From f48f75cccf27cdd098cb5c5e0f8c063361f80c1e Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Fri, 22 Sep 2017 08:22:42 -0700 Subject: The default DMARC reject reason now properly replaces %(listowner)s. --- Mailman/Handlers/SpamDetect.py | 1 + 1 file changed, 1 insertion(+) (limited to 'Mailman') diff --git a/Mailman/Handlers/SpamDetect.py b/Mailman/Handlers/SpamDetect.py index aaddff5f..257cdb24 100644 --- a/Mailman/Handlers/SpamDetect.py +++ b/Mailman/Handlers/SpamDetect.py @@ -117,6 +117,7 @@ def process(mlist, msg, msgdata): if text: text = Utils.wrap(text) else: + listowner = mlist.GetOwnerEmail() text = Utils.wrap(_( """You are not allowed to post to this mailing list From: a domain which publishes a DMARC policy of reject or quarantine, and your message has been -- cgit v1.2.3 From a04f3a2976940022009c154fe0400fb8464b014c Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Sat, 7 Oct 2017 15:28:06 -0700 Subject: Improved DMARC testing for domains with DNSSEC validation problems. --- Mailman/Utils.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'Mailman') diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 75481563..9c366352 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1267,11 +1267,23 @@ def _DMARCProhibited(mlist, email, dmarc_domain, org=False): txt_recs = resolver.query(dmarc_domain, dns.rdatatype.TXT) except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer): return 'continue' + except (dns.resolver.NoNameservers): + syslog('error', + 'DNSException: No Nameservers available for %s (%s)', + email, dmarc_domain) + # Typically this means a dnssec validation error. Clients that don't + # perform validation *may* successfully see a _dmarc RR whereas a + # validating mailman server wont see the _dmarc RR. We should mitigate + # this email to be safe. + return True except DNSException, e: syslog('error', 'DNSException: Unable to query DMARC policy for %s (%s). %s', - email, dmarc_domain, e.__doc__) - return 'continue' + email, dmarc_domain, e.__doc__) + # While we can't be sure what caused the error, there is potentially + # a DMARC policy record that we missed and that a receiver of the mail + # might see. Thus, we should err on the side of caution and mitigate. + return True else: # Be as robust as possible in parsing the result. results_by_name = {} -- cgit v1.2.3 From 1ddd44e9d3549fc2e854b6a508dc0adb6c344988 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Thu, 26 Oct 2017 13:37:08 -0700 Subject: Updated i18n in preparation for 2.1.25 release. Fixed a minor typo. --- Mailman/Utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Mailman') diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 9c366352..9dbd0b55 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1273,8 +1273,8 @@ def _DMARCProhibited(mlist, email, dmarc_domain, org=False): email, dmarc_domain) # Typically this means a dnssec validation error. Clients that don't # perform validation *may* successfully see a _dmarc RR whereas a - # validating mailman server wont see the _dmarc RR. We should mitigate - # this email to be safe. + # validating mailman server won't see the _dmarc RR. We should + # mitigate this email to be safe. return True except DNSException, e: syslog('error', -- cgit v1.2.3 From bc77a098657cbc0db309de8fb9e63d079f43f955 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Thu, 26 Oct 2017 13:59:01 -0700 Subject: Bumped branch version to: 2.1.25 --- Mailman/Version.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Mailman') diff --git a/Mailman/Version.py b/Mailman/Version.py index 48fea21d..28ac4daf 100644 --- a/Mailman/Version.py +++ b/Mailman/Version.py @@ -16,7 +16,7 @@ # USA. # Mailman version -VERSION = '2.1.24' +VERSION = '2.1.25' # And as a hex number in the manner of PY_VERSION_HEX ALPHA = 0xa @@ -28,7 +28,7 @@ FINAL = 0xf MAJOR_REV = 2 MINOR_REV = 1 -MICRO_REV = 24 +MICRO_REV = 25 REL_LEVEL = FINAL # at most 15 beta releases! REL_SERIAL = 0 -- cgit v1.2.3