The mailing list for listmasters using Sympa

[Erik Olson <address@concealed>]

This is effectively what I ended up doing for our list:  I patched anonymous mode to rewrite the sender as "Original Sender via Mailinglist <address@concealed>".  I also stashed the original From: in the completely-made-up header "X-OriginallyFrom: Original Sender <address@concealed>".  I also took Steve's suggestion of removing the DKIM and DomainKeys signature headers (and I now have my domain DKIM'ing all outgoing e-mail just for good measure).

The only thing tricky is that I configure the anonymous_sender for each list like this [" via Mailinglist" <address@concealed>] (stuff between square brackets is what I input into the form.

It's actually had a perverse silver lining, because for years people have been having trouble e-mailing folks off-list.  The procedure has been so wildly different for each mail client... one product required "reply to all" + cutting out the non-relevant ones, one was "reply to sender", and some just wouldn't allow it at all.  So now, I can safely say that to reply to someone off-list, the ONLY way that works, for all e-mail clients, is to forward the e-mail and paste in the off-list address.

Talking with security guys at work, the idea of "X-Original-Authentication-Results" being used to allow the From: to continue to impersonate makes no sense whatsoever, because any  spammer could use that trick just as easily. 

I'd love to hear if there's any plans by the sympa devs to put something more formal in a later release, but I'm happy with my patch for now.

I posted a patch for anonymous_mode earlier this week, but here's the updated version I'm running now.  The original didn't parse e-mails without personal names properly.  Also, this requires the package Email::AddressParser

-----------------------------------begin patch----------------------------------------------
diff -u /home/erik/Drivers/Linux/sympa-6.1.19/src/lib/List.pm .
--- /home/erik/Drivers/Linux/sympa-6.1.19/src/lib/List.pm       2014-02-04 02:40:40.000000000 -0800
+++ ./List.pm   2014-04-08 13:47:02.397269540 -0700
@@ -43,6 +43,8 @@
 use Sympa::Constants;
 use tools;

+use Email::AddressParser; ## Added by Erik
+
 our @ISA = qw(Exporter);
 our @EXPORT = qw(%list_of_lists);

@@ -2753,11 +2755,34 @@
     ## Hide the sender if the list is anonymoused
     if ( $self->{'admin'}{'anonymous_sender'} ) {

+       ## New code hacked in by Erik
+       my $originalFrom = $hdr->get('From');
+       my @addresses = Email::AddressParser->parse($originalFrom);
+
        foreach my $field (@{$Conf::Conf{'anonymous_header_fields'}}) {
            $hdr->delete($field);
        }
-
-       $hdr->add('From',"$self->{'admin'}{'anonymous_sender'}");
+
+       my @anonFrom = Email::AddressParser->parse($self->{'admin'}{'anonymous_sender'});
+       if (0+@anonFrom) {
+           my $newPhrase = 'Anonymous';
+           if (0+@addresses) {
+               ## Grab the personal name from the original from and tack it on to the beginning of the 'anon' from
+               if ($addresses[0]->phrase) {
+                   $newPhrase = $addresses[0]->phrase . $anonFrom[0]->phrase;
+                } else {
+                   my $atidx = index($addresses[0]->address, '@');
+                   $newPhrase = substr($addresses[0]->address, 0, $atidx) . $anonFrom[0]->phrase;
+               }
+           }
+           my $oldAddr = $anonFrom[0]->address;
+           my $newFrom = Email::AddressParser->new($newPhrase, $oldAddr);
+           $hdr->add('From', $newFrom->format);
+       } else {
+           $hdr->add('From',"$self->{'admin'}{'anonymous_sender'}");
+       }
+
+       $hdr->add('X-OriginallyFrom',"$originalFrom"); ## Erik hack to make not-really anonymous
        my $new_id = "$self->{'name'}.$sequence\@anonymous";
        $hdr->add('Message-id',"<$new_id>");

@@ -6220,7 +6245,7 @@
     $sql_regexp = $data->{'sql_regexp'};
     my $fh;

-    &do_log('debug2', 'List::get_first_admin_user(%s,%s,%s,%d,%d)', $self->{'name'},$role, $sortby, $offset, $rows);
+    ## &do_log('debug2', 'List::get_first_admin_user(%s,%s,%s,%d,%d)', $self->{'name'},$role, $sortby, $offset, $rows);

     my $lock = new Lock ($self->{'dir'}.'/include_admin_user');
     unless (defined $lock) {
--------------------------------------------------------end patch-----------------------------------------


On 2014-04-11 03:55, Steve Shipway wrote:

I'm not sure what possible workarounds there really are.

You cannot just strip the DKIM signature (as Yahoo.com's DMARC record states
the DKIM must be present and correct).

Leaving the Subject, From and Reply-To unmodified does not work, since Yahoo
make their DKIM signature also apply to the Receive headers.  Passing
through your system will always add some of these rendering the signature
invalid.

Stripping the signature AND anonymising the From header works (at least,
where I've tried it here), but this of course removes the identity of the
sender.  This functionality is already present in Sympa (add the
remove-headers and anonymous options to your list) but is not really
desirable.

I cannot see any way to allow the From header to remain unchanged as an
@yahoo.com address, but for the message to still pass DMARC.

One possibility might be to add a new anonymising mode, where the From
address is replaced, but the original is preserved as the Full Name.  EG:

From: Steve Shipway <address@concealed>

...can be rewritten as...

From: "Steve Shipway <address@concealed>" <address@concealed>

This might be a vaguely acceptable solution.  It would require a little work
in Sympa though to add the new option to the system, possibly as a suboption
to anonymous_sender, so only modifying List.pm.  I'll take a look and see if
I can make a suggested patch.

Steve 


Steve Shipway
address@concealed

--
Erik Olson
Proudly joining 21st Century e-mail in 2013