From 5ef49284434d4a6ba304889cf89c468e7c97a324 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Thu, 28 May 2020 13:27:34 -0700
Subject: DMARC mitigation no longer misses upper case names.

---
 Mailman/Utils.py | 6 ++++--
 NEWS             | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 36fbd1f9..6e39c532 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1343,12 +1343,14 @@ def _DMARCProhibited(mlist, email, dmarc_domain, org=False):
         cnames = {}
         want_names = set([dmarc_domain + '.'])
         for txt_rec in txt_recs.response.answer:
+            # Don't be fooled by an answer with uppercase in the name.
+            name = txt_rec.name.to_text().lower()
             if txt_rec.rdtype == dns.rdatatype.CNAME:
-                cnames[txt_rec.name.to_text()] = (
+                cnames[name] = (
                     txt_rec.items[0].target.to_text())
             if txt_rec.rdtype != dns.rdatatype.TXT:
                 continue
-            results_by_name.setdefault(txt_rec.name.to_text(), []).append(
+            results_by_name.setdefault(name, []).append(
                 "".join(txt_rec.items[0].strings))
         expands = list(want_names)
         seen = set(expands)
diff --git a/NEWS b/NEWS
index 4889399e..25f2ff12 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ Here is a history of user visible changes to Mailman.
       attempts to subscribe to a list. This is fixed and extended to apply
       REFUSE_SECOND_PENDING to unsubscription as well.  (LP: #1878458)
 
+    - DMARC mitigation no longer misses if the domain name returned by DNS
+      contains upper case.  (LP: #1881035)
+
 2.1.33 (07-May-2020)
 
   Security
-- 
cgit v1.2.3