[Mailman-Users] OT - Smart .forward replacement?
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Wed Nov 28 20:50:50 EST 2018
Mark Sapiro writes:
> On 11/24/18 9:17 PM, Jayson Smith wrote:
> > I had a Mailman/DNS problem after upgrading a lot of packages. A
> > message came in, Mailman couldn't properly look up the DMARC
> > policy of the sending ISP, didn't munge the From: and sent the
> > message on its way...
>
> What was the lookup issue? I.e., what were the messages in Mailman's
> error and maybe vette logs? What Mailman version is this?, beginning
> with Mailman 2.1.25, some failures in DNS lookups of DMARC policy result
> in mitigations being applied.
Another possibility would be to cache the results, as a fallback to
the DNS lookup. If the cache hit rate is high enough (as it would be
for members-only lists -- the member test would be done first), this
should reduce DMARC lookup failures to near zero, which would allow
either mitigation-on-failure or quarantine-on-failure strategies by
default. A more complex approach would be to lookup in the cache
first and trust it until the original lookup expires. Both approaches
would have to be opt-in, of course. I don't think either the space
impact or performance impact would be very great.
A brief RFE for Mailman 3 (which keeps a much more extensive database,
so is more likely to implement) is in
https://gitlab.com/mailman/mailman/issues/527.
Steve
--
Associate Professor Division of Policy and Planning Science
http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information
Email: turnbull at sk.tsukuba.ac.jp University of Tsukuba
Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN
More information about the Mailman-Users
mailing list