[Mailman-Users] Mailman 2 settings to minimise bounces

[jonathan.mailing.lists]

I've had quite a lot of bounces recently. This seems largely to have been
because my hosting company was having difficulty sending to Outlook (and
therefore maybe Microsoft servers generally). But I've been taking more
interest in the bounce messages as well.

 

These have included "Rejected by header based Anti-Spoofing policy" (an
organisation using Mimecast recognising its own email address in the From:
header), "DMARC Verification Failed" for a domain with p=reject (despite
dmarc_moderation_action being Munge From), "This email has been delivered to
the intended recipient, but our email system has identified that DKIM
Signing is missing or has been misconfigured. Please ask your IT department
to configure DKIM Signing to allow us to confirm the authenticity of your
emails." (despite the hosting company having the right DKIM record) and
more.

 

I have added REMOVE_DKIM_HEADERS = Yes to mm_cfg.py and restarted Mailman,
and changed from_is_list from No to Munge From.

 

Nobody seems to mind that all emails are now from the list address -
reply_goes_to_list was already set to This list, and now the sender's own
email address now appears in the Cc: header.

 

Is there anything I could do as well as or instead of that?

 

Thanks

 

Jonathan 

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Mailman 2 settings to minimise bounces

[Mark Sapiro]

On 5/8/21 2:53 PM, jonathan.mailing.li...@gmail.com wrote:
> 
> These have included "Rejected by header based Anti-Spoofing policy" (an
> organisation using Mimecast recognising its own email address in the From:
> header),


Recent Mailman 2.1 (>=2.1.30) has a feature to specify via address or
regexp matching From: posts to which dmarc_moderation_action should
apply regardless of the domain's dmarc policy.


> "DMARC Verification Failed" for a domain with p=reject (despite
> dmarc_moderation_action being Munge From), "This email has been delivered to
> the intended recipient, but our email system has identified that DKIM
> Signing is missing or has been misconfigured. Please ask your IT department
> to configure DKIM Signing to allow us to confirm the authenticity of your
> emails." (despite the hosting company having the right DKIM record) and
> more.

If the outgoing mail is DKIM signed by the Mailman host server as you
say, that's the best you can do. Your from munged outgoing mail should
pass DMARC. If the recipient domain is complaining about an invalid DKIM
signature from the originating domain, that is a bogus complaint. RFC
6376, sec. 6.3 >https://www.rfc-editor.org/rfc/rfc6376.html#section-6.3>
clearly states

   If the email cannot be verified, then it SHOULD be treated the same
   as all unverified email, regardless of whether or not it looks like
   it was signed.

I.e., broken signatures SHOULD be treated the same as if they weren't there.


> I have added REMOVE_DKIM_HEADERS = Yes to mm_cfg.py and restarted Mailman,


You probably needed to do that for the second of the above complaints.
Hopefully that helps.


> and changed from_is_list from No to Munge From.


Presumably to address the first complaint. Whether you want to munge the
From: unconditionally is up to you. As I said, recent Mailman 2.1 has a
feature that will enable you to do this more selectively, although I
don't really think it should be the mailing list's responsibility to
accommodate recipient mail domains that think that all external mail
From: their domain is bogus.


-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/