchpad.net/mailman/+bug/1324541> which will log the
unavailability of DNS lookup.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
--- ../../2.1/Mailman/Utils.py	2014-05-02 20:26:19.166274000 -0700
+++ Utils.py	2014-05-29 06:48:14.213492535 -0700
@@ -1070,7 +1070,11 @@
 # or possibly quarantine.
 def IsDMARCProhibited(mlist, email):
     if not dns_resolver:
-         return False
+        # This is a problem; log it.
+        syslog('error',
+            'DNS lookup for dmarc_moderation_action for list %s not available',
+            mlist)
+        return False
 
     email = email.lower()
     at_sign = email.find('@')

From odhiambo at gmail.com  Thu May 29 16:06:16 2014
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Thu, 29 May 2014 17:06:16 +0300
Subject: [Mailman-Users] Logo in posts
Message-ID: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>

I have read the FAQs so I don't believe I missed one, but it could be
possible. Is there a way, with full personalization, that I can include a
logo in posts on a list? A remote possibility...
I am using 2.1.18

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."

From uckelman at nomic.net  Thu May 29 16:15:46 2014
From: uckelman at nomic.net (Joel Uckelman)
Date: Thu, 29 May 2014 07:15:46 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <5387383E.4010002@msapiro.net>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net> <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5387383E.4010002@msapiro.net>
Message-ID: <20140529141546.46393361E33@charybdis.ellipsis.cx>

Thus spake Mark Sapiro:
> On 05/28/2014 10:28 PM, Stephen J. Turnbull wrote:
> > Mark Sapiro writes:
> > 
> >  > If there are no 'DMARC' entries in Mailman's logs, it most likely means
> >  > the imports I show above didn't succeed in the python that Mailman is
> >  > using, in which case dmarc_moderaction_action will not be done at all.
> > 
> > If dmarc_moderation_action is not none (precisely speaking, "accept",
> > I think?), and the dnspython import fails, Mailman should log this.
> > 
> 
> 
> Agreed.
> 
> <https://bugs.launchpad.net/mailman/+bug/1324541>

I added two lines to Util.py as a diagnostic:

--- /usr/lib/mailman/Mailman/Utils.py~  2014-05-29 15:51:38.739320749 +0200
+++ /usr/lib/mailman/Mailman/Utils.py 2014-05-29 15:59:18.713685775 +0200
@@ -1069,8 +1069,10 @@
 # This takes an email address, and returns True if DMARC policy is p=reject
 # or possibly quarantine.
 def IsDMARCProhibited(mlist, email):
+    syslog('error', 'in IsDMARCProhibited()')
     if not dns_resolver:
-         return False
+        syslog('error', 'dns_resolver == False')
+        return False
 
     email = email.lower()
     at_sign = email.find('@')

After sending a message to the list, what I see in /var/log/mailman/error
is:

  May 29 16:01:36 2014 (30524) in IsDMARCProhibited()

and nothing else.

So:

1) IsDMARCProhibited() is running for me.

2) dns_resolver was *not* false. It looks like this rules out an
ImportError in my case, since the only way dns_resolver can be set to
false is in the event of an ImportError (see line 79).

It's good to fix the bug you noted regardless, but something else is
failing silently for me.


-- 
J.

From uckelman at nomic.net  Thu May 29 16:19:05 2014
From: uckelman at nomic.net (Joel Uckelman)
Date: Thu, 29 May 2014 07:19:05 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <53873E73.1040604@msapiro.net>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net>
 <20140529100338.2ABE3361E32@charybdis.ellipsis.cx>
 <53873E73.1040604@msapiro.net>
Message-ID: <20140529141905.938E3361E33@charybdis.ellipsis.cx>

Thus spake Mark Sapiro:
> On 05/29/2014 03:03 AM, Joel Uckelman wrote:
> >  
> > Do you still think that given what I found above?
> 
> 
> Did you restart Mailman after installing the python-dns package?

I think so, but I have no way of checking now.
 
> Yes, I still think that. If you did restart Mailman and the package is
> available, something should be logged unless the DNS lookup of DMARC
> policy for the From: domain succeeds and doesn't find a p=reject (or
> quarantine).
> 
> I have attached a patch to Mailman/Utils.py which is a fix for
> <https://bugs.launchpad.net/mailman/+bug/1324541> which will log the
> unavailability of DNS lookup.
 
We produced equivalent patches concurrently---the one I just posted
shows that dns_resolver is not false for me.

-- 
J.

From mark at msapiro.net  Thu May 29 16:20:42 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 May 2014 07:20:42 -0700
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
Message-ID: <5387423A.6070500@msapiro.net>

On 05/29/2014 07:06 AM, Odhiambo Washington wrote:
> I have read the FAQs so I don't believe I missed one, but it could be
> possible. Is there a way, with full personalization, that I can include a
> logo in posts on a list? A remote possibility...
> I am using 2.1.18


You can include an ascii graphic in msg_header or msg_footer (and/or
digest_header or digest_footer), but if you mean something like a JPEG,
GIF or PNG image, no. This would require an HTML part  or the addition
of an image/ part and Mailman doesn't have a facility for doing that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May 29 16:37:44 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 May 2014 07:37:44 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <20140529141546.46393361E33@charybdis.ellipsis.cx>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net> <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5387383E.4010002@msapiro.net>
 <20140529141546.46393361E33@charybdis.ellipsis.cx>
Message-ID: <53874638.4030004@msapiro.net>

On 05/29/2014 07:15 AM, Joel Uckelman wrote:
> 
> So:
> 
> 1) IsDMARCProhibited() is running for me.
> 
> 2) dns_resolver was *not* false. It looks like this rules out an
> ImportError in my case, since the only way dns_resolver can be set to
> false is in the event of an ImportError (see line 79).
> 
> It's good to fix the bug you noted regardless, but something else is
> failing silently for me.


What do you get on the local machine from

dig txt _dmarc.yahoo.com

If that gives the expected result, what do you get from the following Python

import dns.resolver
from dns.exception import DNSException
resolver = dns.resolver.Resolver()
dmarc_domain = '_dmarc.yahoo.com'
resolver.timeout = 3.0
resolver.lifetime = 5.0
txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT)
for x in txt_recs:
    print x


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From uckelman at nomic.net  Thu May 29 16:44:46 2014
From: uckelman at nomic.net (Joel Uckelman)
Date: Thu, 29 May 2014 07:44:46 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <53874638.4030004@msapiro.net>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net> <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5387383E.4010002@msapiro.net>
 <20140529141546.46393361E33@charybdis.ellipsis.cx>
 <53874638.4030004@msapiro.net>
Message-ID: <20140529144446.5BF82361E33@charybdis.ellipsis.cx>

Thus spake Mark Sapiro:
> 
> What do you get on the local machine from
> 
> dig txt _dmarc.yahoo.com

[uckelman at one Mailman]$ dig txt _dmarc.yahoo.com

; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2.fc20 <<>> txt _dmarc.yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2747
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.yahoo.com.    IN  TXT

;; ANSWER SECTION:
_dmarc.yahoo.com. 1777  IN  TXT "v=DMARC1\; p=reject\; sp=none\; pct=100\; rua=mailto:dmarc-yahoo-rua at yahoo-inc.com, mailto:dmarc_y_rua at yahoo.com\;"

;; AUTHORITY SECTION:
yahoo.com.    89848 IN  NS  ns1.yahoo.com.
yahoo.com.    89848 IN  NS  ns2.yahoo.com.
yahoo.com.    89848 IN  NS  ns6.yahoo.com.
yahoo.com.    89848 IN  NS  ns3.yahoo.com.
yahoo.com.    89848 IN  NS  ns4.yahoo.com.
yahoo.com.    89848 IN  NS  ns5.yahoo.com.

;; ADDITIONAL SECTION:
ns1.yahoo.com.    521834  IN  A 68.180.131.16
ns2.yahoo.com.    521834  IN  A 68.142.255.16
ns3.yahoo.com.    521834  IN  A 203.84.221.53
ns4.yahoo.com.    521848  IN  A 98.138.11.157
ns5.yahoo.com.    521834  IN  A 119.160.247.124
ns6.yahoo.com.    3460  IN  A 121.101.144.139

;; Query time: 0 msec
;; SERVER: 62.210.16.6#53(62.210.16.6)
;; WHEN: Thu May 29 16:42:14 CEST 2014
;; MSG SIZE  rcvd: 371
 
> If that gives the expected result,

It looks like I got a DMARC record back. Is that the expected result?

> what do you get from the following Python
> 
> import dns.resolver
> from dns.exception import DNSException
> resolver = dns.resolver.Resolver()
> dmarc_domain = '_dmarc.yahoo.com'
> resolver.timeout = 3.0
> resolver.lifetime = 5.0
> txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT)
> for x in txt_recs:
>     print x
>

The script prints:

"v=DMARC1; p=reject; sp=none; pct=100; rua=mailto:dmarc-yahoo-rua at yahoo-inc.com, mailto:dmarc_y_rua at yahoo.com;"

-- 
J.

From stephen at xemacs.org  Thu May 29 16:49:04 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Thu, 29 May 2014 23:49:04 +0900
Subject: [Mailman-Users]  Logo in posts
In-Reply-To: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
Message-ID: <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>

Odhiambo Washington writes:

 > I have read the FAQs so I don't believe I missed one, but it could be
 > possible. Is there a way, with full personalization, that I can include a
 > logo in posts on a list? A remote possibility...

Whose logo?  The list's or the user's?  Where do you want this logo to
appear?  Do you use HTML messages?


From odhiambo at gmail.com  Thu May 29 17:18:22 2014
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Thu, 29 May 2014 18:18:22 +0300
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
 <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>

On 29 May 2014 17:49, Stephen J. Turnbull <stephen at xemacs.org> wrote:

> Odhiambo Washington writes:
>
>  > I have read the FAQs so I don't believe I missed one, but it could be
>  > possible. Is there a way, with full personalization, that I can include
> a
>  > logo in posts on a list? A remote possibility...
>
> Whose logo?  The list's or the user's?  Where do you want this logo to
> appear?  Do you use HTML messages?
>
>
An organization is 'sponsoring' a list and wanted to have their logo
included on all messages on the list. I understand that this means the list
has to somehow modify the message as it leaves going to subscribers.
As regards "convert_html_to_plaintext" I can have that disabled if it will
allow me to include the sponsor's logo somewhere in the body of the
message, but footer is best option.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."

From mark at msapiro.net  Thu May 29 17:30:34 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 May 2014 08:30:34 -0700
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <20140529144446.5BF82361E33@charybdis.ellipsis.cx>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net> <87y4xl6tmf.fsf@uwakimon.sk.tsukuba.ac.jp>
 <5387383E.4010002@msapiro.net>
 <20140529141546.46393361E33@charybdis.ellipsis.cx>
 <53874638.4030004@msapiro.net>
 <20140529144446.5BF82361E33@charybdis.ellipsis.cx>
Message-ID: <5387529A.4030203@msapiro.net>

On 05/29/2014 07:44 AM, Joel Uckelman wrote:
> 
> ;; ANSWER SECTION:
> _dmarc.yahoo.com. 1777  IN  TXT "v=DMARC1\; p=reject\; sp=none\; pct=100\; rua=mailto:dmarc-yahoo-rua at yahoo-inc.com, mailto:dmarc_y_rua at yahoo.com\;"
...
> It looks like I got a DMARC record back. Is that the expected result?


Yes.


> The script prints:
> 
> "v=DMARC1; p=reject; sp=none; pct=100; rua=mailto:dmarc-yahoo-rua at yahoo-inc.com, mailto:dmarc_y_rua at yahoo.com;"


OK. So if you look up the DMARC record for yahoo.com, you find p=reject.

Try the attached patch or similar to see what's going on.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------
--- /var/MM/2.1/Mailman/Utils.py	2014-05-02 20:26:19.166274000 -0700
+++ /var/MM/21/Mailman/Utils.py	2014-05-29 08:26:17.545491833 -0700
@@ -1070,9 +1070,14 @@
 # or possibly quarantine.
 def IsDMARCProhibited(mlist, email):
     if not dns_resolver:
-         return False
+        # This is a problem; log it.
+        syslog('error',
+            'DNS lookup for dmarc_moderation_action for list %s not available',
+            mlist)
+        return False
 
     email = email.lower()
+    syslog('error', 'DMARC email = %s', email)
     at_sign = email.find('@')
     if at_sign < 1:
         return False
@@ -1084,6 +1089,7 @@
         resolver.lifetime = float(mm_cfg.DMARC_RESOLVER_LIFETIME)
         txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT)
     except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
+        syslog('error', 'DMARC DNS non exist domain or no answer')
         return False
     except DNSException, e:
         syslog('error',
@@ -1091,6 +1097,8 @@
               email, dmarc_domain, e.__class__)
         return False
     else:
+        for x in txt_recs:
+            syslog('error', 'DMARC DNS got %s', x)
 # people are already being dumb, don't trust them to provide honest DNS
 # where the answer section only contains what was asked for, nor to include
 # CNAMEs before the values they point to.

From jimpop at gmail.com  Thu May 29 17:52:24 2014
From: jimpop at gmail.com (Jim Popovitch)
Date: Thu, 29 May 2014 11:52:24 -0400
Subject: [Mailman-Users] dmarc_moderation_action isn't working
In-Reply-To: <20140529100338.2ABE3361E32@charybdis.ellipsis.cx>
References: <20140528124124.5F24D361E2D@charybdis.ellipsis.cx>
 <5386ABC3.3050603@msapiro.net>
 <20140529100338.2ABE3361E32@charybdis.ellipsis.cx>
Message-ID: <CAGfsgR383o7_i2A6FyDKhJBC8tN9kW1=EcXZqVW0Jkpr8anamA@mail.gmail.com>

On Thu, May 29, 2014 at 6:03 AM, Joel Uckelman <uckelman at nomic.net> wrote:
> Thus spake Mark Sapiro:
>>
>> If all you are saying is that a lot of posts are From: non-members
>> because they come via the phpbb forum, that shouldn't matter. Mailman
>> should still check the From: domain for DMARC and apply the
>> dmarc_moderation_action as required regardless of list membership.
>
> This is exactly what I'm saying. Many messages posted to the list via
> the bridge have From: headers with non-list-member addresses in them.
> All messages posted to the list via the bridge have the Sender: address
> set to a special address which *is* a list subscriber, which is why (I
> believe) Mailman does not reject such messages as originating from
> non-subscribers.

Can you pastebin a full set of headers, distinctly obfuscating
people's names, etc.?

-Jim P.

From tanstaafl at libertytrek.org  Thu May 29 18:02:36 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Thu, 29 May 2014 12:02:36 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <alpine.LSU.2.00.1405291017440.32517@cbfrvqba.ynzoengr.vans.vg>
References: <5385FAE5.8050007@libertytrek.org>
 <alpine.LSU.2.00.1405291017440.32517@cbfrvqba.ynzoengr.vans.vg>
Message-ID: <53875A1C.8070909@libertytrek.org>

On 5/29/2014 4:28 AM, Lucio Chiappetti <lucio at lambrate.inaf.it> wrote:
> On Wed, 28 May 2014, Tanstaafl wrote:
>
>> You can create multiple accounts for the same URL with passwordmaker,
>> so I think you just don';t understand totally how it works.
>
> That's quite possible.
>
> I did not install it, but read the online documentation, and I gathered
> that it GENERATES passwords to be used on remote sites, requiring to
> CHANGE those currently in use. Did I understand wrong ?

Yes... you can force it to use a previously established password that 
you don't want to change by simply creating an account for the URL, 
setting a password length of the exact length of the current password, 
then entering the password into the prefix field.

This isn't very secure, because the password is then stored inside the 
.rdf file, but it will work.


> Well, on one hand I meant that I MUST use the CURRENT passwords for the
> remote site, because such password is used by other people too !

Understood now... but at least mailman3 will allow for multiple admin 
users/passwords, which will eliminate this problem.

> I guess it is not uncommon that the role of moderator of a mailman
> mailing list is shared among different people (often in completely
> different countries so that almost all timezones are covered).
>
> On the other hand (and this is mailman specific), the web pages I was
> referring to are the mailman "list administrator authentication" pages.
> They are not properly "accounts" as they contain just a password field
> but no username.

In passwordmaker, an 'account' is simple an entry with a specific 
URL/username combination.

Charles

From tanstaafl at libertytrek.org  Thu May 29 18:18:31 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Thu, 29 May 2014 12:18:31 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org> <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <53875DD7.2080807@libertytrek.org>

On 5/29/2014 1:24 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Tanstaafl writes:
>> You can create multiple accounts for the same URL with passwordmaker, so
>> I think you just don';t understand totally how it works.

> I have no clue what you're talking about.  The OP shares a password
> with several other users, and does not have the right to change it, or
> to ask others to change their workflows.  You need to explain how
> passwordmaker can do its thing for an*existing*  account *and
> password*, or it's a non-starter for him.

Chill Stephen. First, I wasn't talking to you, second, no need for the 
attitude.

As for what I'm talking about - I didn't understand what *he* was 
saying, but he cleared it up and I explained how he can indeed use 
passwordmaker to do this.

From stephen at xemacs.org  Thu May 29 20:20:57 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 30 May 2014 03:20:57 +0900
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
 <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
 <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
Message-ID: <87ha4878fq.fsf@uwakimon.sk.tsukuba.ac.jp>

Odhiambo Washington writes:

 > An organization is 'sponsoring' a list and wanted to have their
 > logo included on all messages on the list. I understand that this
 > means the list has to somehow modify the message as it leaves going
 > to subscribers.

I would think so, yes.

I was thinking you could abuse the X-Face or Face headers, but
apparently they're only supported by a few MUAs popular on Linux.

 > As regards "convert_html_to_plaintext" I can have that disabled if
 > it will allow me to include the sponsor's logo somewhere in the
 > body of the message, but footer is best option.

Including in the footer is probably not an option for a plain text
message.  It probably would only take a few lines of Python code to
attach the file as a MIME part in a custom Handler, but then the
presentation would be up to the users' MUAs, and it seems likely to be
ugly.

For HTML messages, I think there was some way for Mailman to insert
the footer material in the HTML rather than attach it, but that was
probably a 3rd party patch.  It's also unreliable because you have no
idea what formatting a given MUA may put in its HTML, but you probably
can tune it to give good results for the most popular MUAs used by the
list's posters.

Again for HTML messages, it might be possible to do something tricky
with an <IFRAME> element to hold the original message, and put the
footer at the bottom of the main BODY.  (The original message would
live in a separate MIME part and the src= ref would use the cid: URI
scheme.)  I think this would work pretty well in most modern browsers,
but I don't know how smart the MUAs would be.  (Completely untested, I
don't even have a proof of concept.)



From stephen at xemacs.org  Thu May 29 20:34:01 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 30 May 2014 03:34:01 +0900
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <53875DD7.2080807@libertytrek.org>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org>
 <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org>
Message-ID: <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>

Tanstaafl writes:

 > Chill Stephen.

Chill yourself.  You had two rounds to figure out what he was asking
for, and missed it twice.  Then you tell him he "doesn't understand
totally how it works."  I really *was* puzzled as to how you could
think the system you described met his requirements.

Now I think I understand:  "To a man with a hammer...."


From tanstaafl at libertytrek.org  Thu May 29 22:25:51 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Thu, 29 May 2014 16:25:51 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org> <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org> <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <538797CF.7080603@libertytrek.org>

On 5/29/2014 2:34 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> You had two rounds to figure out what he was asking
> for, and missed it twice.

No, I didn't miss it, I didn't understand that *he* didn't understand...

> Then you tell him he "doesn't understand totally how it works." I
> really*was* puzzled as to how you could think the system you
> described met his requirements.

It *does*... now who is missing what?

;)

From brennan at columbia.edu  Thu May 29 22:17:24 2014
From: brennan at columbia.edu (Joseph Brennan)
Date: Thu, 29 May 2014 16:17:24 -0400
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <87ha4878fq.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
 <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
 <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
 <87ha4878fq.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <B8478C5C3F2B4750C05D9346@sodor.cc.columbia.edu>


> something tricky with an <IFRAME> element to hold the original message

Thanks to spammer activity a few years ago I think iframe is inactive or 
even cause for rejection on various mail systems.

Joseph Brennan
Columbia University Information Technology



From mark at msapiro.net  Thu May 29 23:30:58 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 29 May 2014 14:30:58 -0700
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
 <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
 <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
Message-ID: <5387A712.3090909@msapiro.net>

On 05/29/2014 08:18 AM, Odhiambo Washington wrote:
>>
> An organization is 'sponsoring' a list and wanted to have their logo
> included on all messages on the list. I understand that this means the list
> has to somehow modify the message as it leaves going to subscribers.
> As regards "convert_html_to_plaintext" I can have that disabled if it will
> allow me to include the sponsor's logo somewhere in the body of the
> message, but footer is best option.


If you or the organization submit all posts, you can either turn off
content filtering or ensure you pass text/html and the relevant
multipart and image MIME types and set both collapse_alternatives and
convert_html_to_plaintext to No and then just post a rich text (html)
message with the logo in the stationery or signature.

If others post, this won't ensure that their posts will contain the logo.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From pshute at nuw.org.au  Thu May 29 23:32:42 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Fri, 30 May 2014 07:32:42 +1000
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <538797CF.7080603@libertytrek.org>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org>
 <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org>
 <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp> <538797CF.7080603@libertytrek.org>
Message-ID: <C2F1879073AE7347BAB44065F143E170017E3C3804@nuwvicms2>

Tanstaafl wrote:

> > You had two rounds to figure out what he was asking for, 
> and missed it 
> > twice.
> 
> No, I didn't miss it, I didn't understand that *he* didn't 
> understand...
> 
> > Then you tell him he "doesn't understand totally how it works." I
> > really*was* puzzled as to how you could think the system 
> you described 
> > met his requirements.
> 
> It *does*... now who is missing what?

I think the misundersstanding comes from the use of the word "account" to describe passwordmaker's sets of URLS/credentials, as explained by Charles at the bottom of his email before last. I expect that's passwordmaker's terminology. 

Easy to understand how the misunderstanding arose, and how it escalated. I was initially confused too. If it works for Charles then it should work for anyone.

Peter Shute

From services.anges at gmail.com  Thu May 29 12:47:17 2014
From: services.anges at gmail.com (Jean Bon)
Date: Thu, 29 May 2014 12:47:17 +0200
Subject: [Mailman-Users] Administrate mailman list programmatically
Message-ID: <CAGkYMHa_pxg4FHeixXm8LGL3eaLb_PEPn2zmwdcAk4yx08EX=w@mail.gmail.com>

Hi,

I want to manage the users of a mailman list by program, using .net or java
language.

I can't find any ressource to do this.

Do you know where I can find some information about this

Best regards

Ange

From odhiambo at gmail.com  Fri May 30 07:40:20 2014
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Fri, 30 May 2014 08:40:20 +0300
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <5387A712.3090909@msapiro.net>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
 <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
 <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
 <5387A712.3090909@msapiro.net>
Message-ID: <CAAdA2WPs8OpKAeh6vf5a5GJgyxhX4rztp6SJ7YqV2k9ORExReA@mail.gmail.com>

On 30 May 2014 00:30, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/29/2014 08:18 AM, Odhiambo Washington wrote:
> >>
> > An organization is 'sponsoring' a list and wanted to have their logo
> > included on all messages on the list. I understand that this means the
> list
> > has to somehow modify the message as it leaves going to subscribers.
> > As regards "convert_html_to_plaintext" I can have that disabled if it
> will
> > allow me to include the sponsor's logo somewhere in the body of the
> > message, but footer is best option.
>
>
> If you or the organization submit all posts, you can either turn off
> content filtering or ensure you pass text/html and the relevant
> multipart and image MIME types and set both collapse_alternatives and
> convert_html_to_plaintext to No and then just post a rich text (html)
> message with the logo in the stationery or signature.
>
> If others post, this won't ensure that their posts will contain the logo.
>


Hi Mark,

I am not a programmer, but allow me to ask.

In cases where Full Personalization is being done, how difficult would it
be to wrap that whole section into an html content in Python?
I am just imagining that whatever is put there can then be used to do weird
things like linking to an image when convert_html_to_plaintext is disabled.



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."

From stephen at xemacs.org  Fri May 30 10:42:40 2014
From: stephen at xemacs.org (Stephen J. Turnbull)
Date: Fri, 30 May 2014 17:42:40 +0900
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <538797CF.7080603@libertytrek.org>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org>
 <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org>
 <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538797CF.7080603@libertytrek.org>
Message-ID: <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>

Tanstaafl writes:

 > It *does*...

It does??  As you described it, he can let passwordmaker choose his
password.  But he says he can't do that.  Or he can specify the whole
password as the prefix, which is insecure.  And AIUI that's not
acceptable to him either, as far as I can see he's very concerned
about security.  So what's the third option that is both secure and
allows use of the current password?

As far as I can see, you're just saying the requirements are stupid.
I tend to agree (for several reasons), but unfortunately it's also
common that one needs to follow them anyway, and AFAICS the OP is in
that situation.

 > now who is missing what?

I could very easily be missing something that nobody has put into
words yet, of course.



From pshute at nuw.org.au  Fri May 30 11:03:40 2014
From: pshute at nuw.org.au (Peter Shute)
Date: Fri, 30 May 2014 19:03:40 +1000
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org>
 <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org>
 <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538797CF.7080603@libertytrek.org> <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <AB2A1A72-9111-4D09-AD20-040DD350AD8C@nuw.org.au>

> Tanstaafl writes:
> 
>> It *does*...
> 
> It does??  As you described it, he can let passwordmaker choose his
> password.  But he says he can't do that.  Or he can specify the whole
> password as the prefix, which is insecure.  And AIUI that's not
> acceptable to him either, as far as I can see he's very concerned
> about security.  So what's the third option that is both secure and
> allows use of the current password?
> 
> As far as I can see, you're just saying the requirements are stupid.
> I tend to agree (for several reasons), but unfortunately it's also
> common that one needs to follow them anyway, and AFAICS the OP is in
> that situation.
> 
>> now who is missing what?
> 
> I could very easily be missing something that nobody has put into
> words yet, of course.

Explained in an earlier message:
> "Yes... you can force it to use a previously established password that 
> you don't want to change by simply creating an account for the URL, 
> setting a password length of the exact length of the current password, 
> then entering the password into the prefix field.
> 
> This isn't very secure, because the password is then stored inside the 
> .rdf file, but it will work."
> 
So you are correct about it not being secure. How insecure, I don't know. Is this rdf file encrypted? Do you need a master password to use it?

I expect all the Apple quoting will vanish from the text above, I hope you can work out what's quoted and what's not. 

Peter Shute

From lucio at lambrate.inaf.it  Fri May 30 12:37:07 2014
From: lucio at lambrate.inaf.it (Lucio Chiappetti)
Date: Fri, 30 May 2014 12:37:07 +0200 (CEST)
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <alpine.LSU.2.00.1405301232240.32517@cbfrvqba.ynzoengr.vans.vg>

On Fri, 30 May 2014, Stephen J. Turnbull wrote:

> acceptable to him either, as far as I can see he's very concerned about 
> security.

Well, I'm personally NOT very concerned about security. But for my bank 
account (protected by one-shot hardware key), my payslip, and perhaps my 
health service records (protected by one-shot cell-phone sent key), I tend 
to use when possible one key to access generic web sites.

In this case it might be that the entity managing the mailman server is 
more concerned than I am, and so I'm bound to respect their way.

Anyhow, I found a suitable workaround for my problem, so for me this issue 
is closed. Thanks for your interest.

From tanstaafl at libertytrek.org  Fri May 30 15:49:38 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Fri, 30 May 2014 09:49:38 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org> <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org> <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538797CF.7080603@libertytrek.org> <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
Message-ID: <53888C72.3090805@libertytrek.org>

On 5/30/2014 4:42 AM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Tanstaafl writes:
>> It *does*...

> It does??  As you described it, he can let passwordmaker choose his
> password.  But he says he can't do that.  Or he can specify the whole
> password as the prefix, which is insecure.  And AIUI that's not
> acceptable to him either, as far as I can see he's very concerned
> about security.  So what's the third option that is both secure and
> allows use of the current password?

Entering the password from memory?

This isn't a limitation of passwordmaker or any other password 
program... it is a limitation imposed by the (as far as I understand it, 
but I may be missing something too) use case.

As far as I know there is no program that is capable of reading minds 
and/or intuiting what password should be used based solely on what 
someone knows in their head.

That said, there is actually a more secure option...

passwordmaker has the ability to encrypt the password that is stored, if 
the form allows it, which I'm fairly certain mailman's login forms do - 
let me check - yep...

So, the only other option that I can offer would be to create a custom 
account for the login page in passwordmaker, then add the password 
field, username and password fields to the 'Advanced Auto-Populate' 
fields as described here:

http://www.passwordmaker.org/Firefox/Mozilla/SeaMonkey/Flock/Netscape/Advanced#Advanced_Options:_Advanced_Auto-Populate_Tab

> As far as I can see, you're just saying the requirements are stupid.

No, just trying to help is all... :)

From tanstaafl at libertytrek.org  Fri May 30 16:53:42 2014
From: tanstaafl at libertytrek.org (Tanstaafl)
Date: Fri, 30 May 2014 10:53:42 -0400
Subject: [Mailman-Users] multiple mailing list passwords
In-Reply-To: <AB2A1A72-9111-4D09-AD20-040DD350AD8C@nuw.org.au>
References: <53834CCC.50402@libertytrek.org>
 <alpine.LSU.2.00.1405271203360.32517@cbfrvqba.ynzoengr.vans.vg>
 <5385FAE5.8050007@libertytrek.org> <87zji16ttk.fsf@uwakimon.sk.tsukuba.ac.jp>
 <53875DD7.2080807@libertytrek.org> <87fvjs77ty.fsf@uwakimon.sk.tsukuba.ac.jp>
 <538797CF.7080603@libertytrek.org> <87a99z7j3z.fsf@uwakimon.sk.tsukuba.ac.jp>
 <AB2A1A72-9111-4D09-AD20-040DD350AD8C@nuw.org.au>
Message-ID: <53889B76.7000709@libertytrek.org>

On 5/30/2014 5:03 AM, Peter Shute <pshute at nuw.org.au> wrote:
>> Tanstaafl writes:
>> This isn't very secure, because the password is then stored inside the
>> .rdf file, but it will work."

> So you are correct about it not being secure. How insecure, I don't
> know. Is this rdf file encrypted? Do you need a master password to use it?

No, the RDF file itself is not encrypted, however...

The third option I just suggested in my last email does indeed encrypt 
the values stored in the Advanced Auto-Populate tab, when stored in the 
RDF file, and requires the Master Password to decrypt it - and this 
encryption is pretty strong, so is about as secure as can be fo a 
password that is stored on disk...


From mark at msapiro.net  Fri May 30 21:40:51 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 30 May 2014 12:40:51 -0700
Subject: [Mailman-Users] Administrate mailman list programmatically
In-Reply-To: <CAGkYMHa_pxg4FHeixXm8LGL3eaLb_PEPn2zmwdcAk4yx08EX=w@mail.gmail.com>
References: <CAGkYMHa_pxg4FHeixXm8LGL3eaLb_PEPn2zmwdcAk4yx08EX=w@mail.gmail.com>
Message-ID: <5388DEC3.7020002@msapiro.net>

On 05/29/2014 03:47 AM, Jean Bon wrote:
> 
> I want to manage the users of a mailman list by program, using .net or java
> language.


It depends what you want to do. Generally things that can be done via
the web UI can be done programmatically via http or things like wget or
curl. Also, Mailman's command line scripts and user written scripts can
be invoked from web applications. See the FAQ at
<http://wiki.list.org/x/uIA9>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sat May 31 03:25:22 2014
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 30 May 2014 18:25:22 -0700
Subject: [Mailman-Users] Logo in posts
In-Reply-To: <CAAdA2WPs8OpKAeh6vf5a5GJgyxhX4rztp6SJ7YqV2k9ORExReA@mail.gmail.com>
References: <CAAdA2WOqdg6cw3Sq6hLc4oYpcGBfMvYuOcqKGt3pzPOqzuL6Cg@mail.gmail.com>
 <87k3947i8v.fsf@uwakimon.sk.tsukuba.ac.jp>
 <CAAdA2WMHAB_CMXAVe4L4jW7nk-VZLrksWphiZgzLAOfypn1TXQ@mail.gmail.com>
 <5387A712.3090909@msapiro.net>
 <CAAdA2WPs8OpKAeh6vf5a5GJgyxhX4rztp6SJ7YqV2k9ORExReA@mail.gmail.com>
Message-ID: <53892F82.9030505@msapiro.net>

On 05/29/2014 10:40 PM, Odhiambo Washington wrote:
> 
> In cases where Full Personalization is being done, how difficult would it
> be to wrap that whole section into an html content in Python?
> I am just imagining that whatever is put there can then be used to do weird
> things like linking to an image when convert_html_to_plaintext is disabled.


What you can do, and how complex it is to do it depends on the list. In
particular, it depends on whether posts (and replies) originate from
only a small group of people who can be relied on to always submit posts
with a particular MIME structure (and what that structure is), or
whether posts come from a larger group using different MUAs and posting
styles, and particularly in the latter case, it also depends on what
content filtering settings are applied.

In the more universal case, probably the easiest thing to do would be to
modify Mailman/Handlers/Decorate.py to always add msg_footer as a
separate MIME part with Content-Type: text/html and Content-Disposition:
inline. Then you could code the appropriate HTML in msg_footer including
an img tag with src = the URL of a file on your server containing the logo.

This will work, but not all MUAs will display the footer part inline

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan