[sf-lug] REQUEST FOR HELP: Fwd: Mail delivery failed: returning message to sender
jim
jim at well.com
Tue Apr 28 16:28:43 PDT 2020
sf-lug has had only one mailman list server,
yours. Prior to your offer, we used email
with lots of CCs.
On 4/28/20 2:12 PM, Rick Moen wrote:
> Quoting Jim Stockford (jim at well.com):
>
>> you are mistaken. I did not ask Ian
>> for advice, he volunteered it.
> OK, I stand corrected. Also, as I said the other day, I appreciate
> Ian's time and effort. (Although, to be picky: Really? Trusting some
> third-party Web CGI's word for it that linuxmafia.com's DNS wasn't
> publishing a DMARC record, instead of just issuing a simple and obvious
> 'dig' query that would reveal that there was indeed such a record, just
> one that was deliberately a statement of pointed non-confidence in DMARC
> and that explained why this was so?)
>
> Meanwhile, since you've been supposedly the listadmin for fifteen years,
> it would be good if you learn a little about how to do that. Maybe
> I'm missing something, but I've yet to see you figuring out
> Mailman or learning anything about modern SMTP operations.
> All I see is tasking others. I don't know about you, but I'm overloaded
> with things I need to take care of, and I really didn't need to spend a
> lot of time going over the Yahoo-caused DMARC problem, especially when I
> have low confidence that you even paid attention.
>
>
> Also, since I figure you now owe me for chewing up a bunch more of my
> time: What the heck happened in 2005 to SF-LUG's mailing list server?
> What was the nature of the failure, and how did it cause 100% loss of
> the mailing list archive and membership roster?
>
> I've asked this a number of times, and I don't think it appropriate for
> you to keep ignoring the question, given that I pulled your ass out of
> the fire and have been filling in for fifteen years.
>
>
>
>
>
> I
>> forwarded his email to both you and
>> Michael and not to the list, figuring
>> you would know what to do.
>>
>> On 4/28/20 12:51 AM, Rick Moen wrote:
>>> [Dropping Ian Sidle <ian at iansidle.com> from CC.]
>>>
>>>> According to the help article, it looks like it is asking for for
>>>> these four things
>>> [...]
>>>
>>> Jim, I wish to point out, after all of that additional run-around,
>>> the problem remains and will continue to do so -- for _the very reason_
>>> I already explained to you around 2pm today.
>>>
>>>
>>> The problem, to restate, is that Yahoo's SMTP sending domains implement
>>> an overly aggressive DMARC policy that is mailing-list hostile. This
>>> is a known, even notorious, problem. Yahoo broke mailing list because,
>>> when they forward mail from yahoo.com (or yahoo.co.in, etc.) subscribers
>>> through the mailing lists to subscriber sites that check DMARC
>>> validation (specifically because the DKIM crypto checksum no longer
>>> checks out), the retransmitted mail fails DKIM (if the receiving sites
>>> check and honour published DKIM/DMARC policies). Period. Both Mailman
>>> and every other mailing list manager package have had to adopt kludge
>>> workarounds to try to mitigate this problem that Yahoo created, e.g.,
>>> the one selectable in _recent_ Mailman versions that munges the From:
>>> header on mail from domains with aggressive DMARC policies.
>>>
>>> I told you that I cannot implement that kludge with my current, rather
>>> lagging version of Mailman. The ugly workaround isn't there. It's
>>> offered only in very recent versions.
>>>
>>> I said to you that _this_ is the fundamental reason postings from
>>> yahoo.com (etc.)-based subscribers raise the bounce scores of
>>> subscribers whose domains check & enforce DMARC (as does, for example,
>>> GMail). Their DMARC policy claims that yahoo.com mail reflected through
>>> a mailing list should then be rejected as a forgery (because the DKIM
>>> signature no longer validates).
>>>
>>> Yet, you then went and asked Ian Sidle, anyway. Because why? Because
>>> you decided I didn't know what I was talking about?
>>>
>>>
>>>
>>> I didn't get around to covering this bit. Question of probable
>>> interest: What caused about a dozen sf-lug at linuxmafia.com subscribers
>>> to all get their subscription delivery disabled all at once?
>>>
>>> Answer: The record suggests the triggering event was this posting on
>>> Sunday at 3:51pm from subscriber jstrazza at yahoo.com :
>>> http://linuxmafia.com/pipermail/sf-lug/2020q2/014734.html
>>> (John, you didn't do anything wrong, and are basically yet another
>>> victim of Yahoo's malfeasance.)
>>>
>>> Soon after Mailman processed and sent out retransmitted copies of that
>>> posting to the 272 subscribers, all of the receiving sites that check &
>>> enforced DKIM/DMARC SMTP error code 55x-rejected the retransmitted
>>> subscriber copies on grounds of (alleged) SMTP forgery. Each 55x
>>> rejection got logged at linuxmafia.com and reported by the SMTP software
>>> to Mailman -- which incremented the intended recipient's bounce score by
>>> 1.0.
>>>
>>> Mailman is configured to disable a subscriber's delivery if bounce score
>>> reaches 5.0. Any time 7 days pass without a bounce, Mailman resets the
>>> subscriber's bounce score to zero. Once delivery has been disabled,
>>> Mailman tries to get the subscriber's attention about this situation
>>> three times, once a week, saying please visit [URL] if you wish to
>>> re-enable delivery. After three weeks, if that doesn't get fixed or the
>>> listadmin hasn't intervened, the member gets unsubcribed. (All of these
>>> numbers are adjustable by the listadmin.)
>>>
>>>
>>> So, long story short, at the time John sent his message on Sunday
>>> afternoon, about a dozen members already had cumulative 4.0 bounce
>>> scores, probably on account of ISP rejection of prior postings from
>>> subscribers at domains with overly aggressive DMARC policies. John's
>>> posting tipped them over the 5.0 threshold. The next time Mailman ran
>>> its cron jobs, it noticed and sent us listadmins about a dozen 'this
>>> subscriber's delivery has been disabled because of excess bounces'
>>> notices.
>>>
>>>
>>> I don't mind explaining, but:
>>>
>>> (1) You've supposedly been the sf-lug at linuxmafia.com listadmin since
>>> 2005. That's, y'know, a decade and a half, right? So, how come you
>>> haven't yet studied, well, pretty much any bit of that?
>>>
>>> (2) Given that I told you at about 2pm today what the problem was, would
>>> it have hurt you to _listen_, and not utterly disregard what I said and
>>> try to ask some third-party sysadmin, apparently because you decided to
>>> ignore what I said?
>>>
>>>
>>>
>>> _______________________________________________
>>> sf-lug mailing list
>>> sf-lug at linuxmafia.com
>>> http://linuxmafia.com/mailman/listinfo/sf-lug
>>> SF-LUG is at http://www.sf-lug.org/
>> _______________________________________________
>> sf-lug mailing list
>> sf-lug at linuxmafia.com
>> http://linuxmafia.com/mailman/listinfo/sf-lug
>> SF-LUG is at http://www.sf-lug.org/
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20200428/41d9734f/attachment.html>
More information about the sf-lug
mailing list