Red Hat Bugzilla – Bug 1095359
Yahoo.com and AOL DMARC reject policies cripples Mailman-2.1.12 - update to newer release
Last modified: 2016-11-22 21:53:21 EST
Description of problem: Domain-based Message Authentication, Reporting & Conformance (DMARC) does not recognize a Sender alignment for Domain Key Identified Mail (DKIM). The version of Mailman (2.1.12) shipped with RHEL6 cannot be configured to meet DMARC enforcement requirements for subscribers whose domains use DKIM. Notably, as of April 2014 two such domains are yahoo.com and AOL.com. In consequence, Mailman list subscribers that belong to either yahoo.com or AOL.com cannot receive any Mailman forwarded messsages whose sender resides in any domain that provides DKIM signatures. Version-Release number of selected component (if applicable): Mailman-2.1.12 How reproducible: Always Steps to Reproduce: 1. Subscribe two aol.com accounts to a Mailman mailing list. 2. Send a message from one account to the mailing list. 3. Actual results: Neither account receives the mailing list forwarded message. Expected results: Both accounts should receive the message Additional info: The DMARC configuration issue is addressed in mailman-2.1.18 released 2014-May-03. However, this project is not FHS aligned and requires a great deal of reconfiguration to meet FHS requirements. Without the FHS modifications it is all but impossible to run mailman-2.1.18 with SELinux enabled. The new version also introduces a new dependency, dnspython, for both build and installation. However, this dependency is already available in RHEL6 and is therefore readily satisfied. This is a case where the environment Mailman-2.1.12 expects is no longer available and while the software works as specified it no longer functions in practice for a very large number of users. As DKIM signatures and DMARC enforcement is reasonably anticipated to increase rather than diminish Mailman is in urgent need of an upgrade.
Thanks for reporting this issue to us. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit: https://www.redhat.com/support/process/production/#howto
*** Bug 1107397 has been marked as a duplicate of this bug. ***
I thought this was the regular channel for reporting problems.
Following this ticket. I think it's important that the DMARC patches for Mailman be included for RHEL6. In addition, I would love to see it backported to RHEL5. We do have a support contract, and I will try to make requests via the support channels.
For those folks who have Red Hat support accounts, you may wish to create a support ticket (with "business justification" for requesting expedited handling) and have them attach it to this ticket. So far, my request is the only one tied to this ticket, apparently.
To comments above: Bugzilla is NOT a good place for reporting production issues which affect Red Hat customers. Please contact Red Hat Support in the first instance. For bugs like this that's doubly true: we really need to understand the customer impact and demand for potentially disruptive changes like this, which is hard to do if we can't identify bugs with customers.
Verified on all architectures.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1417.html