120 gmail users removed from lists !
Hello, on 15th October, 120 users with gmail address where suddenly removed from lists in mailman3, something changed in google ?
elemac@free.fr writes:
Hello, on 15th October, 120 users with gmail address where suddenly removed from lists in mailman3, something changed in google ?
Google is evil, who knew?
Google decided to publish a DMARC policy of "p=none". This announces to the world that you have to decide for yourself whether to accept mail from Gmail with a broken DKIM signature from gmail.com. Gmail has decided that they will not accept such email from themselves, even though they know more about the sender than anyone else, and even have access to the original sender copy.
Mark has a patch that applies your preferred DMARC mitigation to Gmail authors unconditionally. I think it's in the new version just released 3.3.9, so you can upgrade. The name of the variable is dmarc_addresses, and in Postorius it will be in the same settings group as other DMARC settings, with a similar tag.
If for some reason you strongly prefer not to upgrade immediately but want this feature, it's commit #8532f751b6b8bfee3210c1327d755756f99d99ac (you can shorten that to 8532f). I do not recommend this. It probably is independent of other changes in 3.3.9 from other releases. But if not you could have issues.
I think you also need the patches in Postorius, but I don't think they've been released yet. "Coming soon" as they say. The relevant commit is #770add1ebf27fd335c675607f26bb8f7cf313ddd,
If you search back in the archives, I think Mark posted a link to his original patches.
Steve
Hello, Thanks for this answer, my problem is I'm on yunohost server and the update 3.3.9 is not available now. Any "handmaid" solution should be great. Sincerely
Le 22/10/2023 à 10:45, Stephen J. Turnbull a écrit :
elemac@free.fr writes:
Hello, on 15th October, 120 users with gmail address where suddenly removed from lists in mailman3, something changed in google ?
Google is evil, who knew?
Google decided to publish a DMARC policy of "p=none". This announces to the world that you have to decide for yourself whether to accept mail from Gmail with a broken DKIM signature from gmail.com. Gmail has decided that they will not accept such email from themselves, even though they know more about the sender than anyone else, and even have access to the original sender copy.
Mark has a patch that applies your preferred DMARC mitigation to Gmail authors unconditionally. I think it's in the new version just released 3.3.9, so you can upgrade. The name of the variable is dmarc_addresses, and in Postorius it will be in the same settings group as other DMARC settings, with a similar tag.
If for some reason you strongly prefer not to upgrade immediately but want this feature, it's commit #8532f751b6b8bfee3210c1327d755756f99d99ac (you can shorten that to 8532f). I do not recommend this. It probably is independent of other changes in 3.3.9 from other releases. But if not you could have issues.
I think you also need the patches in Postorius, but I don't think they've been released yet. "Coming soon" as they say. The relevant commit is #770add1ebf27fd335c675607f26bb8f7cf313ddd,
If you search back in the archives, I think Mark posted a link to his original patches.
Steve
If Yunohost installed Mailman3 for you, then it's better to ask them to update it for you.
On Tue, Oct 24, 2023 at 7:51 AM Yvan ♞ <elemac@free.fr> wrote:
Hello, Thanks for this answer, my problem is I'm on yunohost server and the update 3.3.9 is not available now. Any "handmaid" solution should be great. Sincerely
Le 22/10/2023 à 10:45, Stephen J. Turnbull a écrit :
elemac@free.fr writes:
Hello, on 15th October, 120 users with gmail address where suddenly removed from lists in mailman3, something changed in google ?
Google is evil, who knew?
Google decided to publish a DMARC policy of "p=none". This announces to the world that you have to decide for yourself whether to accept mail from Gmail with a broken DKIM signature from gmail.com. Gmail has decided that they will not accept such email from themselves, even though they know more about the sender than anyone else, and even have access to the original sender copy.
Mark has a patch that applies your preferred DMARC mitigation to Gmail authors unconditionally. I think it's in the new version just released 3.3.9, so you can upgrade. The name of the variable is dmarc_addresses, and in Postorius it will be in the same settings group as other DMARC settings, with a similar tag.
If for some reason you strongly prefer not to upgrade immediately but want this feature, it's commit #8532f751b6b8bfee3210c1327d755756f99d99ac (you can shorten that to 8532f). I do not recommend this. It probably is independent of other changes in 3.3.9 from other releases. But if not you could have issues.
I think you also need the patches in Postorius, but I don't think they've been released yet. "Coming soon" as they say. The relevant commit is #770add1ebf27fd335c675607f26bb8f7cf313ddd,
If you search back in the archives, I think Mark posted a link to his original patches.
Steve
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to odhiambo@gmail.com
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Yvan ? writes:
Any "handmaid" solution should be great.
That *was* the handmade solution. The commit IDs are in my message. You can get the corresponding patches from GitLab. There's a reason why I wrote that I don't recommend this -- you're asking for a lot of work.
If you can't do it yourself, and you're in a hurry, there is a list of consultants at https://wiki.list.org/COM/Mailman%20consulting%20services.
Steve
I add an SPF entry on my web hosting, domain name: "v=spf1 mx ptr include:_spf.google.com -all" and it seems to fix the problem.
Le 24/10/2023 à 12:51, Stephen J. Turnbull a écrit :
Yvan ? writes:
Any "handmaid" solution should be great.
That *was* the handmade solution. The commit IDs are in my message. You can get the corresponding patches from GitLab. There's a reason why I wrote that I don't recommend this -- you're asking for a lot of work.
If you can't do it yourself, and you're in a hurry, there is a list of consultants athttps://wiki.list.org/COM/Mailman%20consulting%20services.
Steve
Am 24. Oktober 2023 um 18:07 schrieb "Yvan ♞" <elemac@free.fr>:
I add an SPF entry on my web hosting, domain name: "v=spf1 mx ptr include:_spf.google.com -all" and it seems to fix the problem.
Smart. As I understand above statement, it allows the google servers to send out emails for your domain. Not sure you want that. But you're right, mailman will eventually pick up the -all for the google addresses and apply the DMARC mitigation to google originating messages. Is this assumption correct?
On 10/24/23 11:51 AM, info@joergschulz.de wrote:
Am 24. Oktober 2023 um 18:07 schrieb "Yvan ♞" <elemac@free.fr>:
I add an SPF entry on my web hosting, domain name: "v=spf1 mx ptr include:_spf.google.com -all" and it seems to fix the problem.
Smart. As I understand above statement, it allows the google servers to send out emails for your domain. Not sure you want that. But you're right, mailman will eventually pick up the -all for the google addresses and apply the DMARC mitigation to google originating messages. Is this assumption correct?
Wrong. Mailman in conditionally applying DMARC mitigations considers only the DMARC policy if any of the From: domain. Whether or not an outgoing message might be rejected for DMARC policy or any other reasons has no automatic effect on the application of DMARC mitigations to subsequent messages.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 10/23/23 9:51 PM, Yvan ♞ wrote:
Hello, Thanks for this answer, my problem is I'm on yunohost server and the update 3.3.9 is not available now. Any "handmaid" solution should be great.
It may be more disruptive than you want, but you can just set DMARC Mitigate unconditionally to Yes to apply DMARC mitigations to all list mail.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro <mark@msapiro.net> wrote:
On 10/23/23 9:51 PM, Yvan ♞ wrote:
Hello, Thanks for this answer, my problem is I'm on yunohost server and the update 3.3.9 is not available now. Any "handmaid" solution should be great.
It may be more disruptive than you want, but you can just set DMARC Mitigate unconditionally to Yes to apply DMARC mitigations to all list mail.
Another thing which helped me a lot with Gmail bounces was setting VERP options everywhere in Mailman. I'm not sure what has made more of a difference, setting the DMARC to unconditionally apply the mitigations or setting VERP everywhere.
Speaking of the new additions in Mailman 3.3.9, does anyone have a list of the domains Google are using which we can add to the list so we can disable the unconditional DMARC mitigations for all list posts? Its probably somewhere obvious on a Gitlab issue or similar, but haven't found it yet.
Thanks. Andrew.
On 10/24/23 10:04 AM, Andrew Hodgson wrote:
Speaking of the new additions in Mailman 3.3.9, does anyone have a list of the domains Google are using which we can add to the list so we can disable the unconditional DMARC mitigations for all list posts? Its probably somewhere obvious on a Gitlab issue or similar, but haven't found it yet.
The only domains you need to consider are those of your list members, probably only gmail.com, and maybe googlemail.com.
I'm not sure how gmail would treat mail From: user@some.other.domain where the MX for some.other.domain is a google server, but that could be potentially any domain.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark:
Gmail will handle it as Gmail handles it. If the mail domain is Google even if it's custom-domain-example.com and it points to Google Workspace and Google Mail stuff, it'll bounce on the same rules unfortunately. I know this from working with Google Workspace domains myself with lists, it's a pain and they want a lot more stringent controls now.
Thomas
-----Original Message----- From: Mark Sapiro <mark@msapiro.net> Sent: Tuesday, October 24, 2023 1:21 PM To: mailman-users@mailman3.org Subject: [MM3-users] Re: 120 gmail users removed from lists !
On 10/24/23 10:04 AM, Andrew Hodgson wrote:
Speaking of the new additions in Mailman 3.3.9, does anyone have a list of the domains Google are using which we can add to the list so we can disable the unconditional DMARC mitigations for all list posts? Its probably somewhere obvious on a Gitlab issue or similar, but haven't found it yet.
The only domains you need to consider are those of your list members, probably only gmail.com, and maybe googlemail.com.
I'm not sure how gmail would treat mail From: user@some.other.domain where the MX for some.other.domain is a google server, but that could be potentially any domain.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...
This message sent to teward@thomas-ward.net
participants (8)
-
Andrew Hodgson -
elemac@free.fr -
info@joergschulz.de -
Mark Sapiro -
Odhiambo Washington -
Stephen J. Turnbull -
Thomas Ward -
Yvan ♞