[Pkg-mailman-hackers] Bug#1086707: dmarc mitigations should be enabled by default or at least configurable

Antoine Beaupre anarcat at debian.org
Mon Nov 4 14:55:58 GMT 2024


Package: mailman3
Version: 3.3.8-2~deb12u2
Severity: important
Tags: upstream

Mailman 3, out of the box, doesn't do any sort of DMARC
mitigation. This implies that it's impossible to deliver mail to
standards-conforming providers (e.g. Google, but also others) by
default, as the From: header will most likely not match the domain
used to match SPF signatures (among many other problems).

In our setup, we ended up using a bit of code like this:

```
from mailman.interfaces.mailinglist import DMARCMitigateAction, ReplyToMunging


def mitigate_dmarc(mlist):
    mlist.dmarc_mitigate_action = DMARCMitigateAction.munge_from
    mlist.dmarc_mitigate_unconditionally = True
```

Which we call with "withlist" to tweak the mailing list after
creation.

But I somewhat feel this should be the default. It's not clear what
upstream thinks, so far conversations about this have been relatively
unclear:

https://gitlab.com/mailman/mailman/-/issues/1181

Apparently, there's a way to make styles to workaround this issue, but
I don't think this is serving our users well.

So I feel we should just patch Mailman (as suggested by upstream) to
fix the default.

Thoughts?

-- System Information:
Debian Release: 12.7
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 'unstable'), (1, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.11+bpo-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mailman3 depends on:
ii  cron [cron-daemon]                                            3.0pl1-162
pn  dbconfig-sqlite3 | dbconfig-pgsql | dbconfig-mysql | dbconfi  <none>
    g-no-thanks
ii  debconf [debconf-2.0]                                         1.5.82
ii  init-system-helpers                                           1.65.2
ii  logrotate                                                     3.21.0-1
ii  python3                                                       3.11.2-1+b1
pn  python3-aiosmtpd                                              <none>
pn  python3-alembic                                               <none>
pn  python3-authheaders                                           <none>
pn  python3-authres                                               <none>
ii  python3-click                                                 8.1.3-2
ii  python3-dateutil                                              2.8.2-2
ii  python3-dnspython                                             2.3.0-1
pn  python3-falcon                                                <none>
pn  python3-flufl.bounce                                          <none>
pn  python3-flufl.i18n                                            <none>
pn  python3-flufl.lock                                            <none>
ii  python3-gunicorn                                              20.1.0-6
pn  python3-importlib-resources                                   <none>
pn  python3-lazr.config                                           <none>
ii  python3-passlib                                               1.7.4-3
ii  python3-psycopg2                                              2.9.5-1+b1
pn  python3-public                                                <none>
ii  python3-requests                                              2.28.1+dfsg-1
pn  python3-sqlalchemy                                            <none>
pn  python3-zope.component                                        <none>
pn  python3-zope.configuration                                    <none>
ii  python3-zope.event                                            4.4-3
ii  python3-zope.interface                                        5.5.2-1+b1
ii  ucf                                                           3.0043+nmu1

Versions of packages mailman3 recommends:
ii  postfix [mail-transport-agent]  3.7.11-0+deb12u1

Versions of packages mailman3 suggests:
pn  anacron                                             <none>
ii  chromium [www-browser]                              130.0.6723.69-1~deb12u1
ii  firefox-esr [www-browser]                           128.4.0esr-1~deb12u1
ii  lynx [www-browser]                                  2.9.0dev.12-1
pn  mailman3-doc                                        <none>
pn  postgresql | default-mysql-server | virtual-mysql-  <none>
    server
ii  w3m [www-browser]                                   0.5.3+git20230121-2



More information about the Pkg-mailman-hackers mailing list