diff options
| -rwxr-xr-x | Mailman/Defaults.py.in | 14 | ||||
| -rw-r--r-- | Mailman/Gui/Privacy.py | 19 | ||||
| -rw-r--r-- | Mailman/Utils.py | 9 | ||||
| -rw-r--r-- | Mailman/Version.py | 2 | ||||
| -rwxr-xr-x | Mailman/versions.py | 2 | ||||
| -rw-r--r-- | NEWS | 10 |
6 files changed, 53 insertions, 3 deletions
diff --git a/Mailman/Defaults.py.in b/Mailman/Defaults.py.in index a4b63285..7ef071a0 100755 --- a/Mailman/Defaults.py.in +++ b/Mailman/Defaults.py.in @@ -1,6 +1,6 @@ # -*- python -*- -# Copyright (C) 1998-2015 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2016 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -1105,6 +1105,18 @@ DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION = Yes # 4 = Discard DEFAULT_DMARC_MODERATION_ACTION = 0 +# Domain owners can publish DMARC p=none policy in order to request that +# reports of DMARC failures be sent but special action not be taken on +# messages From: their domain that fail DMARC. This can result in over +# estimation of the number of messages that would be quarantined or rejected +# with a stronger DMARC policy if such a policy would result in message +# modification because dmarc_moderation_action is 1 or 2. Thus, there is +# a list setting to apply dmarc_moderaction_action of 1 or 2 to messages +# From: domains with DMARC p=none. Setting this to Yes is only effective if +# dmarc_quarantine_moderaction_action is also Yes. The following is the +# default for this setting for new lists. +DEFAULT_DMARC_NONE_MODERATION_ACTION = No + # Default for text to be added to a separate text/plain part preceding the # message/rfc822 part containing the original message when # dmarc_moderation_action is Wrap Message. diff --git a/Mailman/Gui/Privacy.py b/Mailman/Gui/Privacy.py index 668140e8..e500908d 100644 --- a/Mailman/Gui/Privacy.py +++ b/Mailman/Gui/Privacy.py @@ -329,6 +329,25 @@ class Privacy(GUIBase): the message will likely not bounce, but will be delivered to recipients' spam folders or other hard to find places.""")), + ('dmarc_none_moderation_action', mm_cfg.Radio, + (_('No'), _('Yes')), 0, + _("""Shall the above dmarc_moderation_action apply to messages + From: domains with DMARC p=none as well as p=quarantine and + p=reject"""), + + _("""<ul><li><b>No</b> -- this applies dmarc_moderation_action to + only those posts From: a domain with DMARC p=reject and + possibly p=quarantine depending on the setting of + dmarc_quarantine_moderation_action. + <p><li><b>Yes</b> -- this applies dmarc_moderation_action to + posts From: a domain with DMARC p=none if + dmarc_moderation_action is Munge From or Wrap Message and + dmarc_quarantine_moderation_action is Yes. + <p>The intent of this setting is to eliminate failure reports + to the owner of a domain that publishes DMARC p=none by applying + the message transformations that would be applied if the + domain's DMARC policy were stronger.""")), + ('dmarc_moderation_notice', mm_cfg.Text, (10, WIDTH), 1, _("""Text to include in any <a href="?VARHELP=privacy/sender/dmarc_moderation_action" diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 2404c445..1aa49954 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1243,6 +1243,15 @@ def IsDMARCProhibited(mlist, email): mlist.real_name, email, dmarc_domain, name, entry) return True + if (mlist.dmarc_none_moderation_action and + mlist.dmarc_quarantine_moderation_action and + mlist.dmarc_moderation_action in (1, 2) and + re.search(r'\bp=none\b', entry, re.IGNORECASE)): + syslog('vette', + '%s: DMARC lookup for %s (%s) found p=none in %s = %s', + mlist.real_name, email, dmarc_domain, name, entry) + return True + return False diff --git a/Mailman/Version.py b/Mailman/Version.py index 0695cd30..43c9101d 100644 --- a/Mailman/Version.py +++ b/Mailman/Version.py @@ -37,7 +37,7 @@ HEX_VERSION = ((MAJOR_REV << 24) | (MINOR_REV << 16) | (MICRO_REV << 8) | (REL_LEVEL << 4) | (REL_SERIAL << 0)) # config.pck schema version number -DATA_FILE_VERSION = 109 +DATA_FILE_VERSION = 110 # qfile/*.db schema version number QFILE_SCHEMA_VERSION = 3 diff --git a/Mailman/versions.py b/Mailman/versions.py index 66775f05..b6c4231f 100755 --- a/Mailman/versions.py +++ b/Mailman/versions.py @@ -494,6 +494,8 @@ def NewVars(l): mm_cfg.DEFAULT_DMARC_MODERATION_ACTION) add_only_if_missing('dmarc_quarantine_moderation_action', mm_cfg.DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION) + add_only_if_missing('dmarc_none_moderation_action', + mm_cfg.DEFAULT_DMARC_NONE_MODERATION_ACTION) add_only_if_missing('dmarc_moderation_notice', '') add_only_if_missing('dmarc_wrapped_message_text', mm_cfg.DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT) @@ -1,6 +1,6 @@ -*- coding: iso-8859-1 -*- Mailman - The GNU Mailing List Management System -Copyright (C) 1998-2015 by the Free Software Foundation, Inc. +Copyright (C) 1998-2016 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Here is a history of user visible changes to Mailman. @@ -9,6 +9,14 @@ Here is a history of user visible changes to Mailman. New Features + - There is a new dmarc_none_moderation_action list setting and a + DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally + apply Munge From or Wrap Message actions to posts From: domains that + publish DMARC p=none. The intent is to eliminate failure reports to + the domain owner for messages that would be munged or wrapped if the + domain published a stronger DMARC policy. See the descriptions in + Defaults.py, the web UI and the bug report for more. (LP: #1539384) + - Thanks to Jim Popovitch there is now a feature to automatically turn on moderation for a malicious list member who attempts to flood a list with spam. See the details for the Privacy options ... -> Sender |