|Summary:||Yahoo.com and AOL DMARC reject policies cripples Mailman-2.1.12 - update to newer release|
|Product:||Red Hat Enterprise Linux 6||Reporter:||James B. Byrne <byrnejb>|
|Component:||mailman||Assignee:||Jan Kaluža <jkaluza>|
|Status:||CLOSED ERRATA||QA Contact:||Alois Mahdal <amahdal>|
|Severity:||high||Docs Contact:||Lenka Špačková <lkuprova>|
|Version:||6.5||CC:||amahdal, cww, emsearcy, eric.eisenhart, jherrman, jorton, jscotka, psklenar, rdieter, tony, wby+redhat|
|Fixed In Version:||mailman-2.1.12-23.el6||Doc Type:||Release Note|
Mailman now includes enhanced DMARC mitigation features With this update, Mailman introduces several enhanced Domain-based Message Authentication, Reporting & Conformance (DMARC) mitigation features. For example, Mailman can be configured to recognize Sender alignment for Domain Key Identified Mail (DKIM) signatures and it is now able to correctly handle forwarded messages from domains with a 'reject' DMARC policy.
|:||1107652 1192124 (view as bug list)||Environment:|
|Last Closed:||2015-07-22 07:41:53 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||1075802, 1107652, 1192124|
Description James B. Byrne 2014-05-07 14:21:33 UTC
Description of problem: Domain-based Message Authentication, Reporting & Conformance (DMARC) does not recognize a Sender alignment for Domain Key Identified Mail (DKIM). The version of Mailman (2.1.12) shipped with RHEL6 cannot be configured to meet DMARC enforcement requirements for subscribers whose domains use DKIM. Notably, as of April 2014 two such domains are yahoo.com and AOL.com. In consequence, Mailman list subscribers that belong to either yahoo.com or AOL.com cannot receive any Mailman forwarded messsages whose sender resides in any domain that provides DKIM signatures. Version-Release number of selected component (if applicable): Mailman-2.1.12 How reproducible: Always Steps to Reproduce: 1. Subscribe two aol.com accounts to a Mailman mailing list. 2. Send a message from one account to the mailing list. 3. Actual results: Neither account receives the mailing list forwarded message. Expected results: Both accounts should receive the message Additional info: The DMARC configuration issue is addressed in mailman-2.1.18 released 2014-May-03. However, this project is not FHS aligned and requires a great deal of reconfiguration to meet FHS requirements. Without the FHS modifications it is all but impossible to run mailman-2.1.18 with SELinux enabled. The new version also introduces a new dependency, dnspython, for both build and installation. However, this dependency is already available in RHEL6 and is therefore readily satisfied. This is a case where the environment Mailman-2.1.12 expects is no longer available and while the software works as specified it no longer functions in practice for a very large number of users. As DKIM signatures and DMARC enforcement is reasonably anticipated to increase rather than diminish Mailman is in urgent need of an upgrade.
Comment 2 Joe Orton 2014-05-12 11:39:46 UTC
Thanks for reporting this issue to us. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit: https://www.redhat.com/support/process/production/#howto
Comment 3 Jan Kaluža 2014-06-10 06:32:15 UTC
*** Bug 1107397 has been marked as a duplicate of this bug. ***
Comment 4 Marc Perkel 2014-06-10 14:51:56 UTC
I thought this was the regular channel for reporting problems.
Comment 5 William Yardley 2014-08-09 17:14:59 UTC
Following this ticket. I think it's important that the DMARC patches for Mailman be included for RHEL6. In addition, I would love to see it backported to RHEL5. We do have a support contract, and I will try to make requests via the support channels.
Comment 7 William Yardley 2014-08-26 20:45:05 UTC
For those folks who have Red Hat support accounts, you may wish to create a support ticket (with "business justification" for requesting expedited handling) and have them attach it to this ticket. So far, my request is the only one tied to this ticket, apparently.
Comment 10 Joe Orton 2014-10-27 11:43:36 UTC
To comments above: Bugzilla is NOT a good place for reporting production issues which affect Red Hat customers. Please contact Red Hat Support in the first instance. For bugs like this that's doubly true: we really need to understand the customer impact and demand for potentially disruptive changes like this, which is hard to do if we can't identify bugs with customers.
Comment 14 Alois Mahdal 2015-06-04 10:26:18 UTC
Verified on all architectures.
Comment 15 errata-xmlrpc 2015-07-22 07:41:53 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1417.html