The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

I attach (yet another) patch for Sympa 6.1.19 for your consideration that addresses the recent Yahoo DMARC issues.  This modifies the List.pm file to munge the From header in certain circumstances as discussed in this list last week.  It should work against most 6.1.x branch versions; I’ve not tried it with 6.2.x.

 

The patch adds a new configuration option set under the DKIM group, called ‘DMARC Protection’.  This has three configurable parameters;  a Mode, a Domain regexp; and an email address.

 

The Protection Mode allows you to select which emails are to be munged.  You can select all, none, by domain regexp, and/or ‘auto’.  ‘Auto’ is any message with an existing DKIM signature in the header.  This allows you to specify that only @yahoo.com emails are munged, or these plus any pre-signed message, and so on.

 

The Domain regexp allows you to match against the email From address.

 

The New Address allows you to specify the address used for the replacement.  This is very much like normal anonymisation and defaults to the list address.

 

When activated, the code will replace the From header with  ‘“original sender (original email)” <new email>’ so that the remote DKIM checks do not fail.  It will also strip any DKIM-Signature header (moving it to X-Original-DKIM-Signature), set up a Reply-To header with the original From address (though this may later be replaced according to your Reply-to list settings), and add an X-Original-From header.

 

This works independently of any list anonymisation, so you can have both at once (though it would be a bit pointless).  I felt it better to separate this into a new stanza so as not to affect any existing anonymisation options.  Possibly another option could be added to the same group to give choices on how the new From header phrase is constructed; however I didn’t have time for this.

 

I have tested this in both domain and auto modes, from local and from Yahoo.com and can confirm that it works as expected and allows Yahoo.com people to use a list without changing the experience of non-yahoo people (if run in Domain mode against yahoo.com only).

 

In light of the recent Yahoo.com situation, possibly the Sympa team would like to consider adding this functionality to the next release?

 

All comments and feedback welcome

 

Steve

 

Steve Shipway

University of Auckland

UNIX Systems Design Team Lead

address@concealed

+64 (9) 3737 599 ext 86487

 

Attachment: dmarc.patch
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature