Skip to Content.
Sympa Menu

en - Re: [sympa-users] Patch for Sympa to avoid Yahoo DMARC issues

Subject: The mailing list for listmasters using Sympa

List archive

Chronological Thread  
  • From: Steve Shipway <address@concealed>
  • To: "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] Patch for Sympa to avoid Yahoo DMARC issues
  • Date: Tue, 15 Apr 2014 01:30:51 +0000

Version 2 of the patch I posted yesterday for Sympa DMARC compliance.


This is an improved version of the patch for in Sympa 6.1.x.  In addition to the functions of the previous, it allows selection of the format for the new From header, and an improved automatic mode (dmarc_reject) that uses DNS lookups.  It also correctly uses the is_in_list() Sympa utility function which is more reliable.  The old ‘auto’ mode is renamed ‘dkim’ which is a more accurate description of the test.


This patch adds support to Sympa to handle DMARC compatibility, particularly for the new Yahoo policy.


It adds a new configuration stanza to the DKIM group in list configuration.

In this, you can select one or more cases in which the module will take effect: either by a sender domain regexp match, all messages with DKIM signatures, all messages from a domain with a DMARC policy of ‘reject’, or all messages.

You can also select which format is used for the new From name – sender name, sender name with email address, or sender name with list name.


With this patch, you can make your Sympa conformant with the suggested changes in the blogs posted earlier

… and you can make your choice in which domain’s senders are affected by it.  I’d suggest using the ‘dmarc_reject’ option if you have low volume, or the ‘’ if you have high volume.


When activated, it will

-          Change the From header

-          Add a Reply-To header with the original sender, if one is not already present

-          Strip any DKIM signatures


Default operation of this patch is to do nothing; default ‘Friendly name’ format is to siply preserve the previous friendly name and not reveal email address.  The default email address to use for the replacement From is the list email address.


If you want to use the dmarc_reject mode, which checks the DMARC policy for the sender domain, then this requires the Net::DNS Perl module to be installed.


We have this running on our Dev/Test system here but not yet in Production.  Tests so far indicate it works as expected for addresses, but YMMV.


Feedback welcome and encouraged.




Steve Shipway

University of Auckland

UNIX Systems Design Team Lead


+64 (9) 3737 599 ext 86487


Attachment: dmarc.patch.2
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Archive powered by MHonArc 2.6.19+.

Top of Page