The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

Version 2 of the patch I posted yesterday for Sympa DMARC compliance.

 

This is an improved version of the patch for List.pm in Sympa 6.1.x.  In addition to the functions of the previous, it allows selection of the format for the new From header, and an improved automatic mode (dmarc_reject) that uses DNS lookups.  It also correctly uses the is_in_list() Sympa utility function which is more reliable.  The old ‘auto’ mode is renamed ‘dkim’ which is a more accurate description of the test.

 

This patch adds support to Sympa to handle DMARC compatibility, particularly for the new Yahoo policy.

 

It adds a new configuration stanza to the DKIM group in list configuration.

In this, you can select one or more cases in which the module will take effect: either by a sender domain regexp match, all messages with DKIM signatures, all messages from a domain with a DMARC policy of ‘reject’, or all messages.

You can also select which format is used for the new From name – sender name, sender name with email address, or sender name with list name.

 

With this patch, you can make your Sympa conformant with the suggested changes in the blogs posted earlier

https://wordtothewise.com/2014/04/dealing-dmarc-mail-intermediaries/

http://www.dmarc.org/supplemental/mailman-project-mlm-dmarc-reqs.html

… and you can make your choice in which domain’s senders are affected by it.  I’d suggest using the ‘dmarc_reject’ option if you have low volume, or the ‘domain:yahoo.com’ if you have high volume.

 

When activated, it will

-          Change the From header

-          Add a Reply-To header with the original sender, if one is not already present

-          Strip any DKIM signatures

 

Default operation of this patch is to do nothing; default ‘Friendly name’ format is to siply preserve the previous friendly name and not reveal email address.  The default email address to use for the replacement From is the list email address.

 

If you want to use the dmarc_reject mode, which checks the DMARC policy for the sender domain, then this requires the Net::DNS Perl module to be installed.

 

We have this running on our Dev/Test system here but not yet in Production.  Tests so far indicate it works as expected for @yahoo.com addresses, but YMMV.

 

Feedback welcome and encouraged.

 

Steve

 

Steve Shipway

University of Auckland

UNIX Systems Design Team Lead

address@concealed

+64 (9) 3737 599 ext 86487

 

Attachment: dmarc.patch.2
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature