[Bug Infrastructure/29713] Please make libc-alpha mailing list compatible with “git am”

["iank at fsf dot org" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=29713

--- Comment #6 from iank at fsf dot org ---
I admin the GNU lists. Here is some info about how to accomplish this:

The mailman docs imply that it's From: rewriting is needed for DMARC
compliance, but that isn't the case. Instead, you just ensure that dkim
signatures are not broken for that list. The mailman options needed are
to make the mailman list have no subject modification or footer
addition, and then set dmarc_moderation_action to accept. In mailman web
interface, that under privacy, sender filter.  Also to fix where mailman
breaks dkim signatures by removing CCs using no duplicates user setting,
either use new mailman https://launchpad.net/mailman/+milestone/2.1.30
and set appropriate DEFAULT_DROP_CC described there, or a lightly
patched older mailman.  We use a patch,
https://launchpadlibrarian.net/444501204/nodup-dkim.patch, which is
linked from the relevant bug. After applying the patch, compile mailman
with "pycompile -p mailman /usr/lib/mailman/Mailman -V 2.4-", then
restart. There are a few other rare non-default settings that would
break all dkim signatures. Just send a test message to make sure you
don't have these.


Then, there is the rare case someone sends from a domain with DMARC set
to reject or quarantine and a missing or broken dkim signature.  In that
case, the sender has sent a bad message. These are quite rare, and rare
enough that other big free software lists I've looked at ignore them and
let them get rejected by any recipient which does dmarc validation. On
GNU lists, I decided that wasn't good enough because if the sender just
made a mistake, or just had a misconfiguration, those rejections just go
into the list server mta log and no one notices them, and then only some
subscribers will get their message, leading to confusion. It is better
to either reject the message from the poster, telling them the problem
in the reject message, or be even nicer and do from rewriting in the mta
because their message may still be useful even with a rewritten
from. Then, if the rewriting causes a problem, a human can tell them to
fix the issue on their end. That is what we do, it is documented here,
https://wiki.debian.org/Exim#For_running_a_mailing_list_and_ensuring_all_sent_mail_is_DMARC_compliant
. Sourcware uses postfix, so that is not a drop in solution, and is
probably much easier to setup rejecting of the message.

-- 
You are receiving this mail because:
You are the assignee for the bug.