Page MenuHomePhabricator
Create Task
Maniphest T66818

Mitigate strict DMARC policy on the mailing lists
Closed, ResolvedPublic
Actions

Description

Try to become more DMARC-complient on the mailing lists to improve deliverability, particularly given Yahoo and AOL recently switched to a policy p=reject, preventing these users from sending emails to the mailing lists.

This bug is partly wontfix since this is linked to an upstream Mailman for a proper resolution, but could be partly mitigated by changing some configuration parameters, although there is no proper solution. I open this bug partly to isolate this mailing lists issue from other DMARC-related bugs (56414, 59731, 64795), and properly tracking the issue.

Two mitigations:

1/ http://www.spamresource.com/2014/04/run-email-discussion-list-heres-how-to.html is a way to mitigate the issue, although the main point is to change the From: header to a fixed address like wikitech-l@lists.wikimedia.org (quite disruptive for all users).

2/ http://www.ietf.org/mail-archive/web/ietf/current/msg87176.html proposes to rewrite Yahoo (+AOL) sending addresses from someone@yahoo.com to someone@yahoo.com.invalid to bypass DMARC.

Version: wmf-deployment
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=56414
https://bugzilla.wikimedia.org/show_bug.cgi?id=59731

Details

Reference
bz64818

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT66818 Mitigate strict DMARC policy on the mailing lists
 ResolvedDzahnT105756 Mailman Upgrade (Jessie & Mailman 2.x) and migration to a VM
 ResolvedDzahnT108057 Phabricator NDA for John Lewis
Restricted Task
 ResolvedDzahnT108073 test importing of mailing list configs and archives on staging VM
 ResolvedDzahnT108071 export config and archive data from sodium
 ResolvedDzahnT108080 service IP can't be switched over
 ResolvedDzahnT108082 give John Lewis shell access on the mailman staging VM
 ResolvedDzahnT108070 install jessie on new VM for mailman
 ResolvedRobHT108065 eqiad: 1 VM request for mailman
 ResolvedDzahnT108383 create basic mailman setup on fermium (jessie) for testing import
 ResolvedRobHT109393 rename wikitech-announce.disabled.T100503
 ResolvedDzahnT109399 go through all directories in /var/lib/mailman and decide if migration is needed
ResolvedDzahnT109467 write migration plan for mailman
 ResolvedDzahnT109539 rename lists mwapi-team.disabled.T97148 and flowfunding.disabled.T97328 ?
 Resolved JohnLewisT109624 move mailman server and service IPs to hiera / make it possible to run multiple instances at once
 ResolvedDzahnT109838 clean up mailman data directory (moderated messages > 0.5 million)
Restricted Task
 ResolvedDzahnT109890 reinstall fermium with public IP
ResolvedDzahnT109923 add public IP for fermium - DNS and DHCP change for reinstall
 DuplicateDzahnT109891 announce mailman downtime
 ResolvedDzahnT109921 setup rsyncd on fermium to copy files from sodium
 ResolvedDzahnT109922 write script to import mailing lists from other server
 DuplicateDzahnT109924 reinstall fermium with jessie and public IP
 ResolvedDzahnT109925 apply regular lists role on fermium and confirm no issues
 ResolvedDzahnT110695 mailman: listinfo template encoding
 ResolvedDzahnT110129 rsync all configs and archives one more time
 InvalidDzahnT110131 import all lists with the script we wrote for that
 ResolvedDzahnT110132 lower lists.wikimedia.org TTL to 5 min
 ResolvedDzahnT110133 announce scheduled downtime
 DeclinedDzahnT110135 right before the switch: lower TTL to 10 seconds
 ResolvedDzahnT110136 hold lists.wikimedia.org with exim
 ResolvedDzahnT110137 shut down mailman on sodium
 ResolvedDzahnT110138 rsync the diff since mail was held on sodium
 ResolvedDzahnT110139 switch over mailman service IP
 ResolvedDzahnT110140 send follow-up email, announce changes with new mailman version if any that have user impact
 Resolved JohnLewisT110382 mailman cronjobs not running?
 ResolvedDzahnT110440 rsync exim spool directory
ResolvedDzahnT110441 test sending individual mails from fermium during migration
 ResolvedDzahnT112229 fermium needs to have exim4-daemon-heavy installed, not -light
 ResolvedDzahnT113020 run /var/lib/mailman/bin/update and ./check_perms
 ResolvedDzahnT113045 start exim on fermium / revert migration hack
 ResolvedherronT168467 Improve lists.wikimedia.org DMARC compatibility

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:12 AM
bzimport added projects: Wikimedia-Mailing-lists, Upstream.
bzimport set Reference to bz64818.
bzimport added a subscriber: Unknown Object (MLST).
Seb35 created this task.May 4 2014, 10:32 AM
Nemo_bis added a comment.May 4 2014, 6:55 PM

(In reply to Seb35 from comment #0)

This bug is partly wontfix since this is linked to an upstream Mailman for a
proper resolution

Can you link or file it (on launchpad)?

Seb35 added a comment.May 4 2014, 8:32 PM

Apart http://dmarc.org/faq.html#s_3 which is only theoretical, I found this announcement of some support for DMARC in Mailman 2.1.16 and 2.1.18 (released April 18, 2014): http://wiki.list.org/display/DEV/DMARC

If I understand correctly, the introduced config parameter from_is_list is now on a per-list basis; this one rewrite the From: header (RFC 5322) with "Sender via the list wikitech-l" <wikitech-l@lists.wikimedia.org>, or could wrap the message as a sub-part in a MIME message.

Nemo_bis added a comment.May 5 2014, 5:37 AM

Reply-To is unaffected, which is good (we use reply_goes_to_list). https://bugs.launchpad.net/mailman/+bug/1313010

Probably better wait for https://bugs.launchpad.net/mailman/+bug/1315970 at least.

Aklapper added a comment.May 6 2014, 4:18 PM

I think we'll wait for upstream here, or rather on bug 64547 (Mailman 3).
Hence setting low priority.

lfaraone subscribed.Dec 13 2014, 9:02 PM

This is fixed in Mailman 2.1.18, see the release announcement:

The from_is_list feature introduced in 2.1.16 is now unconditionally available to list owners. There is also, a new Privacy options -> Sender filters -> dmarc_moderation_action feature which applies to list messages where the From: address is in a domain which publishes a DMARC policy of reject or possibly quarantine. This is a list setting with values of Accept, Wrap Message, Munge From, Reject or Discard. There is a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the default for this, and the list admin UI is not able to set an action which is 'less' than the default. The prior ALLOW_FROM_IS_LIST setting has been removed and is effectively always Yes. There is a new dmarc_quarantine_moderation_action list setting with default set by a new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting which in turn defaults to Yes. The list setting can be set to No to exclude domains with DMARC policy of quarantine from dmarc_moderation_action.

dmarc_moderation_action and from_is_list interact in the following way. If the message is From: a domain to which dmarc_moderation_action applies and if dmarc_moderation_action is other than Accept, dmarc_moderation_action applies to that message. Otherwise the from_is_list action applies.

Jgreen added a project: Mail.Jan 8 2015, 5:58 PM
Jgreen set Security to None.
PleaseStand awarded a token.Feb 13 2015, 10:12 AM
PleaseStand subscribed.Feb 13 2015, 10:18 AM

particularly given Yahoo and AOL recently switched to a policy p=reject, preventing these users from sending emails to the mailing lists.

They can still send emails, though not everyone on the list will receive them. I use Outlook.com for email and did not receive a recent message to wikitech-l, which came from a yahoo.com address. Apparently some other subscribers did, else there would have been no reply at all.

scfc subscribed.May 21 2015, 11:50 PM
Nemo_bis closed subtask T66547: Upgrade some lists to Mailman 3 as Declined.Jun 9 2015, 2:43 PM
lfaraone edited subtasks, added: T52864: Upgrade GNU Mailman from 2.1 to Mailman3; removed: T66547: Upgrade some lists to Mailman 3.Jun 14 2015, 5:59 PM
faidon removed a subtask: T52864: Upgrade GNU Mailman from 2.1 to Mailman3.Jun 15 2015, 3:19 PM
JohnLewis moved this task from Backlog to Jessie/Upgrade (2.x) on the Wikimedia-Mailing-lists board.Jul 7 2015, 10:42 PM
RobH added a subtask: T105756: Mailman Upgrade (Jessie & Mailman 2.x) and migration to a VM.Jul 13 2015, 11:01 PM
Dzahn mentioned this in T109467: write migration plan for mailman.Aug 22 2015, 12:17 AM
Dzahn subscribed.Sep 18 2015, 4:50 PM
In T66818#846359, @lfaraone wrote:

This is fixed in Mailman 2.1.18

We are now on 2.1.18 since today. :)

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 18 2015, 4:50 PM
Nemo_bis added a comment.Sep 18 2015, 9:40 PM

We should see a decrease in bounces, right? But where are the stats now? :)

Dzahn closed subtask T105756: Mailman Upgrade (Jessie & Mailman 2.x) and migration to a VM as Resolved.Sep 18 2015, 10:06 PM
JohnLewis closed this task as Resolved.Sep 30 2015, 6:50 PM
JohnLewis claimed this task.
JohnLewis subscribed.

Seems resolved looking around and with the added configuration variables, can be fine-tuned per list if necessary but defaults should suffice.

lfaraone added a comment.Dec 28 2015, 4:37 AM

@JohnLewis: What should we be tweaking? We're still seeing problems on various ArbCom/functionaries lists.

Jalexander added a comment.Dec 28 2015, 4:47 AM
In T66818#1905719, @lfaraone wrote:

What should we be tweaking? We're still seeing problems on various ArbCom/functionaries lists.

John is no longer active, I'll remove his assignee here, @Dzahn may know more about some options.

Jalexander removed JohnLewis as the assignee of this task.Dec 28 2015, 4:47 AM
Jalexander removed a subscriber: JohnLewis.
Krenair subscribed.Dec 28 2015, 4:50 AM
Guerillero subscribed.Dec 28 2015, 5:28 AM
Nemo_bis added a comment.Feb 29 2016, 8:13 PM

Fun: https://lists.wikimedia.org/pipermail/wikimedia-l/2016-February/082814.html

Dzahn added a comment.Feb 29 2016, 8:39 PM
In T66818#1905720, @Jalexander wrote:

John is no longer active, I'll remove his assignee here, @Dzahn may know more about some options.

No, sorry, i don't know more about this.

Dzahn unsubscribed.Feb 29 2016, 8:40 PM
faidon mentioned this in T146841: Reach out to Google about @yahoo.com emails not reaching gmail inboxes (when sent to mailing lists).Oct 19 2016, 2:18 PM
Liuxinyu970226 mentioned this in T58414: Get mail relay out of Yahoo! blacklist: apply to Yahoo for whitelisting bulk mail.Mar 11 2017, 12:41 PM
Aklapper mentioned this in T160529: Sender email spoofing.Mar 16 2017, 10:29 AM
herron added a subtask: T168467: Improve lists.wikimedia.org DMARC compatibility.Jun 20 2017, 8:33 PM
herron closed subtask T168467: Improve lists.wikimedia.org DMARC compatibility as Resolved.Aug 2 2017, 3:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL