* Broken DMARC workaround for glibc mailing lists
@ 2017-04-28 16:29 Florian Weimer
2017-04-30 2:32 ` Christopher Faylor
0 siblings, 1 reply; 10+ messages in thread
From: Florian Weimer @ 2017-04-28 16:29 UTC (permalink / raw)
To: overseers
Hi,
we have received a report that at least one of the glibc mailing lists
lacks anti-DMARC header rewriting:
https://sourceware.org/ml/libc-help/2017-04/msg00034.html
I have seen the usual âviaâ From rewriting on other sourceware.org
lists. I don't think we have much choice but to enable that for all the
glibc lists, too.
Thanks,
Florian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-04-28 16:29 Broken DMARC workaround for glibc mailing lists Florian Weimer
@ 2017-04-30 2:32 ` Christopher Faylor
2017-04-30 15:41 ` Christopher Faylor
[not found] ` <20170430053402.GA6286@ednor.casa.cgf.cx>
0 siblings, 2 replies; 10+ messages in thread
From: Christopher Faylor @ 2017-04-30 2:32 UTC (permalink / raw)
To: Florian Weimer, overseers
On Fri, Apr 28, 2017 at 06:29:38PM +0200, Florian Weimer wrote:
>Hi,
>
>we have received a report that at least one of the glibc mailing lists
>lacks anti-DMARC header rewriting:
>
> https://sourceware.org/ml/libc-help/2017-04/msg00034.html
>
>I have seen the usual âviaâ From rewriting on other sourceware.org
>lists. I don't think we have much choice but to enable that for all the
>glibc lists, too.
? We don't arbitrarily turn on/off features like that for different
mailing lists. This feature is on for every mailing list.
cgf
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-04-30 2:32 ` Christopher Faylor
@ 2017-04-30 15:41 ` Christopher Faylor
[not found] ` <20170430053402.GA6286@ednor.casa.cgf.cx>
1 sibling, 0 replies; 10+ messages in thread
From: Christopher Faylor @ 2017-04-30 15:41 UTC (permalink / raw)
To: Florian Weimer, overseers
On Sat, Apr 29, 2017 at 10:32:42PM -0400, Christopher Faylor wrote:
>On Fri, Apr 28, 2017 at 06:29:38PM +0200, Florian Weimer wrote:
>>Hi,
>>
>>we have received a report that at least one of the glibc mailing lists
>>lacks anti-DMARC header rewriting:
>>
>> https://sourceware.org/ml/libc-help/2017-04/msg00034.html
>>
>>I have seen the usual âviaâ From rewriting on other sourceware.org
>>lists. I don't think we have much choice but to enable that for all the
>>glibc lists, too.
>
>? We don't arbitrarily turn on/off features like that for different
>mailing lists. This feature is on for every mailing list.
I found what should have been a minor misconfiguration in libc-help
mailing list configuration. I don't know if it will help or not.
I'll monitor the mailing list to see if this fixes it.
cgf
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
[not found] ` <20170430053402.GA6286@ednor.casa.cgf.cx>
@ 2017-05-01 10:18 ` Florian Weimer
2017-05-02 14:07 ` Christopher Faylor
0 siblings, 1 reply; 10+ messages in thread
From: Florian Weimer @ 2017-05-01 10:18 UTC (permalink / raw)
To: overseers
On 04/30/2017 07:34 AM, Christopher Faylor wrote:
> On Sat, Apr 29, 2017 at 10:32:42PM -0400, Christopher Faylor wrote:
>> On Fri, Apr 28, 2017 at 06:29:38PM +0200, Florian Weimer wrote:
>>> Hi,
>>>
>>> we have received a report that at least one of the glibc mailing lists
>>> lacks anti-DMARC header rewriting:
>>>
>>> https://sourceware.org/ml/libc-help/2017-04/msg00034.html
>>>
>>> I have seen the usual âviaâ From rewriting on other sourceware.org
>>> lists. I don't think we have much choice but to enable that for all the
>>> glibc lists, too.
>>
>> ? We don't arbitrarily turn on/off features like that for different
>> mailing lists. This feature is on for every mailing list.
>
> I found what should have been a minor misconfiguration in libc-help
> mailing list configuration. I don't know if it will help or not.
>
> I'll monitor the mailing list to see if this fixes it.
Thanks for investigating this.
Florian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-05-01 10:18 ` Florian Weimer
@ 2017-05-02 14:07 ` Christopher Faylor
2017-05-05 10:32 ` Florian Weimer
0 siblings, 1 reply; 10+ messages in thread
From: Christopher Faylor @ 2017-05-02 14:07 UTC (permalink / raw)
To: Florian Weimer, overseers
On Mon, May 01, 2017 at 12:18:51PM +0200, Florian Weimer wrote:
>On 04/30/2017 07:34 AM, Christopher Faylor wrote:
>> On Sat, Apr 29, 2017 at 10:32:42PM -0400, Christopher Faylor wrote:
>>> On Fri, Apr 28, 2017 at 06:29:38PM +0200, Florian Weimer wrote:
>>>> Hi,
>>>>
>>>> we have received a report that at least one of the glibc mailing lists
>>>> lacks anti-DMARC header rewriting:
>>>>
>>>> https://sourceware.org/ml/libc-help/2017-04/msg00034.html
>>>>
>>>> I have seen the usual âviaâ From rewriting on other sourceware.org
>>>> lists. I don't think we have much choice but to enable that for all the
>>>> glibc lists, too.
>>>
>>> ? We don't arbitrarily turn on/off features like that for different
>>> mailing lists. This feature is on for every mailing list.
>>
>> I found what should have been a minor misconfiguration in libc-help
>> mailing list configuration. I don't know if it will help or not.
>>
>> I'll monitor the mailing list to see if this fixes it.
>
>Thanks for investigating this.
Could you ask them to send another message to the list to see if the
From is properly mangled?
cgf
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-05-02 14:07 ` Christopher Faylor
@ 2017-05-05 10:32 ` Florian Weimer
2017-05-08 5:34 ` Christopher Faylor
0 siblings, 1 reply; 10+ messages in thread
From: Florian Weimer @ 2017-05-05 10:32 UTC (permalink / raw)
To: overseers
[-- Attachment #1: Type: text/plain, Size: 1494 bytes --]
On 05/02/2017 04:07 PM, Christopher Faylor wrote:
> On Mon, May 01, 2017 at 12:18:51PM +0200, Florian Weimer wrote:
>> On 04/30/2017 07:34 AM, Christopher Faylor wrote:
>>> On Sat, Apr 29, 2017 at 10:32:42PM -0400, Christopher Faylor wrote:
>>>> On Fri, Apr 28, 2017 at 06:29:38PM +0200, Florian Weimer wrote:
>>>>> Hi,
>>>>>
>>>>> we have received a report that at least one of the glibc mailing lists
>>>>> lacks anti-DMARC header rewriting:
>>>>>
>>>>> https://sourceware.org/ml/libc-help/2017-04/msg00034.html
>>>>>
>>>>> I have seen the usual âviaâ From rewriting on other sourceware.org
>>>>> lists. I don't think we have much choice but to enable that for all the
>>>>> glibc lists, too.
>>>>
>>>> ? We don't arbitrarily turn on/off features like that for different
>>>> mailing lists. This feature is on for every mailing list.
>>>
>>> I found what should have been a minor misconfiguration in libc-help
>>> mailing list configuration. I don't know if it will help or not.
>>>
>>> I'll monitor the mailing list to see if this fixes it.
>>
>> Thanks for investigating this.
>
> Could you ask them to send another message to the list to see if the
> From is properly mangled?
The most recent message didn't have rewriting applied. I assume that
gmail.com has strict DMARC policies and would ordinarily trigger
rewriting. However, I don't see this happening on other sourceware.org
lists, either. Maybe we'd need a test posting from google.com.
Thanks,
Florian
[-- Attachment #2: Re: GMail DMARC : 'ezmlm warning' - '550-5_7_1 DMARC policy_ ___ of google_com domain' not considered an authorized sender ?.eml --]
[-- Type: message/rfc822, Size: 7951 bytes --]
From: Jason Vas Dias <jason.vas.dias@gmail.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: libc-help@sourceware.org
Subject: Re: GMail DMARC : 'ezmlm warning' - '550-5.7.1 DMARC policy. ... of google.com domain' not considered an authorized sender ?
Date: Fri, 5 May 2017 10:22:17 +0000
Message-ID: <CALyZvKzULTzj6TNHgD0xgYhYC+mPt7xQmLj5=kAFBb1rjD=_-w@mail.gmail.com>
Hi Florian -
> Jason, would you please send another message to the libc-help list?
I am doing so hereby.
I haven't got any more of these failed-to-deliver messages since:
libc-help-help | Inbox, To Jason |
ezmlm warning - .1 DMARC policy. Please contact the administrator of
google.com domain 550-5.7.1 if this was a legitimate mail. Please 16/11/2016
I just thought I should report it because it looked like all is not
quite OK with
authenticating your email sender to google.
Thanks & Regards,
Jason
On 05/05/2017, Florian Weimer <fweimer@redhat.com> wrote:
> On 05/01/2017 12:18 PM, Florian Weimer wrote:
>> On 04/28/2017 08:11 AM, Florian Weimer wrote:
>>> On 04/26/2017 01:05 AM, Jason Vas Dias wrote:
>>>> Is this google's problem or your email sender's or my gmail settings ?
>>>> ( I can't see anything in Gmail settings about 'authorized senders'
>>>> or anything.
>>>> Having a problem with your gmail sending account / or are
>>>> authentications
>>>> for it sometimes transiently timing out ?
>>>
>>> Google and Gmail (and Yahoo and others) broke mailing lists. There
>>> should be a vast amount of information available out there under the
>>> topic of DMARC and mailing lists. I don't know if the version of
>>> ezmlm used on sourceware.org supports the usual workarounds for the
>>> breakage.
>>
>> There may have been a misconfiguration which prevented the broken DMARC
>> workaround from being applied to the libc-help list.
>
> Jason, would you please send another message to the libc-help list?
>
> Thanks,
> Florian
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-05-05 10:32 ` Florian Weimer
@ 2017-05-08 5:34 ` Christopher Faylor
2017-05-08 6:15 ` Christopher Faylor
2017-05-08 6:44 ` Florian Weimer via overseers
0 siblings, 2 replies; 10+ messages in thread
From: Christopher Faylor @ 2017-05-08 5:34 UTC (permalink / raw)
To: Florian Weimer, overseers
On Fri, May 05, 2017 at 12:32:38PM +0200, Florian Weimer wrote:
>The most recent message didn't have rewriting applied. I assume that
>gmail.com has strict DMARC policies and would ordinarily trigger
>rewriting. However, I don't see this happening on other sourceware.org
>lists, either. Maybe we'd need a test posting from google.com.
I think this may be a bug in the patched ezmlm that we're using. It
may be looking at "gmail.com":
_dmarc.gmail.com. 300 IN TXT "v=DMARC1; p=none; rua=mailto:mailauth-reports@google.com"
rather than google.com (which handles gmail's mx):
_dmarc.google.com. 183 IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com"
It should be easy to fix. I'll look at it tomorrow.
cgf
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-05-08 5:34 ` Christopher Faylor
@ 2017-05-08 6:15 ` Christopher Faylor
2017-05-08 6:44 ` Florian Weimer via overseers
1 sibling, 0 replies; 10+ messages in thread
From: Christopher Faylor @ 2017-05-08 6:15 UTC (permalink / raw)
To: Florian Weimer, overseers
On Mon, May 08, 2017 at 01:34:52AM -0400, Christopher Faylor wrote:
>On Fri, May 05, 2017 at 12:32:38PM +0200, Florian Weimer wrote:
>>The most recent message didn't have rewriting applied. I assume that
>>gmail.com has strict DMARC policies and would ordinarily trigger
>>rewriting. However, I don't see this happening on other sourceware.org
>>lists, either. Maybe we'd need a test posting from google.com.
>
>I think this may be a bug in the patched ezmlm that we're using. It
>may be looking at "gmail.com":
>
>_dmarc.gmail.com. 300 IN TXT "v=DMARC1; p=none; rua=mailto:mailauth-reports@google.com"
>
>rather than google.com (which handles gmail's mx):
>
>_dmarc.google.com. 183 IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com"
>
>It should be easy to fix. I'll look at it tomorrow.
I looked at it tonight and instituted a temporary fix (that will probably
be around until someone complains that it isn't quite right).
cgf
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-05-08 5:34 ` Christopher Faylor
2017-05-08 6:15 ` Christopher Faylor
@ 2017-05-08 6:44 ` Florian Weimer via overseers
2017-05-08 14:22 ` Christopher Faylor
1 sibling, 1 reply; 10+ messages in thread
From: Florian Weimer via overseers @ 2017-05-08 6:44 UTC (permalink / raw)
To: overseers
On 05/08/2017 07:34 AM, Christopher Faylor wrote:
> On Fri, May 05, 2017 at 12:32:38PM +0200, Florian Weimer wrote:
>> The most recent message didn't have rewriting applied. I assume that
>> gmail.com has strict DMARC policies and would ordinarily trigger
>> rewriting. However, I don't see this happening on other sourceware.org
>> lists, either. Maybe we'd need a test posting from google.com.
>
> I think this may be a bug in the patched ezmlm that we're using. It
> may be looking at "gmail.com":
>
> _dmarc.gmail.com. 300 IN TXT "v=DMARC1; p=none; rua=mailto:mailauth-reports@google.com"
>
> rather than google.com (which handles gmail's mx):
>
> _dmarc.google.com. 183 IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com"
>
> It should be easy to fix. I'll look at it tomorrow.
Huh. This is not what I expected. I think this means that gmail.com
does not have a strict DMARC policy after all. So I was wrong to expect
rewriting for it.
(Just to be clear: it would be wrong to apply the google.com DMARC
policy to gmail.com because the MX host location does not matter for
this policy.)
Thanks,
Florian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Broken DMARC workaround for glibc mailing lists
2017-05-08 6:44 ` Florian Weimer via overseers
@ 2017-05-08 14:22 ` Christopher Faylor
0 siblings, 0 replies; 10+ messages in thread
From: Christopher Faylor @ 2017-05-08 14:22 UTC (permalink / raw)
To: overseers
On Mon, May 08, 2017 at 08:44:34AM +0200, Florian Weimer via overseers wrote:
>On 05/08/2017 07:34 AM, Christopher Faylor wrote:
>> On Fri, May 05, 2017 at 12:32:38PM +0200, Florian Weimer wrote:
>>> The most recent message didn't have rewriting applied. I assume that
>>> gmail.com has strict DMARC policies and would ordinarily trigger
>>> rewriting. However, I don't see this happening on other sourceware.org
>>> lists, either. Maybe we'd need a test posting from google.com.
>>
>> I think this may be a bug in the patched ezmlm that we're using. It
>> may be looking at "gmail.com":
>>
>> _dmarc.gmail.com. 300 IN TXT "v=DMARC1; p=none; rua=mailto:mailauth-reports@google.com"
>>
>> rather than google.com (which handles gmail's mx):
>>
>> _dmarc.google.com. 183 IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com"
>>
>> It should be easy to fix. I'll look at it tomorrow.
>
>Huh. This is not what I expected. I think this means that gmail.com
>does not have a strict DMARC policy after all. So I was wrong to expect
>rewriting for it.
>
>(Just to be clear: it would be wrong to apply the google.com DMARC
>policy to gmail.com because the MX host location does not matter for
>this policy.)
Yeah, I realized that as I was drifting off to sleep last night. Email
I sent to test-list from gmail to gmail worked so I should have realized
that meant that gmail didn't enforce and that this wassn't an issue.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-05-08 14:22 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-28 16:29 Broken DMARC workaround for glibc mailing lists Florian Weimer
2017-04-30 2:32 ` Christopher Faylor
2017-04-30 15:41 ` Christopher Faylor
[not found] ` <20170430053402.GA6286@ednor.casa.cgf.cx>
2017-05-01 10:18 ` Florian Weimer
2017-05-02 14:07 ` Christopher Faylor
2017-05-05 10:32 ` Florian Weimer
2017-05-08 5:34 ` Christopher Faylor
2017-05-08 6:15 ` Christopher Faylor
2017-05-08 6:44 ` Florian Weimer via overseers
2017-05-08 14:22 ` Christopher Faylor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).