Running mailman3 on AWS and dealing with SES email verification
Hi,
This seems to be a very basic question and/or issue, but I could not find a reliable for it:
Assume a list member with the email address like (just as an example) joe.student@university.edu<mailto:joe.student@university.edu> sends an email to a list, Mailman gets the email, processes it and would try to send that email to all members with a sender field as: 'joe.student@university.edu<mailto:joe.student@university.edu>'. plus listname@listserver.TLD<mailto:listname@listserver.TLD>
AWS allows verified email addresses to send an email from an EC2 to internet, so the listname@listserver.TLD<mailto:listname@listserver.TLD> is OK, because listserver.TLD is already verified, BUT Joe's email is not and cannot be, because there are thousands of list users and they can change daily.
The result is that Mailman's try to send the email would fail with the following error message:
Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: joe.student@university.edu<mailto:joe.student@university.edu> I changed the list property and made it an anonymous one, and it started sending the emails to the whole list members, but only with listname@listserver.TLD<mailto:listname@listserver.TLD> as the sender. So the list recipients cannot know the initiator of the discussion.
I found some solution:
- Asking the members to add their email to the signature
- manipulating the from field and add the name of the sender as a comment, not that easy, needs some Python code
- manipulating the from files and replacing the @ with something else, not that easy, needs some Python code
- . . .
More important: None of these would allow a simple click on the reply bottom to send the email to the original sender.
I am thinking of running mailman on-premise and use our email relay, which we have full control on. But really, there is no elegant solution for this? I already opened a ticket with AWS support and they just insisted on their policy of verification.
Best regards Mohsen Masoudfar Lead System Analyst, IT Operation American Association for the Advancement of Science 1200 New York Ave, NW, Washington, DC 20005 202-326-7087
On 4/30/20 9:25 AM, Mohsen Masoudfar wrote:
Hi,
This seems to be a very basic question and/or issue, but I could not find a reliable for it:
Assume a list member with the email address like (just as an example) joe.student@university.edu sends an email to a list, Mailman gets the email, processes it and would try to send that email to all members with a sender field as: 'joe.student@university.edu'. plus listname@listserver.TLD
Are you referring to the envelope sender or to the From: header?
The envelope sender will be listname-bounces@listserver.TLD or if VERP is enabled, listname-bounces+recipient=recipient.domain@listserver.TLD.
The From: header will be unchanged from the incoming message. If yo want the From: to be the list, you can apply DMARC "Replace From with list address" unconditionally and the From: will look like
From: joe.student via listname <listname@listserver.TLD>
...
I found some solution:
- Asking the members to add their email to the signature
- manipulating the from field and add the name of the sender as a comment, not that easy, needs some Python code
- manipulating the from files and replacing the @ with something else, not that easy, needs some Python code
- . . .
The DMARC mitigations will do these thing for you.
More important: None of these would allow a simple click on the reply bottom to send the email to the original sender.
And they will add the poster's original From: address to Reply-To:
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thank you Mark, this is really very helpful. I am going to work on the details. It would be breat, if there were a way to set some of this options as default, like DMARC mitigation is default to no, I changed it to unconditionally and replace From to with list address and got good results, but the default is no. How may I changed the default, do that the list owner/creator does not need to update these fields.
Thanks Mohsen
-----Original Message----- From: Mark Sapiro <mark@msapiro.net> Sent: Thursday, April 30, 2020 1:15 PM To: mailman-users@mailman3.org Subject: [MM3-users] Re: Running mailman3 on AWS and dealing with SES email verification
[EXTERNAL EMAIL]
On 4/30/20 9:25 AM, Mohsen Masoudfar wrote:
Hi,
This seems to be a very basic question and/or issue, but I could not find a reliable for it:
Assume a list member with the email address like (just as an example) joe.student@university.edu sends an email to a list, Mailman gets the email, processes it and would try to send that email to all members with a sender field as: 'joe.student@university.edu'. plus listname@listserver.TLD
Are you referring to the envelope sender or to the From: header?
The envelope sender will be listname-bounces@listserver.TLD or if VERP is enabled, listname-bounces+recipient=recipient.domain@listserver.TLD.
The From: header will be unchanged from the incoming message. If yo want the From: to be the list, you can apply DMARC "Replace From with list address" unconditionally and the From: will look like
From: joe.student via listname <listname@listserver.TLD>
...
I found some solution:
- Asking the members to add their email to the signature
- manipulating the from field and add the name of the sender as a comment, not that easy, needs some Python code
- manipulating the from files and replacing the @ with something else, not that easy, needs some Python code
- . . .
The DMARC mitigations will do these thing for you.
More important: None of these would allow a simple click on the reply bottom to send the email to the original sender.
And they will add the poster's original From: address to Reply-To:
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.mail...
On 5/1/20 6:54 AM, Mohsen Masoudfar wrote:
Thank you Mark, this is really very helpful. I am going to work on the details. It would be breat, if there were a way to set some of this options as default, like DMARC mitigation is default to no, I changed it to unconditionally and replace From to with list address and got good results, but the default is no. How may I changed the default, do that the list owner/creator does not need to update these fields.
There are two ways to do this. Both require some code modification.
The simplest is just to change the lines at <https://gitlab.com/mailman/mailman/-/blob/master/src/mailman/styles/base.py#L90> to:
mlist.dmarc_mitigate_action = DMARCMitigateAction.munge_from
mlist.dmarc_mitigate_unconditionally = TrueThe other way is to create a new list style that has these settings and chose it when creating a list. See <https://mailman.readthedocs.io/en/latest/src/mailman/styles/docs/styles.html>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro -
Mohsen Masoudfar