[sf-lug] REQUEST FOR HELP: Fwd: Mail delivery failed: returning message to sender

[jim]

you are mistaken. I did not ask Ian
for advice, he volunteered it. I
forwarded his email to both you and
Michael and not to the list, figuring
you would know what to do.

On 4/28/20 12:51 AM, Rick Moen wrote:
> [Dropping Ian Sidle <ian at iansidle.com> from CC.]
>
>> According to the help article, it looks like it is asking for for
>> these four things
> [...]
>
> Jim, I wish to point out, after all of that additional run-around,
> the problem remains and will continue to do so -- for _the very reason_
> I already explained to you around 2pm today.
>
>
> The problem, to restate, is that Yahoo's SMTP sending domains implement
> an overly aggressive DMARC policy that is mailing-list hostile.  This
> is a known, even notorious, problem.  Yahoo broke mailing list because,
> when they forward mail from yahoo.com (or yahoo.co.in, etc.) subscribers
> through the mailing lists to subscriber sites that check DMARC
> validation (specifically because the DKIM crypto checksum no longer
> checks out), the retransmitted mail fails DKIM (if the receiving sites
> check and honour published DKIM/DMARC policies).  Period.  Both Mailman
> and every other mailing list manager package have had to adopt kludge
> workarounds to try to mitigate this problem that Yahoo created, e.g.,
> the one selectable in _recent_ Mailman versions that munges the From:
> header on mail from domains with aggressive DMARC policies.
>
> I told you that I cannot implement that kludge with my current, rather
> lagging version of Mailman.  The ugly workaround isn't there.  It's
> offered only in very recent versions.
>
> I said to you that _this_ is the fundamental reason postings from
> yahoo.com (etc.)-based subscribers raise the bounce scores of
> subscribers whose domains check & enforce DMARC (as does, for example,
> GMail).  Their DMARC policy claims that yahoo.com mail reflected through
> a mailing list should then be rejected as a forgery (because the DKIM
> signature no longer validates).
>
> Yet, you then went and asked Ian Sidle, anyway.  Because why?  Because
> you decided I didn't know what I was talking about?
>
>
>
> I didn't get around to covering this bit.  Question of probable
> interest:  What caused about a dozen sf-lug at linuxmafia.com subscribers
> to all get their subscription delivery disabled all at once?
>
> Answer:  The record suggests the triggering event was this posting on
> Sunday at 3:51pm from subscriber jstrazza at yahoo.com :
> http://linuxmafia.com/pipermail/sf-lug/2020q2/014734.html
> (John, you didn't do anything wrong, and are basically yet another
> victim of Yahoo's malfeasance.)
>
> Soon after Mailman processed and sent out retransmitted copies of that
> posting to the 272 subscribers, all of the receiving sites that check &
> enforced DKIM/DMARC SMTP error code 55x-rejected the retransmitted
> subscriber copies on grounds of (alleged) SMTP forgery.  Each 55x
> rejection got logged at linuxmafia.com and reported by the SMTP software
> to Mailman -- which incremented the intended recipient's bounce score by
> 1.0.
>
> Mailman is configured to disable a subscriber's delivery if bounce score
> reaches 5.0.  Any time 7 days pass without a bounce, Mailman resets the
> subscriber's bounce score to zero.  Once delivery has been disabled,
> Mailman tries to get the subscriber's attention about this situation
> three times, once a week, saying please visit [URL] if you wish to
> re-enable delivery.  After three weeks, if that doesn't get fixed or the
> listadmin hasn't intervened, the member gets unsubcribed.  (All of these
> numbers are adjustable by the listadmin.)
>
>
> So, long story short, at the time John sent his message on Sunday
> afternoon, about a dozen members already had cumulative 4.0 bounce
> scores, probably on account of ISP rejection of prior postings from
> subscribers at domains with overly aggressive DMARC policies.  John's
> posting tipped them over the 5.0 threshold.  The next time Mailman ran
> its cron jobs, it noticed and sent us listadmins about a dozen 'this
> subscriber's delivery has been disabled because of excess bounces'
> notices.
>
>
> I don't mind explaining, but:
>
> (1) You've supposedly been the sf-lug at linuxmafia.com listadmin since
> 2005.  That's, y'know, a decade and a half, right?  So, how come you
> haven't yet studied, well, pretty much any bit of that?
>
> (2) Given that I told you at about 2pm today what the problem was, would
> it have hurt you to _listen_, and not utterly disregard what I said and
> try to ask some third-party sysadmin, apparently because you decided to
> ignore what I said?
>
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20200428/3770a3a3/attachment-0001.html>