On Wed, Apr 16, 2025 at 4:17 PM Philip Bondi <pjbondi@systemdatabase.com> wrote:
Hello to all:
mailman3 is phenomenal upgrade from mailman2. Very nice. Thank you to the team.
In our family, we use mailman to provide redundancy on important financial emails. In this manner, emails from banks, government, ecommerce or other important providers are distributed to multiple family members. And we can ask family members if they paid the credit card bill, received their delivery, saw their tax liability or refund notification, etc. Does anyone else use mailman for such a purpose?
Do you struggle with "message rejected. AUP#CDRBL" while using mailman with your ISP email relay?
AUP == Acceptable Use Policy. I am sure you signed some dotted lines about that, or clicked Accept/Yes somewhere and so something that is happening is violation the AUP. CDRBL sounds like the IP of your ISP relay server is in some blacklists. You could use https://mxtoolbox.com/ to lookup the IP/Hostname that you use for relay.
For example, when receiving email from a Bank or the Government of Canada
on a mailman2 list, sometimes my ISP would not relay the email and I would get message rejected. AUP#CDRBL
And what does your ISP Tech Support say is the problem? I also think the problem is referenced somewhere in your MTA logs. While, this is most likely going OT, I will try and narrow down on the mailman bits. Assuming: purpose of receiving the emails from the senders in (1) above,
- That the sender address of the Bank or the Government of Canada is _allowed_ to send emails to some_mailman_list_address
- That your family are all subscribed to to the mailing list for the
It should be easy to configure the mailing list to send out the posts by rewriting the sender to be the list address.
You can do the same with Mailman3 under List settings -> DMARC Mitigations
On mailman2, I mitigated by stripping headers, wrapping message and DKIM
signing. Here is a mailman2 message that is stripped, wrapped and signed.
https://freeimage.host/i/30O5EXe
Do you have this problem with your ISP with certain senders? What are your mitigation strategies on mailman3?
In my case, I don't, because of List settings -> DMARC Mitigations -> DMARC mitigation action = Replace From: with list address. Below that is the option DMARC Mitigate unconditionally, which I have also enabled.
Curiously: If you DKIM sign your emails, does your ISP also co-sign them? Is your ISP relay server published in your domain's SPF records as an allowed sender for your domain?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]