From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from cgf.cx (external.cgf.cx [107.170.62.102]) by sourceware.org (Postfix) with ESMTP id A91ED3944423 for ; Wed, 18 Mar 2020 18:14:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A91ED3944423 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 cgf.cx 69B18405D2 X-Spam-Level: X-Spam-CGF-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.3 spammy=searching, yahoo, communicate, Was Received: from ednor.cgf.cx (unknown [100.0.105.127]) by cgf.cx (Postfix) with ESMTPA for ; Wed, 18 Mar 2020 14:14:28 -0400 (EDT) Received: by ednor.cgf.cx (sSMTP sendmail emulation); Wed, 18 Mar 2020 14:14:28 -0400 Resent-From: Christopher Faylor Resent-Date: Wed, 18 Mar 2020 14:14:28 -0400 Resent-Message-ID: <20200318181428.GA7304@cgf.cx> Resent-To: overseers@sourceware.org Date: Wed, 18 Mar 2020 13:36:37 -0400 From: Christopher Faylor To: Overseers mailing list Cc: Segher Boessenkool , Alexander Monakov , Bernd Schmidt , Florian Weimer Subject: Re: Not usable email content encoding Message-ID: <20200318173637.GA4283Q@cgf.cx> Mail-Followup-To: Overseers mailing list , Segher Boessenkool , Alexander Monakov , Bernd Schmidt , Florian Weimer References: <20200317194613.GH22482@gate.crashing.org> <20200317195158.GC112952@elastic.org> <874kumt0bh.fsf@mid.deneb.enyo.de> <20200318110109.GA5496@redhat.com> <20200318142239.GF112952@elastic.org> <3af9771e-e577-f2a1-843e-c2b078bfc4ea@t-online.de> <20200318162250.GG112952@elastic.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Status: No, score=-97.2 required=5.0 tests=FORGED_SPF_HELO, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, KHOP_HELO_FCRDNS, SPF_HELO_PASS, SPF_NEUTRAL, USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.2 X-BeenThere: overseers@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Overseers mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 18:14:31 -0000 On Wed, Mar 18, 2020 at 04:42:13PM +0000, Michael Matz wrote: >On Wed, 18 Mar 2020, Frank Ch. Eigler via Gcc wrote: >> Yes, for emails from domains with declared interest in email >> cleanliness, via DMARC records in DNS. We have observed mail >> -blocked- at third parties, even just days ago, when we failed to >> sufficiently authenticate outgoing reflected emails. > >Was this blocking also a problem before mailman (i.e. two weeks ago)? >Why did nobody scream for not having received mail? Or why is it blocked >now, but wasn't before? Can it be made so again, like it was with ezmlm? We *were* seeing an increased number of bounces because qmail wasn't doing the right thing. People were complaining to postmaster that they hadn't received email. I was dreading having to figure out what DMARC issues they were having with ezmlm/qmail. So, it's nice for us admin volunteers to have a standard system to use that doesn't require searching for patches or workarounds non-standard systems like ezmlm/qmail. >(And DMARCs requirement of having to rewrite From: headers should make it >clear to everyone that it's stupid). I hate the rewriting quite a bit. But, if major players like gmail have adopted DMARC then there really isn't much we can do except to play along. It is galling, but the alternative is telling people not to use gmail or yahoo. We obviously can't do that. I'm not sure that everyone understands that on the old server we were using an ancient, hacked email system of qmail and ezmlm. I'd added unofficial (if official even means anything) patches and work arounds to allow us to continue to communicate with, e.g., yahoo and qmail but they never worked 100% right and, as mentioned, we were starting to see bounces and complaints. Even the old system munged From addresses, too. We decided for server2 to standardize on postfix + mailman because both were available on RHEL. Using postfix + mailman means that if anything happens to fche or cgf, it should be possible for some hypothetical volunteer to figure out how email works on sourceware. There is at least one site that offers qmail and ezmlm packages but the support seeemed somewhat iffy. And, if we had used those instead, and they had updated their support for DMARC/DKIM/SPF then we'd be in the same boat anyway. mailman is supposed to only munge From addresses from domains that enforce DMARC but we're finding that some domains don't properly advertise themselves and email is not going through to them. So, it is looking like we may have to turn it on universally. The bottom line is that mailman tries harder to make sure that mail gets through than the kludge I added to qmail ever did so, in theory, more mail should get through once we finish tweaking. FWIW, I rewrote my local email delivery agent so that it it puts most of the From addresses back the way they were before. It catches most of the munging so that I don't even notice it anymore. cgf