Hello,
Does setting from_is_list and / or dmarc_moderation_action to munge
cause Mailman to do anything with existing DKIM-Signature headers? Will
they be removed or left there?
--
Grant. . . .
unix || die
--
Mailman-Users mailing list
is
happening? (from_is_list or dmarc_moderation_action both at their
default value.)
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http
Assassin can be
configured to provide the X-Spam-Level header.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Securit
On 09/21/2017 03:23 PM, Mark Sapiro wrote:
The default behavior does nothing to DKIM related headers. This is from
Defaults.py
Is the REMOVE_DKIM_HEADERS option a per mailing list setting? Or is it
Mailman wide?
I'm looking through the list admin interface for Mailman 2.1.20 an
On 10/03/2017 10:24 AM, Mark Sapiro wrote:
It is not a list setting. It applies to the entire installation. It is
documented in Mailman/Defaults.py and if you want to change the default,
set it in Mailman/mm_cfg.py.
Thank you Mark.
Sorry if I'm asking obvious questions. I've n
On 10/11/2017 12:12 PM, Mark Sapiro wrote:
solution 2). Your mail relaying process can rewrite the envelope sender
to your domain, e.g., campa...@myserver.com or some other appropriate
@myserver.com address. This will break mailman's automated bounce
processing for mail from mailman
lly sending this message to anyone other
than the single address that is the mailman-users mailing list. - The
mailman-users mailing list is what is sending message to all the
subscribers, *NOT* me. Both my mail server and the mail list server's
MTA logs will corroborate this. - I thin
On 10/17/2017 10:55 AM, Christian F Buser via Mailman-Users wrote:
I can perfectly follow your thoughts and arguments, they appear to be
justified and reasonable.
Thank you. I tried to make them so that people could understand, even
if they choose to disagree.
However, could you please
DKIM by itself can tolerate that, like you
are referencing.
I believe the problem is when DMARC is added to the mix, particularly
with a policy of reject.
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
KIM
3) SPF /or/ DKIM
4) SPF /and/ DKIM
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy:
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: ht
ent calls you domain
registar.
/me wonders what color Dimitri's hat is. ;-) #knowtheyenemy
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FA
On 10/17/2017 03:54 PM, Mark Sapiro wrote:
What I mean is as I posted previously
<https://mail.python.org/pipermail/mailman-users/2017-October/082611.html>,
RFC 5322 says the From: contains the "the mailbox(es) of the person(s)
or system(s) responsible for the writing of the me
that, purely for the purpose of
receiving the feedback reports.
--
Grant. . . .
unix || die
----------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://
the message,
and treat it suspiciously. Read: I increment the spam score. (If the
spam score is high enough I reject the message at SMTP time.)
If there is no DKIM signature, I continue processing normally.
--
Grant. . . .
unix || die
----------
er do something like the following so that users could reply
to the message. (It would also avoid potential MUA issues as indicated
by RFC 6854.)
I would think that it would be acceptable to use a From "group address"
that is the mailing list. I.e.
From: Mailman Users:mailman-us
tious of treating invalid signatures as a bad thing.
I use DKIM validity as a signal that I then make decisions based on. -
Hence why I have chosen to alter spam score on my mail server based on
the DKIM result.
--
Grant. . . .
unix || die
------
M
e new norm.
I also wonder what ARC is going to do to this paradigm.
--
Grant. . . .
unix || die
----------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x
a PR solution to a marketing problem. So this kind of
problem-finding and problem-solving has made to SMTP RFCs now, colour me
shocked.
I'd be curious to read said email, if it's convenient to dig up.
--
Grant. . . .
unix || die
----------
Ma
, I feel like ARC has a design flaw before it even
gets out of the gate. I hope that's not the case.
--
Grant. . . .
unix || die
----------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
o
something like a character class (type) search so that it could match on
"W[üu]trich". (Adjust as necessary.)
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/l
To each his / her own motivation (or lack there of.)
When those e-mail are from mailman
I'll start caring about what mailman does with DMARC headers. But at
this point I'd just strip them all off.
I suspect that when (if) you care will be after you implement filtering
(Chicken /
with
DKIM. That's your prerogative. Just like we are all free to run our
mail servers that way that we want to.
--
Grant. . . .
unix || die
----------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listi
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%
On 10/19/2017 12:37 AM, Stephen J. Turnbull wrote:
The IETF has NO position on WHEN this should be done because it's not
relevant to interoperability. My personal reasoning with respect to
mailing list managers like Mailman which normally pass through all
text/plain, and perhaps add some
which sending
domain to use, or Yahoo (et al) would need to have a list of domains to
send from the list subdomain.
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/ma
On 10/19/2017 10:14 PM, Grant Taylor via Mailman-Users wrote:
/The output of a resending MLM is/ *a new message*.
...
*The resending MLM is the author* /of the new message/.
Since the MLM is the author of the new message, I think it would be
prudent to use either of the following as the
Hi all,
I’m new to mailman. My previous Listserv platform ( LSoft ) made it easy to
reply to discussions by automatically sending replies to the list. With
mailman, replies go to the person, not the list,, so we have to make the extra
step of correcting the outgoing to: address. Is there a
On 12/07/2017 07:19 PM, Chip Davis wrote:
And I have no problem with that (except that editorial advice probably
doesn't belong on a settings page) because it refers to a "mailing
list". I have no statistics, but my exposure to Mailman has been almost
exclusively as a &
.
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives
On 12/28/2017 04:33 PM, Grant Taylor via Mailman-Users wrote:
Sending domain administrators can require that *both* SPF /and/ DKIM
must pass for DMARC to pass. So your /or/ premise is likely not going
to work out as well as you had hoped.
(*sigh* It's been a day.)
As sure as I say tha
On 01/12/2018 08:43 AM, Julian H. Stacey wrote:
Is this live sample of an Uncaught bounce notification useful to
forward to developers to extend pattern matching.
http://berklix.com/~jhs/tmp/mailman/uncaught_bounce_notification/1
I highly doubt it.
The bounce that is in the email you linked
be worth retaining the functionality of the prior saved URLs.
Just my 2¢ worth.
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http
couldn't keep track of the previous behavior and current behavior
through all of the things that I read.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-
py of Thunderbird, 52.5.0.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x
to be the mailing list. *sigh*
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/
On 01/22/2018 12:17 PM, Mark Sapiro wrote:
My bad. I was confused. In my answer above, "False" should be "True" and
vice versa.
;-)
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
htt
thom to introduce an
RFC compliant dictated behavior /without/ giving an option to revert.
*headDesk*
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-u
f the mailing list manager alters the
Reply-To: header. But I think that would be the case despite of
Thunderbird's recent change.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.o
ssage author might choose to
(dynamically) set the Reply-To to something like "Reply-To: Please
reply to the Mailman-Users mailing list. "
3. Else address the message to From. (If there's no From, the message
violates the most basic RFCs so all bets are off.)
¯\_(ツ)_/¯
Sounds
ht semantics even on an evil
Reply-To: list. With DMARC munging that's no longer an option; I
need Reply-To: on DMARC-munged lists.
How can you tell the difference between me setting the Reply-To: to be
the Mailman Users mailing list (which I have done for this email) and
the mailing li
iling-list mail).
I'm not setting where the messages /do/ go. I'm setting where I would
/like/ the messages to go. You, as the reply author are responsible for
what your MUA sends.
*You* shouldn't be saying where *my* reply goes.
I'm /not/ saying where your reply /d
e posted. I've been
observing the concerns of mailing list owners for two decades, and I
believe that if this algorithm were used in all major MUAs, there would
be no demand for Reply-To munging.
Maybe, maybe not.
--
Grant. . . .
unix || die
-
re of much that Thunderbird can do.
Hence good in theory, bad in practice.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/
ated (enough) to
do so.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.o
re the replies to incoming messages go back
out to. IMHO the way the From: / Reply-To: are configured doesn't
matter or impact where replies to incoming messages go.
What am I missing?
--
Grant. . . .
unix || die
----------
Mailman-Users mai
people say.
It is absolutely, 100%, clear to me what I want to happen on Reply and
Reply All. But it seems that that is not what you want to happen...
We are all entitled to our own opinions. ;-)
--
Grant. . . .
unix || die
--
Mailman
sending to both)
:-/
I prefer to only receive messages to the mailing list. But I understand
why you replied to both. ;-)
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailma
essage from the list is based off of the direct message.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
S
ything to do with this being a problem. Specifically that the sample
message has the Reply-To: set to the same value as the From:.
From: Grant Taylor
To: Mailman-Users
CC: REDACTED
Reply-To: Grant Taylor
Subject: Testing...
Replies will be routed to the author, where repl
why. I don't hold my preference against you or others.
If your Mailman is configured so:
…
(that is, first_strip_reply_to=No, reply_goes_to_list=This List)
Then if user A sends a message to the list without a Reply-To, replies
will go to the list, but if user B sends a message to the list with
&q
t. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailma
://www.drillanddriver.com
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http
ld be able to go to the list's
admin interface and drop all of the pending subscription requests as a
single operation.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
-----
ike DKIM* / Authentication* / et al.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.
r poorly
configured to me.
Has there been any noise about Yahoo on mailop about this new behavior?
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-
On 03/16/2018 07:54 PM, Grant Taylor via Mailman-Users wrote:
Has there been any noise about Yahoo on mailop about this new behavior?
I just read a handful of messages on mailop where multiple people are
reporting this issue.
One of the last messages indicated that the problem might be
Howdy,
I recently updated from mailman 2.1.? to 2.1.26. After this update users can
not subscribe or unsubscribe. Here is the error from the mailman log. Any
ideas what I need to fix? It may be a database problem?
Thanks
Jeff
Mar 27 08:57:49 2018 admin(21493
ave to test the "p=quarantine" behavior.
I'm confident that Mailop subscribers can respond to this.
Here's the really annoying thing. My dmarc_shield processor rewrites the
From header as per SOP for Mailman with the proper switch turned on. The
From header address becomes
On 04/19/2018 04:17 AM, kan...@yamachu-tokachi.co.jp wrote:
Hello Mailman experts,
I'm not an expert, but I've got questions.
I created a mailing list (i.e. a...@ml.abc.co.jp) with mailman in our
organization.
I don't think it matters, but I want to make sure I'm no
I performed a massive debian update last week, which included a postfix update.
Mailman may have updated too (it is currently 2.1.26). All other mail services
on my server appear to still work (Drupal password resets, Roundcube webmail
send/receive, virtual mailbox forwarding), but mailman is
impact on archives.
God forbid if blockchain was used on the archive. }:-)
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.
our way
to snub our faces at GDPR.
I think most uses of blockchain are bogus and I'm ready for the buzz
word to go away.
I mentioned it because GDPR and blockchain are sort of antipodes when it
comes to the right to be forgotten.
--
Grant. . . .
unix || die
-------
tuation of a litigation hold that
suspends expunging of backups.
¯\_(ツ)_/¯
Again all this up for interpretation. The largest ones for me at the
moment is regarding auditing access to the Mailman admin access and the
archive purging requests.
I'm not trying to come across as argumentative.
oblem.
--
Grant. . . .
unix || die
----------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-us
m.
Or should the company have retained just enough information to know that
they should not contact the person again? I.e. a black list.
(* Don't talk to me about proving the negative. Assume a 3rd party
oversight of some sort.)
--
Grant. . . .
unix || die
-
On 05/15/2018 03:18 AM, Andrew Hodgson wrote:
At the moment the list administrator and moderator account is accessed
via no username and a single password. If that password is shared,
I have no audit trail of who logged into the system.
ACK
I like to run Mailman (et al) administration pages
mailman into a state that I can safely modify the archive.
2) Run a script (likely sed) to REDACT the contents.
sed -i$ticketID 's/phone number/REDACTED/g;s/Eventbright
Link/REDACTED/g;#etc'
3) Restarted Mailman and possibly web server serving the archive.
(Or otherwise flushed c
, thus breaking
existing links to messages? Or at least disassociating them such that
they link to the wrong message?
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinf
ter or worse, in some way.
I also feel like the structure of the data, or lack there of, is
somewhat immaterial. Especially in this day and age where people are
touting storing data in unstructured manner. Plus, extracting email
addresses (and associated names) from a mail archive, HTML or not, is
relatively easy. ;-)
--
Grant. . .
hat the infinite wisdom of politicians will say that the
entire paper needs to be shredded.
I think it also significantly depends on what needs to be redacted.
Removing "supercalifragilisticexpialidocious" is a LOT different than
removing "Grant Taylor" from the Mailman-Users arch
, but it is
not PII in and of itself. (At least that's my understanding.)
What does "verify" mean here? The problematic address may have been
deleted or pwned, and not available to the person wanting redaction.
Technical complications. :-D
--
Grant. . . .
unix || die
-
vFKoNlttdrvXjeDBRki1v5hFvuNSHSMBSJ+yySb0FMuC3aw+2y
KKZhKhwYJuoWMHMa6Lmhrtna/x1ywD1xvCg2m0J2mEM3biNFlwIHx7zewYbhn56j
wTtX9Ch8ozdKVGakmybxfo91xkbQvRpROpjwIslRWrbxAgbV6r8=
=z4V/
-END PGP SIGNATURE-
----------
Mailman-Users mailing list Mailman-Users@p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Argh! This was intended for just Mark, not the whole list. Sigh.
- -Jim P.
On Thu, 2018-05-24 at 11:40 -0400, Jim Popovitch via Mailman-Users
wrote:
> Hello!
>
> Given a bounce msg with a subpart of:
>
>
> messa
On 05/30/2018 03:36 PM, Parker, Michael D. wrote:
I've been assigned the task of attempting to secure our current
implementation of GNU MailMan.
One thing that I've not seen (or missed) in this thread is the idea of
leveraging HTTPS usernames and passwords to protect the web interfa
certificates to authenticate the client to the server. — I have yet to
see any Web UI leverage this. — It's built into the web server. }:-)
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
g the web server's
ability to filter by IP?
What I do, is to run the mailman GUI on a non-standard https port.
Okay. (Additional) security through obscurity. Sure. I do similar
with various things.
I then create webserver URL rewrites that redirect url access to that
port.
Why? I
7;s coming from the same security experts.
Proper answer with those guys is don't run mailman. Export the subscribers
and use it as CC list in Orifice'365: you can't go wrong with "industry
standard".
I'm going to disagree with you there. You most certainly can go wrong
On 05/31/2018 03:05 PM, Dimitri Maziuk wrote:
What exactly is it about mailman usernames and passwords that you are
trying to protect with HTTPS?
I wasn't talking about Mailman usernames (email addresses) and
passwords. I was talking about the usernames and passwords for Basic
H
machines, not just
one. (I'm referring to network appliance type firewalls, not host based.)
No, this is not security through obscurity. It runs on a different
port so I can add firewall rules that effect only mailman service and
not other web applications.
Fair enough.
I need to gi
using routing with
reverse path filtering.
I've found all of the above to be quite effective.
--
Grant. . . .
unix || die
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
M
ZWZUD0Hh/2Tet8zIrfMCT
p7sigLH0gbjaCR5dcsXoyiQoXQAraubG/D/LJ5yEhrBIuM4QLllAbqUwnqLkFu+A
S/TLW0uext7nL1HnhzRa4w/MXwme8LRF31UoDsh1hdIxiRjAYA0=
=YSGk
-END PGP SIGNATURE-
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mai
ssing?
--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives:
; I'm having a hard time using Fail2Ban along with MailMan mailing
> list
> management software.
>
> My idea is that when the attacker / attacker incorrectly enters the
> password of the login field in the web interface, it is blocked. But
> for
> this to work, it
On June 3, 2018 5:44:17 PM UTC, Henrique Fagundes
wrote:
>Dear,
>
>Where should I put this file?
>First I put it in "/ etc / mailman", and it did not work.
>
It's intended to be an example of modifications that can be made to Utils.py in
order to get bette
On 06/03/2018 04:11 PM, Mark Sapiro wrote:
Ban list regexps are case insensitive.
Thank you for the clarification Mark.
The fact that the ones I saw never had periods following the plus sign.
ACK
--
Grant. . . .
unix || die
--
Mailman
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2018-06-04 at 18:47 +, Parker, Michael D. wrote:
> I have mailman 2.x and am specifically interested in knowing how to
> do the following two tasks:
>
>
> 1. List all users with all their mailing lists
list_mem
YoMTfT13+XWvpjH526msYUAK6ER/m5webuV3ltElWG9M0aOSocM
shlPEdYkCTZZXrPpTc290KHIyd20hj3uyT2xkj7AKwlelnLhfwM=
=rw6m
-END PGP SIGNATURE-
--------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security
rFpyYNIoUECLX1J
DVqvlo03EQddZmccVFyQ9FBBJfYKYOjWx2U6Im2mtf11tRIrPScGNZHrUzEYXJJr
1ilFBEr4MAPAdGgN+NiX7X7ei/O516lZGpXyjt60Mod1x62FCxXTUTYEUQ8Lshza
kULK8QtECBANbNZP23NG7U7NnLINbC8qKkSKh5mkmhjlU+qhLh+6STTv/uyA5s6v
MllrEt72ycJIFH7Xt5hUH3RuHlNR/1OgM4d8yLbDeCy5S/WjXxfGG/PeSIBCtG3l
lZw/thIBxRcxOCa/s55PBvhIz0qgv1YSA4RgCBbw5MhsO+GbV9+/lX5/fkNKd+uE
nntLBr9TPt
haus IP)
Very nice!
Thanks again,
-Jim P.
------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
For some unknown reason a legitimate human sent a subscribe request to
mailman-subscr...@domain.tld and now I'm receiving pending subscriber
notifications for the "mailman" list, which isn't a list with an
available web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2018-06-11 at 12:21 -0700, Mark Sapiro wrote:
> On 6/11/18 10:26 AM, Jim Popovitch via Mailman-Users wrote:
> >
> > For some unknown reason a legitimate human sent a subscribe request
> > to
> > mailman-subsc
On 07/19/2018 06:16 AM, Robert Heller wrote:
I mean it does not check things like the Received: headers*by default*. If
the email part of the From: header is a list member address, Mailman
will consider that the mail is from that member and pass the message on
to the list,*even if the From
On July 19, 2018 5:28:24 PM UTC, Mark Sapiro wrote:
>On 07/19/2018 08:02 AM, Grant Taylor via Mailman-Users wrote:
>>
>> I have often wondered about enhancing Mailman, or augmenting it with
>a
>> milter, to be able to test the SMTP envelope from, to, and body
>content
On July 19, 2018 6:53:52 PM UTC, Jim Popovitch wrote:
>On July 19, 2018 5:28:24 PM UTC, Mark Sapiro wrote:
>>On 07/19/2018 08:02 AM, Grant Taylor via Mailman-Users wrote:
>>>
>>> I have often wondered about enhancing Mailman, or augmenting it with
>>a
>&g
server exercises.
I personally feel like Mailman, and many other similar things, should
sit behind an external / edge SMTP server that does some of the heavy
lifting and provides detection of and possibly protection against many
spoofs.
Mailman does not make any checks of the "Rec
x27;s pretty rare for the path from a
user to the mailman server to do things that would cause DMARC fails.
Yep, that's what I was referring to.
If you want to reinvent DMARC, you could add an option to say that all
submissions from me must have a DKIM signature or validated SPF from
domai
On 07/19/2018 04:16 PM, Mark Sapiro wrote:
Mailman can be configured to remove DKIM related headers from
incoming mail before sending.
ACK
I'm lumping various in as well, which I'm not aware of Mailman being
able to remove.
Authentication-Results:
I think there are others that
On 07/19/2018 06:22 PM, Mark Sapiro wrote:
If Mailman is asked to remove or replace DKIM headers, the
headers affected are DomainKey-Signature, DKIM-Signature and
Authentication-Results.
Good to know.
Thank you for clarifying Mark.
--
Grant. . . .
unix || die
establish this trust relationship, save for traditional
Business-to-Business methods. At least I'm not aware of anything more
automatic.
Thus I question how useful ARC will be for small operators. :-/
--
Grant. . . .
unix || die
------
Mailman-U
401 - 500 of 1051 matches
Mail list logo
