[Mimedefang] Yahoo! DMARC and smfi_chngfrom was Yahoo DMARC

Jan-Pieter Cornet johnpc at xs4all.nl
Tue Apr 15 18:48:16 EDT 2014


On 2014-4-15 4:50 , Joseph Brennan wrote:
> DMARC is actually checking the header From, not just the envelope
> $Sender, and Yahoo is telling recipient systems to reject if the
> header From has a yahoo.com address and the message was not sent
> (directly) by yahoo.com. This breaks mailing lists and user
> forwarding, and contradicts RFC 5322 and 2822 which say the header
> From SHOULD show the mailbox of the writer of the message.

It doesn't break user forwarding, as long as you don't strip headers nor modify the body. ".forward" works fine, as does procmail "!" operator. (the SPF part of DMARC will break, but as long as the DKIM part remains intact, it'll still work.)

Since mailinglists usually change the body by attaching headers and/or footers, it breaks DKIM, and since mailinglists change the envelope from, SPF has no chance. That's why mailinglists and DMARC do not cooperate very well.

Bottom line is: don't allow anyone from a domain that publishes "p=reject" or "p=quarantine" DMARC policies to post to your mailinglist.

Note that there is a patch available to mailman itself which will stop that. No need for any patches in mimedefang:
https://code.launchpad.net/~jimpop/mailman/dmarc-reject

-- 
Jan-Pieter Cornet
"If you're doing nothing wrong, you have nothing to hide from the giant
surveillance apparatus the government's been hiding." -- Stephen Colbert

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 286 bytes
Desc: OpenPGP digital signature
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20140416/8f248f5e/attachment.sig>


More information about the MIMEDefang mailing list