[Mailman-Users] disable DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL in mailman 2.1

Sun May 8 12:02:22 EDT 2016

In message <572D116A.30009 at msapiro.net>
Mark Sapiro writes:
>
> On 05/05/2016 02:39 PM, Curtis Villamizar wrote:
> > In message <572AA1F6.8090807 at msapiro.net>
> > Mark Sapiro writes:
> >
> >> As for as why it's a 554: 5.7.1 hard fail, That's the status your MTA is
> >> giving to this condition. If you think this should be a 4xx status, you
> >> may be able to configure that in your MTA.
> >
> > I think this might have been due to a connect to port 25 rather than
> > running sendmail.  Connect to port 25 would only work if using TLS
> > (after STARTTLS) and then passing SASL auth.  This host acts as an MDA
> > and as a MSA for mailman using a dual-stack "smarthost" relay but not
> > as an MX/MTA (MX points to two DS MTA and the MTA relays to it).
> >
> > If that is the case it was a config problem in mailman.  I'm still
> > working on backing up and restoring a complete mailman config.  (That
> > could be another topic).
>
>
> I would strongly suggest you not use
>
> DELIVERY_MODULE = 'Sendmail'
>
> If you need TLS and SASL, use
>
> DELIVERY_MODULE = 'SMTPDirect'
>
> in conjunction with the patch at
> <https://bugs.launchpad.net/mailman/+bug/558281>.
>
> I have now (finally) applied a version of this patch at
> <http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1649>.

Mark,

Yes I remember reading that.  I did briefly set up to use Sendmail but
I forgot that I then changed it to have mailman use port 587 on the
same host where postfix was set up to only accepted connections from
its own addresses.  I did that before going live and that was a server
ago (rebuild everything from source since).

Thanks for pointing out this patch.  It would be preferable to pick up
the patch and use the MSA directly with TLS and SASL.

I'm rebuilding FreeBSD yet again due to security advisories.  There
are recent advisories on base (openssl and one on ntp that doesn't
apply to me - don't use ntp in that way) and so I'm rebuilding the
base and all the ports I use.  I can use this oportunity to apply this
as a local patch (FreeBSD ports is at mailman-2.1.22 and no mailman3
port yet, not that it would be all that hard to write a ports makefile
and debug it - just don't have the time at this point).

On FreeBSD its a matter of:
   fetch -o /usr/ports/mail/mailman/files/patch-Mailman-TLS+SASL \
   http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/diff/1649?context=3
Edit out or fix the patch to the News file since it doesn't apply
cleanly.  I just deleted that part of the patch.  Then:
  cd /usr/ports/mail/mailman
  make deinstall && rm -rf work && make install
optional:
  make PACKAGES=/usr/packages package

I'm only now starting to use mailman again after a long (decade+)
period of not maintaining any mailing lists.  It might be a while
before I get things right.  Thanks for the help.

Curtis

ps - Mark - sorry for the duplicate.  I forgot to change this to send
from the domain I'm subscribed on.  I need to add another subscribe
with no delivery to fix this.