From 61bc9dd01f3bafa9c5f9687b34fb20e9beace5cd Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Sun, 6 Jun 2021 10:55:49 -0700
Subject: DMARC policy ignores domains with multiple DMARC records.

---
 Mailman/Utils.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Mailman')

diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 2615229b..c61f7e2c 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1380,8 +1380,9 @@ def _DMARCProhibited(mlist, email, dmarc_domain, org=False):
             if len(dmarcs) > 1:
                 syslog('error',
                        """RRset of TXT records for %s has %d v=DMARC1 entries;
-                       testing them all""",
+                       ignoring them per RFC 7849""",
                         dmarc_domain, len(dmarcs))
+                return False
             for entry in dmarcs:
                 mo = re.search(r'\bsp=(\w*)\b', entry, re.IGNORECASE)
                 if org and mo:
-- 
cgit v1.2.3