[sf-lug] REQUEST FOR HELP: Fwd: Mail delivery failed: returning message to sender

Rick Moen rick at linuxmafia.com
Tue Apr 28 14:12:26 PDT 2020 

Quoting Jim Stockford (jim at well.com):

> you are mistaken. I did not ask Ian
> for advice, he volunteered it.

OK, I stand corrected.  Also, as I said the other day, I appreciate
Ian's time and effort.  (Although, to be picky:  Really?  Trusting some
third-party Web CGI's word for it that linuxmafia.com's DNS wasn't
publishing a DMARC record, instead of just issuing a simple and obvious
'dig' query that would reveal that there was indeed such a record, just
one that was deliberately a statement of pointed non-confidence in DMARC
and that explained why this was so?)

Meanwhile, since you've been supposedly the listadmin for fifteen years,
it would be good if you learn a little about how to do that.  Maybe 
I'm missing something, but I've yet to see you figuring out 
Mailman or learning anything about modern SMTP operations.
All I see is tasking others.  I don't know about you, but I'm overloaded
with things I need to take care of, and I really didn't need to spend a
lot of time going over the Yahoo-caused DMARC problem, especially when I
have low confidence that you even paid attention. 


Also, since I figure you now owe me for chewing up a bunch more of my
time:  What the heck happened in 2005 to SF-LUG's mailing list server?
What was the nature of the failure, and how did it cause 100% loss of
the mailing list archive and membership roster?

I've asked this a number of times, and I don't think it appropriate for
you to keep ignoring the question, given that I pulled your ass out of
the fire and have been filling in for fifteen years.





 I
> forwarded his email to both you and
> Michael and not to the list, figuring
> you would know what to do.
> 
> On 4/28/20 12:51 AM, Rick Moen wrote:
> >[Dropping Ian Sidle <ian at iansidle.com> from CC.]
> >
> >>According to the help article, it looks like it is asking for for
> >>these four things
> >[...]
> >
> >Jim, I wish to point out, after all of that additional run-around,
> >the problem remains and will continue to do so -- for _the very reason_
> >I already explained to you around 2pm today.
> >
> >
> >The problem, to restate, is that Yahoo's SMTP sending domains implement
> >an overly aggressive DMARC policy that is mailing-list hostile.  This
> >is a known, even notorious, problem.  Yahoo broke mailing list because,
> >when they forward mail from yahoo.com (or yahoo.co.in, etc.) subscribers
> >through the mailing lists to subscriber sites that check DMARC
> >validation (specifically because the DKIM crypto checksum no longer
> >checks out), the retransmitted mail fails DKIM (if the receiving sites
> >check and honour published DKIM/DMARC policies).  Period.  Both Mailman
> >and every other mailing list manager package have had to adopt kludge
> >workarounds to try to mitigate this problem that Yahoo created, e.g.,
> >the one selectable in _recent_ Mailman versions that munges the From:
> >header on mail from domains with aggressive DMARC policies.
> >
> >I told you that I cannot implement that kludge with my current, rather
> >lagging version of Mailman.  The ugly workaround isn't there.  It's
> >offered only in very recent versions.
> >
> >I said to you that _this_ is the fundamental reason postings from
> >yahoo.com (etc.)-based subscribers raise the bounce scores of
> >subscribers whose domains check & enforce DMARC (as does, for example,
> >GMail).  Their DMARC policy claims that yahoo.com mail reflected through
> >a mailing list should then be rejected as a forgery (because the DKIM
> >signature no longer validates).
> >
> >Yet, you then went and asked Ian Sidle, anyway.  Because why?  Because
> >you decided I didn't know what I was talking about?
> >
> >
> >
> >I didn't get around to covering this bit.  Question of probable
> >interest:  What caused about a dozen sf-lug at linuxmafia.com subscribers
> >to all get their subscription delivery disabled all at once?
> >
> >Answer:  The record suggests the triggering event was this posting on
> >Sunday at 3:51pm from subscriber jstrazza at yahoo.com :
> >http://linuxmafia.com/pipermail/sf-lug/2020q2/014734.html
> >(John, you didn't do anything wrong, and are basically yet another
> >victim of Yahoo's malfeasance.)
> >
> >Soon after Mailman processed and sent out retransmitted copies of that
> >posting to the 272 subscribers, all of the receiving sites that check &
> >enforced DKIM/DMARC SMTP error code 55x-rejected the retransmitted
> >subscriber copies on grounds of (alleged) SMTP forgery.  Each 55x
> >rejection got logged at linuxmafia.com and reported by the SMTP software
> >to Mailman -- which incremented the intended recipient's bounce score by
> >1.0.
> >
> >Mailman is configured to disable a subscriber's delivery if bounce score
> >reaches 5.0.  Any time 7 days pass without a bounce, Mailman resets the
> >subscriber's bounce score to zero.  Once delivery has been disabled,
> >Mailman tries to get the subscriber's attention about this situation
> >three times, once a week, saying please visit [URL] if you wish to
> >re-enable delivery.  After three weeks, if that doesn't get fixed or the
> >listadmin hasn't intervened, the member gets unsubcribed.  (All of these
> >numbers are adjustable by the listadmin.)
> >
> >
> >So, long story short, at the time John sent his message on Sunday
> >afternoon, about a dozen members already had cumulative 4.0 bounce
> >scores, probably on account of ISP rejection of prior postings from
> >subscribers at domains with overly aggressive DMARC policies.  John's
> >posting tipped them over the 5.0 threshold.  The next time Mailman ran
> >its cron jobs, it noticed and sent us listadmins about a dozen 'this
> >subscriber's delivery has been disabled because of excess bounces'
> >notices.
> >
> >
> >I don't mind explaining, but:
> >
> >(1) You've supposedly been the sf-lug at linuxmafia.com listadmin since
> >2005.  That's, y'know, a decade and a half, right?  So, how come you
> >haven't yet studied, well, pretty much any bit of that?
> >
> >(2) Given that I told you at about 2pm today what the problem was, would
> >it have hurt you to _listen_, and not utterly disregard what I said and
> >try to ask some third-party sysadmin, apparently because you decided to
> >ignore what I said?
> >
> >
> >
> >_______________________________________________
> >sf-lug mailing list
> >sf-lug at linuxmafia.com
> >http://linuxmafia.com/mailman/listinfo/sf-lug
> >SF-LUG is at http://www.sf-lug.org/
> 

> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/

More information about the sf-lug mailing list