Mailing Lists

[ARCHIVED] Last updated by on Thu, 19 Jan 2023    source
 

ezmlm-idx

My experience with mailing list software revolves around qmail and ezmlm-idx. With a few small scripts, I was able to support a wide variety of new use cases not inherently supported by ezmlm-idx itself. The features that are generically useful outside of The Apache Software Foundation are laid out below. To use these files follow this layout unless you are comfortable adjusting the paths in the scripts yourself.

BATV and SRS

bin/sender-demunger is a little wrapper script that enables BATV and SRS SENDER demunging for ezmlm-idx. To use it you simply add it as a prefix to all of the lines in your </editor/> and </manager/> blocks within .ezmlmrc and run ezmlm-make -+ on your lists, or in a pinch assuming you will not run ezmlm-make again on your lists, edit the editor and manager files within your list directories.

BATV and SRS pose unique problems for ezmlm-idx because unlike other mailing list software it operates on the MAIL FROM portion of the SMTP envelope, not the “From” address in the message headers.

Both specifications revolve around providing temporary addresses to the MAIL FROM envelope portion, which embed the original address in an easily decipherable way. But these temporary addresses are anathema to ezmlm-idx‘s subscription and moderation systems, and the sender-demunger.pl script mentioned above will fix that once deployed.

NOTE
According to the release notes, since version 7.0.0, ezmlm-idx should have support for BATV and SRS built in. In any case sender-demunger really won't hurt just in case :-).

DMARC

See bin/ezmlm-dmarc-filter.pl and bin/ezmlm-seekable-stdin.pl and lib/pull_header.pm. To use these scripts, change the lines in your </editor/> section of .ezmlmrc that call ezmlm-gate, ezmlm-store, or ezmlm-send, to look like the following:

    |/path/to/bin/ezmlm-dmarc-filter.pl '<#D#>/dmarc' | /path/to/bin/ezmlm-seekable-stdin.pl /path/to/bin/sender-demunger.pl <#B#>/ezmlm-gate -rY '<#D#>' '<#D#>' '<#D#>/digest' '<#D#>/allow' '<#D#>/mod'
    |/path/to/bin/ezmlm-dmarc-filter.pl '<#D#>/dmarc' | /path/to/bin/sender-demunger.pl <#B#>/ezmlm-store '<#D#>'
    |/path/to/bin/ezmlm-dmarc-filter.pl '<#D#>/dmarc' | <#B#>/ezmlm-send -r '<#D#>'

This assumes you will touch a file named dmarc in any list directories where you want to enable the filter. You can configure .ezmlmrc to do this by adding the following block to that file:

    </-dmarc#FXT/>
    </dmarc#f/>
    </dmarc#t/>
    </dmarc#x/>

The only list configurations that run afoul of DMARC are those with -f, -t or -x set. The above configuration will adjust for that.

In case you haven’t kept up with the times, there is a recent movement afoot to introduce strong DMARC policies that reject messages which fail DKIM signature tests. Facebook, Twitter, LinkedIn, Yahoo! and now AOL have been leading this charge into new territory, forcing mailing list operators to deal with the situation. What the ezmlm-dmarc-filter.pl does, and this isn’t the only possible solution to the problem, is drop the DKIM-Signature header for any such domain, and add an .INVALID suffix to the sender’s From header address. It has the advantage of being one of the simplest solutions that works, so I’m offering it here. So far the domains that deploy strict DMARC policies all provide appropriate Reply-To headers, so these changes made by ezmlm-dmarc-filter.pl will not impact the operation of any RFC-compliant email responses to such messages.

$Date: 2023-01-19 17:58:40 -0500 (Thu, 19 Jan 2023) $