[sf-lug] REQUEST FOR HELP: Fwd: Mail delivery failed: returning message to sender
Rick Moen
rick at linuxmafia.com
Tue Apr 28 00:51:28 PDT 2020
[Dropping Ian Sidle <ian at iansidle.com> from CC.]
> According to the help article, it looks like it is asking for for
> these four things
[...]
Jim, I wish to point out, after all of that additional run-around,
the problem remains and will continue to do so -- for _the very reason_
I already explained to you around 2pm today.
The problem, to restate, is that Yahoo's SMTP sending domains implement
an overly aggressive DMARC policy that is mailing-list hostile. This
is a known, even notorious, problem. Yahoo broke mailing list because,
when they forward mail from yahoo.com (or yahoo.co.in, etc.) subscribers
through the mailing lists to subscriber sites that check DMARC
validation (specifically because the DKIM crypto checksum no longer
checks out), the retransmitted mail fails DKIM (if the receiving sites
check and honour published DKIM/DMARC policies). Period. Both Mailman
and every other mailing list manager package have had to adopt kludge
workarounds to try to mitigate this problem that Yahoo created, e.g.,
the one selectable in _recent_ Mailman versions that munges the From:
header on mail from domains with aggressive DMARC policies.
I told you that I cannot implement that kludge with my current, rather
lagging version of Mailman. The ugly workaround isn't there. It's
offered only in very recent versions.
I said to you that _this_ is the fundamental reason postings from
yahoo.com (etc.)-based subscribers raise the bounce scores of
subscribers whose domains check & enforce DMARC (as does, for example,
GMail). Their DMARC policy claims that yahoo.com mail reflected through
a mailing list should then be rejected as a forgery (because the DKIM
signature no longer validates).
Yet, you then went and asked Ian Sidle, anyway. Because why? Because
you decided I didn't know what I was talking about?
I didn't get around to covering this bit. Question of probable
interest: What caused about a dozen sf-lug at linuxmafia.com subscribers
to all get their subscription delivery disabled all at once?
Answer: The record suggests the triggering event was this posting on
Sunday at 3:51pm from subscriber jstrazza at yahoo.com :
http://linuxmafia.com/pipermail/sf-lug/2020q2/014734.html
(John, you didn't do anything wrong, and are basically yet another
victim of Yahoo's malfeasance.)
Soon after Mailman processed and sent out retransmitted copies of that
posting to the 272 subscribers, all of the receiving sites that check &
enforced DKIM/DMARC SMTP error code 55x-rejected the retransmitted
subscriber copies on grounds of (alleged) SMTP forgery. Each 55x
rejection got logged at linuxmafia.com and reported by the SMTP software
to Mailman -- which incremented the intended recipient's bounce score by
1.0.
Mailman is configured to disable a subscriber's delivery if bounce score
reaches 5.0. Any time 7 days pass without a bounce, Mailman resets the
subscriber's bounce score to zero. Once delivery has been disabled,
Mailman tries to get the subscriber's attention about this situation
three times, once a week, saying please visit [URL] if you wish to
re-enable delivery. After three weeks, if that doesn't get fixed or the
listadmin hasn't intervened, the member gets unsubcribed. (All of these
numbers are adjustable by the listadmin.)
So, long story short, at the time John sent his message on Sunday
afternoon, about a dozen members already had cumulative 4.0 bounce
scores, probably on account of ISP rejection of prior postings from
subscribers at domains with overly aggressive DMARC policies. John's
posting tipped them over the 5.0 threshold. The next time Mailman ran
its cron jobs, it noticed and sent us listadmins about a dozen 'this
subscriber's delivery has been disabled because of excess bounces'
notices.
I don't mind explaining, but:
(1) You've supposedly been the sf-lug at linuxmafia.com listadmin since
2005. That's, y'know, a decade and a half, right? So, how come you
haven't yet studied, well, pretty much any bit of that?
(2) Given that I told you at about 2pm today what the problem was, would
it have hurt you to _listen_, and not utterly disregard what I said and
try to ask some third-party sysadmin, apparently because you decided to
ignore what I said?
More information about the sf-lug
mailing list