lp:~jimpop/mailman/dmarc-dnssec-validation-fix

Created by Jim Popovitch on 2017-08-29 and last modified on 2017-08-29

Two proposed fixes for DMARC testing in Mailman 2.1

1) Test for dns.resolver.NoNameservers exception when querying the _dmarc.domain.tld RR. This typically means that there is a DNSSEC validation failure for that RR (i.e bogus RRSIG). If the Mailman server is running a DNSSEC validating resolver, the Mailman server will NOT see the _dmarc RR, whereas a subscriber not using a validating resolver would see the _dmarc RR. This potential inconsistency means we should munge the post to prevent potential problems as DNSSEC validation is becoming more popular.

2) Any addition errors in querying the _dmarc.domain.tld RR should result in the post being munged. The potential for inconsistencies is mitigated by munging posts from sites with DNSSEC inconsistencies.

These 2 conditions will be logged by Mailman.

Get this branch:
bzr branch lp:~jimpop/mailman/dmarc-dnssec-validation-fix
Only Jim Popovitch can upload to this branch. If you are Jim Popovitch please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Jim Popovitch
Project:
GNU Mailman
Status:
Mature

Recent revisions

1723. By Jim Popovitch on 2017-08-29

Improved DMARC testing for domains with DNSSEC validation problems

1722. By Mark Sapiro on 2017-08-02

The Russian translation has been updated by Sergey Matveev.

1721. By Mark Sapiro on 2017-07-31

Show case preserved emails in the roster.

1720. By Mark Sapiro on 2017-07-21

Changed wrapper environment cleaning from blacklist to whitelist.

1719. By Mark Sapiro on 2017-06-24

Added screen reader labels to some admindb radio buttons.

1718. By Mark Sapiro on 2017-06-21

Added text for screen readers only to checkboxes on admin Membership List.

1717. By Mark Sapiro on 2017-06-10

I18n changes for last commits.

1716. By Mark Sapiro on 2017-06-09

Display date of held subscriptions and keep newest.

1715. By Mark Sapiro on 2017-06-08

Reverted another getfirst in the multi-value CGI defence.

1714. By Mark Sapiro on 2017-06-06

Ensure aliases.db and virtual-mailman.db are world readable and owned
by the Mailman user.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:mailman
This branch contains Public information 
Everyone can see this information.

Subscribers