[Pkg-mailman-hackers] Bug#1086707: dmarc mitigations should be enabled by default or at least configurable
Antoine Beaupre
anarcat at debian.org
Mon Nov 4 14:55:58 GMT 2024
Package: mailman3
Version: 3.3.8-2~deb12u2
Severity: important
Tags: upstream
Mailman 3, out of the box, doesn't do any sort of DMARC
mitigation. This implies that it's impossible to deliver mail to
standards-conforming providers (e.g. Google, but also others) by
default, as the From: header will most likely not match the domain
used to match SPF signatures (among many other problems).
In our setup, we ended up using a bit of code like this:
```
from mailman.interfaces.mailinglist import DMARCMitigateAction, ReplyToMunging
def mitigate_dmarc(mlist):
mlist.dmarc_mitigate_action = DMARCMitigateAction.munge_from
mlist.dmarc_mitigate_unconditionally = True
```
Which we call with "withlist" to tweak the mailing list after
creation.
But I somewhat feel this should be the default. It's not clear what
upstream thinks, so far conversations about this have been relatively
unclear:
https://gitlab.com/mailman/mailman/-/issues/1181
Apparently, there's a way to make styles to workaround this issue, but
I don't think this is serving our users well.
So I feel we should just patch Mailman (as suggested by upstream) to
fix the default.
Thoughts?
-- System Information:
Debian Release: 12.7
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 'unstable'), (1, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.11+bpo-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mailman3 depends on:
ii cron [cron-daemon] 3.0pl1-162
pn dbconfig-sqlite3 | dbconfig-pgsql | dbconfig-mysql | dbconfi <none>
g-no-thanks
ii debconf [debconf-2.0] 1.5.82
ii init-system-helpers 1.65.2
ii logrotate 3.21.0-1
ii python3 3.11.2-1+b1
pn python3-aiosmtpd <none>
pn python3-alembic <none>
pn python3-authheaders <none>
pn python3-authres <none>
ii python3-click 8.1.3-2
ii python3-dateutil 2.8.2-2
ii python3-dnspython 2.3.0-1
pn python3-falcon <none>
pn python3-flufl.bounce <none>
pn python3-flufl.i18n <none>
pn python3-flufl.lock <none>
ii python3-gunicorn 20.1.0-6
pn python3-importlib-resources <none>
pn python3-lazr.config <none>
ii python3-passlib 1.7.4-3
ii python3-psycopg2 2.9.5-1+b1
pn python3-public <none>
ii python3-requests 2.28.1+dfsg-1
pn python3-sqlalchemy <none>
pn python3-zope.component <none>
pn python3-zope.configuration <none>
ii python3-zope.event 4.4-3
ii python3-zope.interface 5.5.2-1+b1
ii ucf 3.0043+nmu1
Versions of packages mailman3 recommends:
ii postfix [mail-transport-agent] 3.7.11-0+deb12u1
Versions of packages mailman3 suggests:
pn anacron <none>
ii chromium [www-browser] 130.0.6723.69-1~deb12u1
ii firefox-esr [www-browser] 128.4.0esr-1~deb12u1
ii lynx [www-browser] 2.9.0dev.12-1
pn mailman3-doc <none>
pn postgresql | default-mysql-server | virtual-mysql- <none>
server
ii w3m [www-browser] 0.5.3+git20230121-2
More information about the Pkg-mailman-hackers
mailing list