dmarc_mitigate_unconditionally vs. mitigate_owner_mail
Hello,
We stumbled over an interesting problem with latest mailman-core from git if the setup matches some criteria:
Config of mailman3: mitigate_owner_mail = no (default)
Config of list: dmarc_mitigate_unconditionally = yes AND dmarc_mitigate_action = munge_from
Owner of list has an automatic out-of-office reply enabled
Owner is allowed to post on list
Somebody writes to list-owner@mailman
==> Result: Somebody's mail gets treated with munged_from and the owner's out-of-office reply is sent to the list and distributed to all members.
I expected that with "mitigate_owner_mail = no" there would be no munge_from for mails to list-owner@mailman. But in the end "dmarc_mitigate_unconditionally = yes" has higher precedence than "mitigate_owner_mail = no" in handlers/dmarc.py.
I am not sure if this is a bug or a feature ;)
As a quick workaround to prevent out-of-office replies going to the list, we configured our postfix to add a "precedence: list" header to all mails sent to an -owner address to prevent to trigger an auto reply.
We set dmarc_mitigate_unconditionally = yes AND dmarc_mitigate_action = munge_from to prevent confusing our users if the mails from the list look different dependent on the sender's DMARC policy. And we also don't have to worry about adding tags to the subject or adding headers/footers. With munge_from our DKIM signature is always aligned with the header from domain and gmail, yahoo, etc. are happy.
While thinking about our situation I came up with some more thoughts:
With mitigate_owner_mail = yes and munge_from is the list posting address really a good choice for the new header from address? Not only auto replies but also owners who click "reply all" without thinking will post to the list. But using the list-owner as new header from would also have some drawbacks, e.g. the possibility of an endless loop of auto replies. Adding the "precedence: list" header also to mails sent to the list-owner might prevent this in most cases at least. But this feels like putting more tape on the problem.
In my opinion the least bad solution would be to give "mitigate_owner_mail = no" higher precedence than "dmarc_mitigate_unconditionally = yes". Then the site admin can overrule the list admin. Or will this break other uses cases I did not think about?
Regards, Bernhard
On April 28, 2026 5:57:16 PM GMT+02:00, "Lichtinger, Bernhard" <Bernhard.Lichtinger@lrz.de> wrote:
I expected that with "mitigate_owner_mail = no" there would be no munge_from for mails to list-owner@mailman. But in the end "dmarc_mitigate_unconditionally = yes" has higher precedence than "mitigate_owner_mail = no" in handlers/dmarc.py.
I am not sure if this is a bug or a feature ;)
I need to look at this. If in fact dmarc_mitigate_unconditionally = yes trumps mitigate_owner_mail = no, that is unintentional and a bug and will be fixed.
With mitigate_owner_mail = yes and munge_from is the list posting address really a good choice for the new header from address?
Good question.
Not only auto replies but also owners who click "reply all" without thinking will post to the list. But using the list-owner as new header from would also have some drawbacks, e.g. the possibility of an endless loop of auto replies. Adding the "precedence: list" header also to mails sent to the list-owner might prevent this in most cases at least. But this feels like putting more tape on the problem.
These are all important considerations. Definitely things to consider.
In my opinion the least bad solution would be to give "mitigate_owner_mail = no" higher precedence than "dmarc_mitigate_unconditionally = yes".
This is definitely the intent and will be fixed.
-- Mark Sapiro <mark@msapiro.net> Sent from my Not_an_iThing with standards compliant, open source software.
participants (2)
-
Lichtinger, Bernhard -
Mark Sapiro