The mailing list for listmasters using Sympa

[Erik Olson <address@concealed>]

I don't know if yahoo.com counts as a bad sender, nor if yahoo, gmail, hotmail/outlook/live.com count as bad recipients, but they're what I have to deal with, unfortunately.   And I'm not familiar with SIDF (though I am familiar with SPF and have been crash-coursing DKIM today).

Any rate, merely removing the DKIM signature (and DomainKeys signature, as yahoo continues to do both) was not enough to stop the DMARC reject that yahoo added yesterday.

Ultimately I tweaked the code to enhance anonymous mode the same way PayPal and others seem to be doing, by adding in the person's personal name to the front of the anonymous (list e-mail).  So I can get "Erik Olson via GSAS Airstone <address@concealed>" into the From: line.  I'm not really a perl programmer, so it's a bit of a hack.  I'm also not looking at Internet standards every day, so I have no idea if there's a standard header for where to put the original From:  when you don't really want to anonymize it.

Would like to figure out how the 'other' e-mail list programs are getting away with this.  The DMARC.org FAQ mentions an alternative approach of using the "X-OriginalAuthentication-Results" and slapping new DKIM, but I had to get our lists back and running immediately.

Thanks for the suggestions & help!

  - Erik

--- /home/erik/Drivers/Linux/sympa-6.1.19/src/lib/List.pm       2014-02-04 02:40:40.000000000 -0800

+++ ./List.pm   2014-04-07 14:36:14.340887995 -0700

@@ -43,6 +43,8 @@

 use Sympa::Constants;

 use tools;

+use Email::AddressParser; ## Added by Erik

+

 our @ISA = qw(Exporter);

 our @EXPORT = qw(%list_of_lists);

@@ -2753,11 +2755,29 @@

     ## Hide the sender if the list is anonymoused

     if ( $self->{'admin'}{'anonymous_sender'} ) {

+       ## New code hacked in by Erik

+       my $originalFrom = $hdr->get('From');

+       my @addresses = Email::AddressParser->parse($originalFrom);

+

        foreach my $field (@{$Conf::Conf{'anonymous_header_fields'}}) {

            $hdr->delete($field);

        }

-

-       $hdr->add('From',"$self->{'admin'}{'anonymous_sender'}");

+

+       if (0+@addresses) {

+           my @anonFrom = Email::AddressParser->parse($self->{'admin'}{'anonymous_sender'});

+           if (0+@anonFrom) {

+               ## Grab the personal name from the original from and tack it on to the beginning of the 'anon' from

+               my $newPhrase = $addresses[0]->phrase . $anonFrom[0]->phrase;

+               my $oldAddr = $anonFrom[0]->address;

+               my $newFrom = Email::AddressParser->new($newPhrase, $oldAddr);

+               $hdr->add('From', $newFrom->format);

+           } else {

+               $hdr->add('From',"$self->{'admin'}{'anonymous_sender'}");

+           }

+       } else {

+           $hdr->add('From',"$self->{'admin'}{'anonymous_sender'}");

+       }

+       $hdr->add('X-OriginallyFrom',"$originalFrom"); ## Erik hack to make not-really anonymous

        my $new_id = "$self->{'name'}.$sequence\@anonymous";

        $hdr->add('Message-id',"<$new_id>");

On 2014-04-07 23:24, Steve Shipway wrote:

Sorry, by ‘we’ I meant my site (University of Auckland).  I am not affiliated with the Sympa project other than as having submitted a few patches for consideration.  Apologies if any confusion there.

 

To strip incoming DKIM headers, use something like:

 

remove_headers DKIM-Signature

 

in the list configuration.  This is a comma separated list; this example strips the DKIM header. 

 

If your sender is using SIDF with a badly designed record, or the recipient has a bad SIDF checking implementation,  then the From line gets checked against SPF and fails, though the PRA checks Should use the Sender header (which identifies Sympa) instead of the From line.  In this case you’d need to set the list to anonymise the sender by replacing the From line.

 

Steve

 

Steve Shipway

address@concealed

 

From: address@concealed [mailto:address@concealed] On Behalf Of Erik Olson
Sent: Monday, 7 April 2014 8:36 p.m.
To: address@concealed
Subject: Re: [sympa-users] problems with DMARC?

 

When you say "we", do you mean sympa as a whole, or your site's implementation details?

From what I have read thus far this evening, if the "From:" line is not mangled to remove the original sender "address@concealed", this will cause the reject, because the recipient will check the DMARC records against the From: line.

  - Erik

On 2014-04-07 07:45, Steve Shipway wrote:

If a message has a DMARC header, but is relayed via your list which will change the message, you'll get an invalid DMARC signature and some sites will therefore reject it.

What we do is to strip any incoming DMARC and DKIM headers from messages going to lists using the remove headers option in Sympa.  Then, we add our own DKIM signatures on the way out.

Steve

 

Steve Shipway

University of Auckland ITS

UNIX Systems Design Lead

address@concealed

Ph: +64 9 373 7599 ext 86487

 

---

 

--
Erik Olson
Proudly joining 21st Century e-mail in 2013

--
Erik Olson
Proudly joining 21st Century e-mail in 2013