[Mailman-Users] dmarc_moderation_action isn't working

Mark Sapiro mark at msapiro.net
Thu May 29 05:38:43 CEST 2014 

On 05/28/2014 05:41 AM, Joel Uckelman wrote:
> 
> I'm running the just-released RPM for 2.1.18 on Fedora 20. I have the
> python-dns package installed, which I read was required for DMARC
> checks.


The required package is dnspython. This is not the same as PyDNS. It
looks like the Fedora python-dns package is the right one, but I'm not sure.

What happens when you invoke the python that Mailman is using and type

import dns.resolver
from dns.exception import DNSException

If you get an ImportError, something is wrong. Otherwise things should
be OK. You can see what python Mailman is using by looking at the
command lines reported by

ps -fAw | grep qrunner


> When I grep my logs for 'DMARC', all I see are the bounce
> messages in my Postfix log---so if the DMARC checks that should be made
> when a post from a yahoo.com account comes to the list are failing,
> they're failing in a way which isn't showing up.


There will normally be an entry in Mailman's vette log for every DMARC
p=reject (and p=quarantine if enabled) found and possible entries in
Mailman's error log for lookup errors and other unusual conditions.

If there are no 'DMARC' entries in Mailman's logs, it most likely means
the imports I show above didn't succeed in the python that Mailman is
using, in which case dmarc_moderaction_action will not be done at all.


> There is one unusual thing about my list---namely that it sits at one
> end of a bridge to a phpbb forum. That is, all of the posts from the
> forum are posted to the list with their Sender set to a special address
> which is subscribed to the list, and all post from the list are
> received by that special address and posted to the forum from there.
> This means that a lot of the addresses in From headers of messages going
> out over the list are not actually subscribers to the list. Could this
> be tripping up the dmarc_moderation_action?


What do you mean by Sender? Do you mean the Sender: header or the From:
header or what?

Mailman does DMARC checks on the From: domain of the message it sees,
but then recipient MTAs do DMARC checks on the From: domain of the
message they see.

Perhaps you can explain more precisely what you mean by the above in
terms of the From: header seen by Mailman and the From: header in the
list message that recipients see.

If all you are saying is that a lot of posts are From: non-members
because they come via the phpbb forum, that shouldn't matter. Mailman
should still check the From: domain for DMARC and apply the
dmarc_moderation_action as required regardless of list membership.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list