[BALUG-Admin] BALUG-Talk and SPF/DKIM

Rick Moen rick@linuxmafia.com
Fri Aug 18 04:49:40 PDT 2017 

[adding balug-admin:]

Quoting Glen Martin (glen@glen-martin.com):

> Yeah, much agree on your points under "2.".

Apologies for the rantiness portions.  I do try to have substantive
technical content as well.

> huh. I'll have to review the configs, I can't remember this option
> to conditionally munge. I did it quite a while ago, so may be my
> memory at fault.

It's definitely there. Help text for that specificMailman WebUI item 
(Privacy Options, Sender filters, dmarc_moderation_action) says:


  dmarc_moderation_action (privacy): Action to take when anyone posts to
  the list from a domain with a DMARC Reject/Quarantine Policy.

  o  Munge From -- applies the 'from_is_list Munge From' [link] transformation 
     to these messages.
  o  Wrap Message -- applies the 'from_is_list Wrap Message' transformation 
     [link] to these messages.
  o  Reject -- this automatically rejects the message by sending a bounce
     notice to the post's author. The text of the bounce notice can be
     configured by you.
  o  Discard -- this simply discards the message, with no notice sent to the
     post's author.

  This setting takes precedence over the 'from_is_list' [link] setting if the
  message is From: an affected domain and the setting is other than
  Accept.


Following the first link ('from_is_list Munge From') shows this help text:

  from_is_list (general): Replace the From: header address with the
  list's posting address to mitigate issues stemming from the original
  From: domain's DMARC or similar policies.

  Several protocols now in wide use attempt to ensure that use of the
  domain in the author's address (ie, in the From: header field) is
  authorized by that domain. These protocols may be incompatible with
  common list features such as footers, causing participating email
  services to bounce list traffic merely because of the address in the
  From: field. This has resulted in members being unsubscribed despite
  being perfectly able to receive mail.

  The following actions are applied to all list messages when selected
  here. To apply these actions only to messages where the domain in the
  From: header is determined to use such a protocol, see the
  dmarc_moderation_action [link] settings under Privacy options... ->
  Sender filters.

  Settings:

  o No
    Do nothing special. This is appropriate for anonymous lists. It is
    appropriate for dedicated announcement lists, unless the From: address
    of authorized posters might be in a domain with a DMARC or similar
    policy. It is also appropriate if you choose to use
    dmarc_moderation_action other than Accept for this list.

  o Munge From
    This action replaces the poster's address in the From: header with the
    list's posting address and adds the poster's address to the addresses in
    the original Reply-To: header.

  o Wrap Message
    Just wrap the message in an outer message with the From: header
    containing the list's posting address and with the original From:
    address added to the addresses in the original Reply-To: header and with
    Content-Type: message/rfc822. This is effectively a one message MIME
    format digest.

  The transformations for anonymous_list are applied before any of these
  actions. It is not useful to apply actions other than No to an anonymous
  list, and if you do so, the result may be surprising.

  The Reply-To: header munging actions below interact with these actions
  as follows:

  first_strip_reply_to = Yes will remove all the incoming Reply-To:
  addresses but will still add the poster's address to Reply-To: for all
  three settings of reply_goes_to_list which respectively will result in
  just the poster's address, the poster's address and the list posting
  address or the poster's address and the explicit reply_to_address in the
  outgoing Reply-To: header. If first_strip_reply_to = No the poster's
  address in the original From: header, if not already included in the
  Reply-To:, will be added to any existing Reply-To: address(es).

  These actions, whether selected here or via dmarc_moderation_action
  [link] do not apply to messages in digests or archives or sent to
  usenet via the Mail<->News gateways.

  If dmarc_moderation_action [link] applies to this message with an
  action other than Accept, that action rather than this is applied

More information about the BALUG-Admin mailing list