[Mimedefang] Yahoo! DMARC and smfi_chngfrom was Yahoo DMARC

Joseph Brennan brennan at columbia.edu
Mon Apr 14 22:50:57 EDT 2014

>        if ($Sender =~ /kevin_mcgrail\@yahoo\.com>?$/i and
>            ($recip =~ m/\@mailman\./i or

DMARC is actually checking the header From, not just the envelope $Sender, 
and Yahoo is telling recipient systems to reject if the header From has a 
yahoo.com address and the message was not sent (directly) by yahoo.com. 
This breaks mailing lists and user forwarding, and contradicts RFC 5322 and 
2822 which say the header From SHOULD show the mailbox of the writer of the 

It means messages with header From yahoo are poison if your system re-sends 
them to another system for any reason, if your system conforms to standard 
by not changing the header From. Re-sending them can lead to blacklisting.

It's not hard to extract the header From address in MimeDefang.

The problem I've got at our gateway is that milter gives us the @Recipient 
as in the RCPT TO, but I need to know what the recipient is after aliasing. 
We can safely accept when the alias routes to one of our own mail stores 
(Exchange, Cyrus, Google Apps), but not when the alias routes to our 
Mailman host or somewhere else on the net.

>From what I have read, it looks like Sendmail's check_compat ruleset gets 
the resolved recipient, and I might be able to write a check there 
comparing sender containing yahoo and recipient not containing our mail 
stores. An alternative might be to have Mimedefang read the aliases db when 
the header From contains yahoo, and do the same test. I find neither option 
very attractive, but I think I will need to do something very soon. Neither 
solution generalizes what to do when some other systems follow Yahoo's lead.

Obviously it would be simpler to refuse mail with header From yahoo, or 
break standard and rewrite all header From yahoo to something else. On 
principle I'd rather do the former than the latter, but that does not 
always meet the needs of the organization.

I'm still weighing my options.

Joseph Brennan
Columbia University I T

More information about the MIMEDefang mailing list