[conspire] (forw) Re: [skeptic] (forw) Fwd: {free-for-all}65602 Dune 2 wins major kudos

Local mailing list for the CABAL Linux user group. conspire at linuxmafia.com
Fri Mar 1 14:55:16 PST 2024 

----- Forwarded message from "A mailing list devoted to critical discussion of extraordinary claims." <skeptic at linuxmafia.com> -----

Date: Fri, 1 Mar 2024 14:54:53 -0800
From: "A mailing list devoted to critical discussion of extraordinary claims."
	<skeptic at linuxmafia.com>
To: skeptic at linuxmafia.com
Subject: Re: [skeptic] (forw) Fwd: {free-for-all}65602 Dune 2 wins major
	kudos
Organization: If you lived here, you'd be $HOME already.
Reply-To: skeptic at linuxmafia.com

Quoting A mailing list devoted to critical discussion of extraordinary claims. (skeptic at linuxmafia.com):

[RM: This was Paul W. Harrison.]

> Inadvertent on my part as this co.site action was, I nevertheless
> regret any inconvenience fellow list subscribers may have experienced,
> and trust everything is back to relative normalcy on
> skepticlinuxmafia.com.

Well, I wouldn't call this normal.

I _hope_ this horrific kludge has made the immediate problem go away,
but frankly we'll need a better solution.  I'll find time for that
sometime after the Tuesday primary election (here in California).

It is difficult and risk-prone to upgrade the software on linuxmafia.com
in its present state.  It really needs a from-scratch redesign, but I
cannot immediately spare the time for that, so I'll try to engineer a
way to safely do an upgrade from Mailman 2.1.13 to Mailman 2.1.30:  
More-recent versions of Mailman offer a less-dreadful kludge to sidestep
the DMARC problem.  (That kludge isn't offered in 2.1.13.)

But there's a possibility that co.site's implementation of DMARC in its
DNS is so broken that even the newer-Mailman kludge doesn't suffice.
Let's look again at the DNS:

$ dig -t txt _dmarc.interenglish.co.site +short
"v=spf1 include:spf.titan.email -all"
$ dig -t txt spf.titan.email +short +tcp
"v=spf1 [RM ...]  ip4:209.209.25.0/24 include:relay.mailchannels.net ~all"

I was so tired the other day that I didn't notice that that is 
_not_ a valid DMARC record.  The twinkies who run co.site are trying to
use SPF record syntax _as_ a DMARC record.

That record (the DMARC record in the DNS as
"_dmarc.interenglish.co.site") should be removed from their DNS.  You as
their customer should tell them so.  (They can use the syntax checker at
https://mxtoolbox.com/dmarc.aspx.  I wouldn't ask them to believe me, a 
sysadmin they don't know.)


It _may_ be that deployed checking of DMARC records at major mail
providers will do crazy things based on that invalid DMARC record.  _Or_
they may ignore it and look at the DMARC record for the top-level
domain, co.site :

$ dig -t txt _dmarc.co.site +short
"v=DMARC1\;p=reject\;rua=mailto:dmarc-reports at flock.com,mailto:ae024221b7 at rua.easydmarc.us\;ruf=mailto:dmarc-reports at flock.com,mailto:ae024221b7 at ruf.easydmarc.us\;ri=43200\;aspf=s\;adkim=s\;sp=reject\;fo=1\;"

To parse that, look at this explanation page:
https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3aco.site&run=toolpage

The DMARC record says there's a "reject" policy that mail receivers are 
asked to follow if receiving SMTP servers receive mail purporting to be
from co.site that fails DMARC checking.  And what shall DMARC checking
consist of?  The record declares that it shall consist of strict SPF
alignment compliance _and_ strict DKIM alignment compliance.  I.e., 
co.site is asking the rest of the world to be hard-asses about anything
that purports to be co.site's mail.

So, Paul, if we're lucky, and I'm able to upgrade Mailman in-place to 
2.1.30 to enable DMARC mitigation, we _may_ be able to take
linuxmafia.com's mailing lists out of "anonymous mode" and not have 
your postings to Skeptic get rejected at subscribers' mail providers, 
driving up their bounce scores, and getting their subscriptions
disabled.

If we're not that lucky, then we'll have to figure something out.
It's suspicious that nobody else's posts, on any of linuxmafia.com's
mailing lists, caused this particular DMARC problem, only yours.


Paul, _please_ tell the technical people at co.site that the TXT record 
for "_dmarc.interenglish.co.site" is absolutely _not_ a valid DMARC
record -- and that they can use any online DMARC record checker such 
as https://mxtoolbox.com/dmarc.aspx , inputting "interenglish.co.site"
into the tool as the thing to check.

If nothing else, they really need to fix that.  It's broken.


_______________________________________________
skeptic mailing list
skeptic at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/skeptic
To reach the listadmin, mail rick at linuxmafia.com 

----- End forwarded message -----

More information about the conspire mailing list