From 61bc9dd01f3bafa9c5f9687b34fb20e9beace5cd Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Sun, 6 Jun 2021 10:55:49 -0700 Subject: DMARC policy ignores domains with multiple DMARC records. --- Mailman/Utils.py | 3 ++- NEWS | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 2615229b..c61f7e2c 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1380,8 +1380,9 @@ def _DMARCProhibited(mlist, email, dmarc_domain, org=False): if len(dmarcs) > 1: syslog('error', """RRset of TXT records for %s has %d v=DMARC1 entries; - testing them all""", + ignoring them per RFC 7849""", dmarc_domain, len(dmarcs)) + return False for entry in dmarcs: mo = re.search(r'\bsp=(\w*)\b', entry, re.IGNORECASE) if org and mo: diff --git a/NEWS b/NEWS index a1cf751f..31c6925b 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,9 @@ Here is a history of user visible changes to Mailman. - Delivery disabled by bounce notices to admins now have 'disabled' properly translated. (LP: #1922843) + - DMARC policy discovery ignores domains with multiple DMARC records per + RFC 7849, (LP: 1931029) + 2.1.34 (26-Jun-2020) i18n -- cgit v1.2.3