Make dmarc_quarantine_moderaction_action a list setting.

8 files changed, 36 insertions, 13 deletions

diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in
index 07c7a726..3ecf996a 100755
--- a/Mailman/Defaults.py.in
+++ b/Mailman/Defaults.py.in
@@ -1061,8 +1061,9 @@ DEFAULT_DEFAULT_MEMBER_MODERATION = No
 DEFAULT_FORWARD_AUTO_DISCARDS = Yes
 
 # Shall dmarc_moderation_action be applied to messages From: domains with
-# a DMARC policy of quarantine as well as reject?
-DMARC_QUARANTINE_MODERATION_ACTION = Yes
+# a DMARC policy of quarantine as well as reject?  This sets the default for
+# the list setting that controls it.
+DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION = Yes
 
 # Default action for posts whose From: address domain has a DMARC policy of
 # reject or quarantine.  See DEFAULT_FROM_IS_LIST below.  Whatever is set as
diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py
index 477304c6..7f1e12f3 100644
--- a/Mailman/Gui/Privacy.py
+++ b/Mailman/Gui/Privacy.py
@@ -159,7 +159,7 @@ class Privacy(GUIBase):
 
         adminurl = mlist.GetScriptURL('admin', absolute=1)
     
-        if mm_cfg.DMARC_QUARANTINE_MODERATION_ACTION:
+        if mlist.dmarc_quarantine_moderation_action:
             quarantine = _('/Quarantine')
         else:
             quarantine = ''
@@ -269,6 +269,23 @@ class Privacy(GUIBase):
              if the message is From: an affected domain and the setting is
              other than Accept.""")),
 
+            ('dmarc_quarantine_moderation_action', mm_cfg.Radio,
+             (_('No'), _('Yes')), 0,
+             _("""Shall the above dmarc_moderation_action apply to messages
+               From: domains with DMARC p=quarantine as well as p=reject"""),
+
+             _("""<ul><li><b>No</b> -- this applies dmarc_moderation_action to
+               only those posts From: a domain with DMARC p=reject.  This is
+               appropriate if you are concerned about bounced messages, but
+               want to apply dmarc_moderation_action to as few messages as
+               possible.
+               <p><li><b>Yes</b> -- this applies dmarc_moderation_action to
+               posts From: a domain with DMARC p=reject or p=quarantine.
+               </ul><p>If a message is From: a domain with DMARC p=quarantine
+               and dmarc_moderation_action is not applied (this set to No)
+               the message will likely not bounce, but will be delivered to
+               recipients' spam folders or other hard to find places.""")),
+
             ('dmarc_moderation_notice', mm_cfg.Text, (10, WIDTH), 1,
              _("""Text to include in any
              <a href="?VARHELP=privacy/sender/dmarc_moderation_action"
@@ -440,7 +457,7 @@ class Privacy(GUIBase):
              case, each rule is matched in turn, with processing stopped after
              the first match.
 
-             Note that headers are collected from all the attachments 
+             Note that headers are collected from all the attachments
              (except for the mailman administrivia message) and
              matched against the regular expressions. With this feature,
              you can effectively sort out messages with dangerous file
diff --git a/Mailman/Handlers/Moderate.py b/Mailman/Handlers/Moderate.py
index 55f5da21..096eedce 100644
--- a/Mailman/Handlers/Moderate.py
+++ b/Mailman/Handlers/Moderate.py
@@ -54,7 +54,7 @@ def process(mlist, msg, msgdata):
     msgdata['from_is_list'] = 0
     dn, addr = parseaddr(msg.get('from'))
     if addr and mlist.dmarc_moderation_action > 0:
-        if Utils.IsDMARCProhibited(addr):
+        if Utils.IsDMARCProhibited(mlist, addr):
             # Note that for dmarc_moderation_action, 0 = Accept, 
             #    1 = Munge, 2 = Wrap, 3 = Reject, 4 = Discard
             if mlist.dmarc_moderation_action == 1:
diff --git a/Mailman/MailList.py b/Mailman/MailList.py
index 02646b7e..0ebf8ab8 100755
--- a/Mailman/MailList.py
+++ b/Mailman/MailList.py
@@ -390,6 +390,8 @@ class MailList(HTMLFormatter, Deliverer, ListAdmin,
         self.member_moderation_action = 0
         self.member_moderation_notice = ''
         self.dmarc_moderation_action = mm_cfg.DEFAULT_DMARC_MODERATION_ACTION
+        self.dmarc_quarantine_moderation_action = (
+            mm_cfg.DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION)
         self.dmarc_moderation_notice = ''
         self.accept_these_nonmembers = []
         self.hold_these_nonmembers = []
diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index eab085a8..8290bf14 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1068,7 +1068,7 @@ def suspiciousHTML(html):
 
 # This takes an email address, and returns True if DMARC policy is p=reject
 # or possibly quarantine.
-def IsDMARCProhibited(email):
+def IsDMARCProhibited(mlist, email):
     if not dns_resolver:
          return False
 
@@ -1142,7 +1142,7 @@ def IsDMARCProhibited(email):
                         email, dmarc_domain, name, entry)
                     return True
 
-                if (mm_cfg.DMARC_QUARANTINE_MODERATION_ACTION and
+                if (mlist.dmarc_quarantine_moderation_action and
                     re.search(r'\bp=quarantine\b', entry, re.IGNORECASE)):
                     syslog('vette',
                       'DMARC lookup for %s (%s) found p=quarantine in %s = %s',
@@ -1151,4 +1151,3 @@ def IsDMARCProhibited(email):
 
     return False
 
-
diff --git a/Mailman/Version.py b/Mailman/Version.py
index 107dfa7e..85ebe4b5 100644
--- a/Mailman/Version.py
+++ b/Mailman/Version.py
@@ -37,7 +37,7 @@ HEX_VERSION = ((MAJOR_REV << 24) | (MINOR_REV << 16) | (MICRO_REV << 8) |
                (REL_LEVEL << 4)  | (REL_SERIAL << 0))
 
 # config.pck schema version number
-DATA_FILE_VERSION = 103
+DATA_FILE_VERSION = 104
 
 # qfile/*.db schema version number
 QFILE_SCHEMA_VERSION = 3
diff --git a/Mailman/versions.py b/Mailman/versions.py
index a568e8e6..a6cc51cc 100755
--- a/Mailman/versions.py
+++ b/Mailman/versions.py
@@ -389,7 +389,9 @@ def NewVars(l):
     add_only_if_missing('member_moderation_action', 0)
     add_only_if_missing('member_moderation_notice', '')
     add_only_if_missing('dmarc_moderation_action', 
-                        mm_cfg.DEFAULT_DMARC_MODERATION_ACTION)
+                       mm_cfg.DEFAULT_DMARC_MODERATION_ACTION)
+    add_only_if_missing('dmarc_quarantine_moderation_action',
+                       mm_cfg.DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION)
     add_only_if_missing('dmarc_moderation_notice', '')
     add_only_if_missing('new_member_options',
                         mm_cfg.DEFAULT_NEW_MEMBER_OPTIONS)
diff --git a/NEWS b/NEWS
index 04ec2788..adf3effc 100755
--- a/NEWS
+++ b/NEWS
@@ -28,9 +28,11 @@ Here is a history of user visible changes to Mailman.
       default for this, and the list admin UI is not able to set an action
       which is 'less' than the default.  The prior ALLOW_FROM_IS_LIST setting
       has been removed and is effectively always Yes. There is a new
-      DMARC_QUARANTINE_MODERATION_ACTION configuration setting which defaults
-      to Yes but can be set to No to exclude domains with DMARC policy of
-      quarantine from dmarc_moderation_action.
+      dmarc_quarantine_moderation_action list setting with default set by a
+      new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
+      which in turn defaults to Yes.  The list setting can be set to No to
+      exclude domains with DMARC policy of quarantine from
+      dmarc_moderation_action.
 
       dmarc_moderation_action and from_is_list interact in the following way.
       If the message is From: a domain to which dmarc_moderation_action applies