<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace"><div class="gmail_default" style="font-family:monospace,monospace">[Bcc: Al]<br></div><div class="gmail_default" style="font-family:monospace,monospace">This is consequence of quite known issue with how DMARC breaks</div><div class="gmail_default" style="font-family:monospace,monospace">mailing lists, and the older version of Mailman 2 on <a href="http://linuxmafia.com">linuxmafia.com</a></div><div class="gmail_default" style="font-family:monospace,monospace">and its lack of availability of workarounds for that.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">Oh, ... reminds me ... a possibly ugly kludge of a workaround for such recipients,</div><div class="gmail_default" style="font-family:monospace,monospace">is if they are or set themselves to digest mode.<br></div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">It's already been discussed quite a bit on the SF-LUG <<a href="mailto:sf-lug@linuxmafia.com">sf-lug@linuxmafia.com</a>> list.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">I was thinking of mentioning it again anyway, as I and many don't</div><div class="gmail_default" style="font-family:monospace,monospace">receive emails from many list members due to this. Of course it also</div><div class="gmail_default" style="font-family:monospace,monospace">causes issues that are quite the annoyance for the list admins too,</div><div class="gmail_default" style="font-family:monospace,monospace">as this is repeated (at least indirect) complaint of list members -</div><div class="gmail_default" style="font-family:monospace,monospace">not receiving emails, not having their posts delivered to many list members,</div><div class="gmail_default" style="font-family:monospace,monospace">possibly getting unsubscribed from excessive bounces, etc.<br></div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">Thus far the longer term plan is to do the upgrades such that</div><div class="gmail_default" style="font-family:monospace,monospace"><a href="http://linuxmafia.com">linuxmafia.com</a> will be able to (natively from Debian) install</div><div class="gmail_default" style="font-family:monospace,monospace">"new" enough version of Mailman 2 that has those DMARC workarounds available.</div><div class="gmail_default" style="font-family:monospace,monospace">And that version of Debian will also support Mailman 3,</div><div class="gmail_default" style="font-family:monospace,monospace">so it could also be transitioned to Mailman 3, and/or</div><div class="gmail_default" style="font-family:monospace,monospace">other listserver software.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">And I've already thoroughly tested the (fairly long and complex) set of</div><div class="gmail_default" style="font-family:monospace,monospace">upgrade procedures to get <a href="http://linuxmafia.com">linuxmafia.com</a> to that point (tested on another</div><div class="gmail_default" style="font-family:monospace,monospace">VM - initialized as an exact clone of <a href="http://linuxmafia.com">linuxmafia.com</a>, and then proceeding</div><div class="gmail_default" style="font-family:monospace,monospace">from there). It's waiting on a few resources to get that done:</div><div class="gmail_default" style="font-family:monospace,monospace">o my time :-) (I can generally at least wiggle it in - but will take fair chunk</div><div class="gmail_default" style="font-family:monospace,monospace"> of total time)</div><div class="gmail_default" style="font-family:monospace,monospace">o Rick's final "go for it" (I probably also want to get sufficient set of regression</div><div class="gmail_default" style="font-family:monospace,monospace"> checks out of Rick, so I can step-wise do the testing so if anything starts to</div><div class="gmail_default" style="font-family:monospace,monospace"> go sideways, even a bit, should be able to catch and correct in quite short order,</div><div class="gmail_default" style="font-family:monospace,monospace"> and also be better assured all the needed was successfully completed - but thus far</div><div class="gmail_default" style="font-family:monospace,monospace"> all tests on the upgraded VM have looked fine - but need a more full set of tests)</div><div class="gmail_default" style="font-family:monospace,monospace">o storage space - need more storage space for the VM and related data, etc. At present</div><div class="gmail_default" style="font-family:monospace,monospace"> is rather a squeeze, and might be hazardous to attempt such upgrade at present (most</div><div class="gmail_default" style="font-family:monospace,monospace"> notably not much space for backups/snapshots or the like). And yes, there's also</div><div class="gmail_default" style="font-family:monospace,monospace"> a plan to address that (Rick and I are working on it - but don't expect that to be</div><div class="gmail_default" style="font-family:monospace,monospace"> fully taken care of all that soon ... but hopefully between now and February or</div><div class="gmail_default" style="font-family:monospace,monospace"> so, we'll have that all squared away, and that will no longer be a blocker ...</div><div class="gmail_default" style="font-family:monospace,monospace"> and would also have likely side effect of correcting an intermittent storage issue</div><div class="gmail_default" style="font-family:monospace,monospace"> on the physical host machine).</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">I'd also, much earlier, offered to SF-LUG, if they wanted me to host list on the BALUG VM,</div><div class="gmail_default" style="font-family:monospace,monospace">and could there do so under <a href="http://sf-lug.org">sf-lug.org</a> domain (would probably do <a href="mailto:sf-lug@lists.sf-lug.org">sf-lug@lists.sf-lug.org</a>),</div><div class="gmail_default" style="font-family:monospace,monospace">I could well do that (and would now be on Mailman 3 rather than Mailman 2), but at least</div><div class="gmail_default" style="font-family:monospace,monospace">last time around that was rejected by plurality that bothered to "vote" (express opinion</div><div class="gmail_default" style="font-family:monospace,monospace">on the matter), though relatively few expressed so much as opinion one way or the other.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">And unfortunately, some years back, <a href="http://berkeley.edu">berkeley.edu</a> outsourced</div><div class="gmail_default" style="font-family:monospace,monospace">(most?) all their email (at least that domain, and most if not all</div><div class="gmail_default" style="font-family:monospace,monospace">subdomains thereof) to Google's Gmail, so ... they don't have nearly</div><div class="gmail_default" style="font-family:monospace,monospace">the control over it that they used to ... though presumably they do</div><div class="gmail_default" style="font-family:monospace,monospace">at least still control DNS (though alas, they also lost control of DNS</div><div class="gmail_default" style="font-family:monospace,monospace">for <a href="http://berkeley.ca.us">berkeley.ca.us</a>. - but that's yet another story).</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">So, yes, DNS and SMTP mail server configurations and behavior</div><div class="gmail_default" style="font-family:monospace,monospace">matter. But alas, DMARC, etc. is problematic with lists, and</div><div class="gmail_default" style="font-family:monospace,monospace">in many/most cases where DMARC has been implemented, that will</div><div class="gmail_default" style="font-family:monospace,monospace">typically fail (be outright rejected) or land in "Spam" or "Junk"</div><div class="gmail_default" style="font-family:monospace,monospace">or the like (quarantined), rather land in the "inbox" for many/most</div><div class="gmail_default" style="font-family:monospace,monospace">recipients. If you compare that to where workaround have been implemented,</div><div class="gmail_default" style="font-family:monospace,monospace">e.g. the BALUG lists, you'll find similar has generally much better delivery</div><div class="gmail_default" style="font-family:monospace,monospace">around DMARC, as it uses DMARC work-arounds, and has for quite a long time.</div><div class="gmail_default" style="font-family:monospace,monospace">See, e.g.:</div><div class="gmail_default" style="font-family:monospace,monospace"><a href="https://lists.balug.org/mailman3/hyperkitty/search?q=BALUG%3A+Lists%2C+stats%2C+etc.&page=1&mlist=balug-admin%40lists.balug.org&sort=date-desc">https://lists.balug.org/mailman3/hyperkitty/search?q=BALUG%3A+Lists%2C+stats%2C+etc.&page=1&mlist=balug-admin%40lists.balug.org&sort=date-desc</a></div><div class="gmail_default" style="font-family:monospace,monospace">And note also headers do get rewritten for those with DMARC where</div><div class="gmail_default" style="font-family:monospace,monospace">it would otherwise likely fail, e.g., changes from:</div><div class="gmail_default" style="font-family:monospace,monospace">From: Michael Paoli <<a href="mailto:Michael.Paoli@berkeley.edu">Michael.Paoli@berkeley.edu</a>></div><div class="gmail_default" style="font-family:monospace,monospace">to:</div><div class="gmail_default" style="font-family:monospace,monospace">From: Michael Paoli via BALUG-Admin <<a href="mailto:balug-admin@lists.balug.org">balug-admin@lists.balug.org</a>></div><div class="gmail_default" style="font-family:monospace,monospace">Reply-To: Michael Paoli <<a href="mailto:Michael.Paoli@berkeley.edu">Michael.Paoli@berkeley.edu</a>></div><div class="gmail_default" style="font-family:monospace,monospace">Can also test it out on test lists, if one wants to see</div><div class="gmail_default" style="font-family:monospace,monospace">the various behaviors:</div><div class="gmail_default" style="font-family:monospace,monospace"><a href="http://linuxmafia.com/mailman/listinfo/test">http://linuxmafia.com/mailman/listinfo/test</a></div><div class="gmail_default" style="font-family:monospace,monospace"><a href="https://lists.balug.org/mailman3/postorius/lists/balug-test.lists.balug.org/">https://lists.balug.org/mailman3/postorius/lists/balug-test.lists.balug.org/</a></div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">references/excerpts:</div><div class="gmail_default" style="font-family:monospace,monospace">mboxgrep(1)</div><div class="gmail_default" style="font-family:monospace,monospace">grep(1)</div><div class="gmail_default" style="font-family:monospace,monospace">sed(1)<br></div><div class="gmail_default" style="font-family:monospace,monospace">Rick on DMARC/DKIM & related mailman, etc.:</div><div class="gmail_default" style="font-family:monospace,monospace"><a href="http://linuxmafia.com/pipermail/sf-lug/2024q1/015984.html">http://linuxmafia.com/pipermail/sf-lug/2024q1/015984.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2022q2/015594.html">http://linuxmafia.com/pipermail/sf-lug/2022q2/015594.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2021q3/015357.html">http://linuxmafia.com/pipermail/sf-lug/2021q3/015357.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2021q2/015279.html">http://linuxmafia.com/pipermail/sf-lug/2021q2/015279.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2021q2/015247.html">http://linuxmafia.com/pipermail/sf-lug/2021q2/015247.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2020q3/015010.html">http://linuxmafia.com/pipermail/sf-lug/2020q3/015010.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2020q3/014927.html">http://linuxmafia.com/pipermail/sf-lug/2020q3/014927.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2020q2/014752.html">http://linuxmafia.com/pipermail/sf-lug/2020q2/014752.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2020q2/014747.html">http://linuxmafia.com/pipermail/sf-lug/2020q2/014747.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2020q2/014741.html">http://linuxmafia.com/pipermail/sf-lug/2020q2/014741.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2020q2/014736.html">http://linuxmafia.com/pipermail/sf-lug/2020q2/014736.html</a></div><div class="gmail_default" style="font-family:monospace,monospace">migrate SF-LUG list to BALUG VM?:</div><div class="gmail_default" style="font-family:monospace,monospace"><a href="http://linuxmafia.com/pipermail/sf-lug/2021q2/015298.html">http://linuxmafia.com/pipermail/sf-lug/2021q2/015298.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2021q2/015247.html">http://linuxmafia.com/pipermail/sf-lug/2021q2/015247.html</a><br><a href="http://linuxmafia.com/pipermail/sf-lug/2021q2/015246.html">http://linuxmafia.com/pipermail/sf-lug/2021q2/015246.html</a></div></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sun, Dec 1, 2024 at 8:45 AM Al wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
sorry, wasn't thinking, Berkeley doesn't default to MX, it has the
usual long but flat list, no reference to sublists:<br>
;; ANSWER SECTION:<br>
_<a href="http://spf.berkeley.edu" target="_blank">spf.berkeley.edu</a>. 10800 IN TXT "v=spf1
ip4:<a href="http://169.229.218.128/25" target="_blank">169.229.218.128/25</a> ip4:192.31.161.27 ip4:<a href="http://169.229.54.192/26" target="_blank">169.229.54.192/26</a>
ip6:2607:f140:0:1000::/64 ip4:<a href="http://96.46.132.200/29" target="_blank">96.46.132.200/29</a> ip4:199.188.157.80 "
" ip4:199.59.200.201 ip4:169.229.200.131 ip4:104.45.175.206
ip4:52.224.142.128 ip4:169.229.159.67 ip4:<a href="http://208.75.120.0/22" target="_blank">208.75.120.0/22</a>
ip4:<a href="http://205.207.104.0/22" target="_blank">205.207.104.0/22</a> ip4:34.236.72.193 ip6:2607:f140:1:12::131 ~all"<br>
<br>
<br>
<div>On 12/1/2024 08:33, Al wrote:<br>
</div>
<blockquote type="cite">
I'm sure by now you've seen the approx. 30 reject messages
detected at <a href="http://linuxmafia.com" target="_blank">linuxmafia.com</a> for the stats distribution.<br>
big "mailing list / dmarc" s**t show with <a href="http://berkeley.edu" target="_blank">berkeley.edu</a><br>
<div><br>
seems like the usual, though I don't track the berkeley dmarc
records. currently though it screams 'reject' and IIRC the
default is MX records but I'll have to<br>
go refresh my memory on that.<br>
<br>
;; ANSWER SECTION:<br>
_<a href="http://dmarc.berkeley.edu" target="_blank">dmarc.berkeley.edu</a>. 10800 IN TXT "v=DMARC1;
p=reject; pct=100; rua=<a href="mailto:dmarcrpt@berkeley.edu" target="_blank">mailto:dmarcrpt@berkeley.edu</a>;
ruf=<a href="mailto:dmarcrpt@berkeley.edu" target="_blank">mailto:dmarcrpt@berkeley.edu</a>"<br>
<br>
is it time to suffer through rewriting the "From:" header to
something like: OriginalSender <a href="mailto:sflug.org@linuxmafia.com" target="_blank"><sflug.org@linuxmafia.com></a><br>
and work with some combination of
Reply-To:/Sender:/X-Original-From: ?<br>
<br>
I wonder if someone less knowledgeable changed Berkeley's
records recently?<br>
I see the record at UCSF seems to reflect more experience if
still a bit stringent. It includes subdomains and uses
<a href="http://proofpoint.com" target="_blank">proofpoint.com</a> to handle reports.<br>
Still, it also rejects everything and defaults to MX.<br>
<br>
-------- Forwarded Message --------
<table cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Subject:
</th>
<td>Bounce action notification</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Date:
</th>
<td>Sun, 01 Dec 2024 06:45:36 -0800</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">From:
</th>
<td><a href="mailto:mailman@linuxmafia.com" target="_blank">mailman@linuxmafia.com</a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">To: </th>
<td><a href="mailto:sf-lug-owner@linuxmafia.com" target="_blank">sf-lug-owner@linuxmafia.com</a></td>
</tr>
</tbody>
</table>
<br>
<br>
This is a Mailman mailing list bounce action notice:<br>
<br>
List: sf-lug<br>
Member: @<a href="http://yahoo.com">yahoo.com</a><br>
Action: Subscription disabled.<br>
Reason: Excessive or fatal bounces.<br>
<br>
<br>
The triggering bounce notice is attached below.<br>
<br>
Questions? Contact the Mailman site administrator at<br>
<a href="mailto:mailman@linuxmafia.com" target="_blank">mailman@linuxmafia.com</a>.<br>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote></div></div>