Bryan Loniewski writes:
I've been dealing with another issue (and why I upgraded to the latest code) when posting messages to my test list from our schools Office365 infrastructure (OWA). The post gets shunted; mailman.log has the following error:
Bottom line: the reported Authentication-Results (A-R) field has nonconforming syntax. The problem is that the RFC defines a syntax where the authentication service ID is the first thing in the field, and only one is allowed. In the quoted field it occurs twice. There are more syntax errors, but that's the one Mailman flagged.
As far as I know the only part of Mailman that uses A-R is the ARC module. Just disable it and be happy, I think. Like DKIM, DMARC, and friends, this is really an MTA function. If possible you should get your MTA to do the work.
BTW, I'm not sure this is an Office365 problem. It appears that the A-R field was constructed on lists-test.rutgers.edu, which doesn't look like Office365. Is it possible that the Office365 system didn't provide one, and this A-R field was added by Mailman itself? (Don't overthink this: if so, it's our problem and I'll be looking at it. But if you know offhand it will point me in the right direction.)
Excruciating detail follows, in part as notes to me. ;-)
In the following, the in-reply-to quoting is omitted and the field is folded for clarity.
authentication-results: # field name lists-test.rutgers.edu; # authenticator ID dkim=none (message not signed) # DKIM result info header.d=none; # DKIM property (no DKIM signature field) lists-test.rutgers.edu; # #### nonconforming (not "; key=value") dmarc=none # DMARC result info action=none # #### syntax OK, undefined property header.from=oit.rutgers.edu # DMARC property (field to check) ; # #### nonconforming (nothing to separate)
So it looks like whoever wrote the code doesn't understand RFC 7601 at all. A-R starts with a string naming the authentication authority (here lists-test.rutgers.edu) and an optional number naming the version of A-R being used. These are followed either by a semicolon and the word "none", or by a sequence of results blocks. Each block consists of a semicolon followed by a sequence of key=value pairs.
This funny phrase "a semicolon followed by a sequence of key=value pairs" is probably easier to understand if I say "the semicolons separate results blocks from the authenticator ID and from each other" (they are not block terminators).
RFC 7601 is quite pessimistic about nonconforming A-R, and repeatedly advises they be ignored or even deleted, although completely broken syntax is not mentioned.
Steve