aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2016-02-02 12:17:20 -0800
committerMark Sapiro <mark@msapiro.net>2016-02-02 12:17:20 -0800
commit87dee93764ce849ad0a454252e5de466a4cb693f (patch)
tree3bac24c34714a75fb84afdeee02ef86bd5dba2d8
parent7470e5f55f1a951f6905bb79c5d1b962888a2f89 (diff)
downloadmailman2-87dee93764ce849ad0a454252e5de466a4cb693f.tar.gz
mailman2-87dee93764ce849ad0a454252e5de466a4cb693f.tar.xz
mailman2-87dee93764ce849ad0a454252e5de466a4cb693f.zip
Added dmarc_non_moderation_action to list settings.
-rwxr-xr-xMailman/Defaults.py.in14
-rw-r--r--Mailman/Gui/Privacy.py19
-rw-r--r--Mailman/Utils.py9
-rw-r--r--Mailman/Version.py2
-rwxr-xr-xMailman/versions.py2
-rw-r--r--NEWS10
6 files changed, 53 insertions, 3 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index a4b63285..7ef071a0 100755
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -1,6 +1,6 @@
# -*- python -*-
-# Copyright (C) 1998-2015 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -1105,6 +1105,18 @@ DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION = Yes
# 4 = Discard
DEFAULT_DMARC_MODERATION_ACTION = 0
+# Domain owners can publish DMARC p=none policy in order to request that
+# reports of DMARC failures be sent but special action not be taken on
+# messages From: their domain that fail DMARC. This can result in over
+# estimation of the number of messages that would be quarantined or rejected
+# with a stronger DMARC policy if such a policy would result in message
+# modification because dmarc_moderation_action is 1 or 2. Thus, there is
+# a list setting to apply dmarc_moderaction_action of 1 or 2 to messages
+# From: domains with DMARC p=none. Setting this to Yes is only effective if
+# dmarc_quarantine_moderaction_action is also Yes. The following is the
+# default for this setting for new lists.
+DEFAULT_DMARC_NONE_MODERATION_ACTION = No
+
# Default for text to be added to a separate text/plain part preceding the
# message/rfc822 part containing the original message when
# dmarc_moderation_action is Wrap Message.
diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py
index 668140e8..e500908d 100644
--- a/Mailman/Gui/Privacy.py
+++ b/Mailman/Gui/Privacy.py
@@ -329,6 +329,25 @@ class Privacy(GUIBase):
the message will likely not bounce, but will be delivered to
recipients' spam folders or other hard to find places.""")),
+ ('dmarc_none_moderation_action', mm_cfg.Radio,
+ (_('No'), _('Yes')), 0,
+ _("""Shall the above dmarc_moderation_action apply to messages
+ From: domains with DMARC p=none as well as p=quarantine and
+ p=reject"""),
+
+ _("""<ul><li><b>No</b> -- this applies dmarc_moderation_action to
+ only those posts From: a domain with DMARC p=reject and
+ possibly p=quarantine depending on the setting of
+ dmarc_quarantine_moderation_action.
+ <p><li><b>Yes</b> -- this applies dmarc_moderation_action to
+ posts From: a domain with DMARC p=none if
+ dmarc_moderation_action is Munge From or Wrap Message and
+ dmarc_quarantine_moderation_action is Yes.
+ <p>The intent of this setting is to eliminate failure reports
+ to the owner of a domain that publishes DMARC p=none by applying
+ the message transformations that would be applied if the
+ domain's DMARC policy were stronger.""")),
+
('dmarc_moderation_notice', mm_cfg.Text, (10, WIDTH), 1,
_("""Text to include in any
<a href="?VARHELP=privacy/sender/dmarc_moderation_action"
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 2404c445..1aa49954 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1243,6 +1243,15 @@ def IsDMARCProhibited(mlist, email):
mlist.real_name, email, dmarc_domain, name, entry)
return True
+ if (mlist.dmarc_none_moderation_action and
+ mlist.dmarc_quarantine_moderation_action and
+ mlist.dmarc_moderation_action in (1, 2) and
+ re.search(r'\bp=none\b', entry, re.IGNORECASE)):
+ syslog('vette',
+ '%s: DMARC lookup for %s (%s) found p=none in %s = %s',
+ mlist.real_name, email, dmarc_domain, name, entry)
+ return True
+
return False
diff --git a/Mailman/Version.py b/Mailman/Version.py
index 0695cd30..43c9101d 100644
--- a/Mailman/Version.py
+++ b/Mailman/Version.py
@@ -37,7 +37,7 @@ HEX_VERSION = ((MAJOR_REV << 24) | (MINOR_REV << 16) | (MICRO_REV << 8) |
(REL_LEVEL << 4) | (REL_SERIAL << 0))
# config.pck schema version number
-DATA_FILE_VERSION = 109
+DATA_FILE_VERSION = 110
# qfile/*.db schema version number
QFILE_SCHEMA_VERSION = 3
diff --git a/Mailman/versions.py b/Mailman/versions.py
index 66775f05..b6c4231f 100755
--- a/Mailman/versions.py
+++ b/Mailman/versions.py
@@ -494,6 +494,8 @@ def NewVars(l):
mm_cfg.DEFAULT_DMARC_MODERATION_ACTION)
add_only_if_missing('dmarc_quarantine_moderation_action',
mm_cfg.DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION)
+ add_only_if_missing('dmarc_none_moderation_action',
+ mm_cfg.DEFAULT_DMARC_NONE_MODERATION_ACTION)
add_only_if_missing('dmarc_moderation_notice', '')
add_only_if_missing('dmarc_wrapped_message_text',
mm_cfg.DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT)
diff --git a/NEWS b/NEWS
index 9c95f026..5a3a1d82 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
-*- coding: iso-8859-1 -*-
Mailman - The GNU Mailing List Management System
-Copyright (C) 1998-2015 by the Free Software Foundation, Inc.
+Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Here is a history of user visible changes to Mailman.
@@ -9,6 +9,14 @@ Here is a history of user visible changes to Mailman.
New Features
+ - There is a new dmarc_none_moderation_action list setting and a
+ DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
+ apply Munge From or Wrap Message actions to posts From: domains that
+ publish DMARC p=none. The intent is to eliminate failure reports to
+ the domain owner for messages that would be munged or wrapped if the
+ domain published a stronger DMARC policy. See the descriptions in
+ Defaults.py, the web UI and the bug report for more. (LP: #1539384)
+
- Thanks to Jim Popovitch there is now a feature to automatically turn
on moderation for a malicious list member who attempts to flood a list
with spam. See the details for the Privacy options ... -> Sender