New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reconfigure mailman to avoid kicking members off the lists #262

Closed
gravitystorm opened this Issue Jan 14, 2019 · 5 comments

Comments

Projects
None yet
4 participants
@gravitystorm
Copy link
Collaborator

gravitystorm commented Jan 14, 2019

Due to DMARC settings on some mailing list senders emails, other innocent mailing list subscribers (like me!) keep getting kicked off of the mailing lists. We should reconfigure mailman to avoid kicking innocent members off of the lists.

The basic problem is that some email providers (such as Yahoo) have set DMARC policies that mean when their customers emails go via any mailing lists, the DMARC validation will fail. When a victim uses an email service that respects the DMARC policy (like Gmail), the offending mail is bounced. Mailman counts these bounces, and then eventually kicks the victim off the list. This happens every month or so, across our lists. Note that it's the innocent victim (e.g. Gmail user), not the sender (e.g. Yahoo user), who gets kicked off.

Other list owners have dealt with this by changing their mailman configuration, to subtly change the DMARC-affected emails. Linuxchix has a detailed explanation (better than mine) about the problem, and their solution:

https://www.linuxchix.org/content/mailing-list-changes

We should make similar changes to our mailing list configuration.

@tomhughes

This comment has been minimized.

Copy link
Member

tomhughes commented Jan 14, 2019

Our mailman is too old to support these options.

@danpat

This comment has been minimized.

Copy link

danpat commented Jan 14, 2019

On a related note - I've had a few mailing list recipients contact me out-of-band and mention that my mailing-list messages from @mapbox.com are ending up in their spam folders (via the osrm-talk list). I spoke to our security folks - they modified the DMARC policy to p=reject a couple of months ago to combat all the phishing that was being done spoofing accounts on our domain.

My gut says that DMARC is only going to become more common over time and this problem will get worse.

@tomhughes could we help upgrade mailman?

@Firefishy

This comment has been minimized.

Copy link
Member

Firefishy commented Jan 14, 2019

The required version of mailman is available in Ubuntu 18.04 but upgrading is currently blocked by #149 and #220

@tomhughes

This comment has been minimized.

Copy link
Member

tomhughes commented Jan 14, 2019

It's not something we can just upgrade - the OS needs to be upgraded and we can't do that because the machine also runs OSQA for help.openstreetmap.org and that is dead and won't run on newer versions.

I will just reiterate that DMARC with p=reject is fundamentally broken unless you are going to ban all your users from subscribing to any mailing lists or forwarding mail in any way because it completely ignores decades of internet standards.

@tomhughes

This comment has been minimized.

Copy link
Member

tomhughes commented Jan 19, 2019

As shenron has now been updated I have set dmarc_moderation_action to "munge from" for all lists and made it the default for new lists.

@tomhughes tomhughes closed this Jan 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment