cambio impostazioni lista

Francesco Potortì pot@gnu.org
Gio 25 Lug 2019 14:41:22 CEST


Cari traduttori,

intorno a ferragosto la lista subirà un cambio di impostazioni, per
sfruttare il sistema di autenticazione DMARC che usa le firme DKIM.

Chi filtra basandosi sull'oggetto è inviato a cambiare il filtro e usare
(opzione consigliata) il campo "List-id:" o in alternativa il campo
"From" dell'envelope.

Il motivo è che non verrà fatto più alcun cambiamento al messaggio
originale, quindi non verrà più aggiunto un prefisso [www-it-traduzioni]
all'oggetto e non verrà più aggiunta una firma in fondo che indica la
nostra pagina http://savannah.gnu.org/projects/www-it/

La prima informazione rimarrà comunque presente nell'header "List-id:".
Non ho capito se sparirà anche il campo "Reply-to:" che attualmente
usiamo, sto chiedendo chiarimenti.

Questo cambiamento semplificherà la vita agli iscritti il cui fornitore
email utilizza DMARC come parte del sistema antispam.  Per chi è
interessato ai dettagli, di seguito la comunicazione degli
amministratori di gnu.org.

-- 
fp

________________________________________________________________
Date: Wed, 17 Jul 2019 14:47:09 -0400
From: sysadmin@gnu.org
Subject: DMARC related settings have been changed for the Mailman list www-it-traduzioni

The Free Software Foundation is making changes to our GNU Mailman
systems.

This is a long email, so I want to mention up front that we plan to
change the list settings of this list again in about 1 month unless a
list administrator or moderator opts out. Read below for more
information.

You are being notified because you are listed as a moderator or
administrator of the list.

Messages sent from users with strict DMARC policy domains like yahoo.com
are often being rejected when sent to list subscribers by Mailman. See
the end of this email for a technical overview of DMARC and DKIM. There
are two ways to fix the issue by changing Mailman list settings.

The first option, and the preferable way for discussion lists, is what
we call the "unmodified message fix." There are Mailman list settings
which modify the messages by adding a subject prefix (e.g. [list-name])
or a footer. Modifying the message breaks DKIM message signatures and
thus DMARC. Following this option, we would turn those settings
off. Many lists are already this way and there is no change for
them. Instead of using the subject prefix to identify a list,
subscribers should use the "List-Id" header, To, and Cc.  List footer
information can also be be put in the welcome email to subscribers and
the list information page by list administrators.

Related to this, on June 7th, we upgraded the version Mailman that we
run. This fixed a bug where we were breaking the DKIM signature of any
reply message.

The second option is for lists which want or need to continue to modify
the message, for example with subject prefix or footer settings. We
would enable a Mailman list setting called dmarc_moderation_action:
"Munge From". With this setting, if a strict DMARC sender sends to the
list, we alter the headers of that message like so:

A message sent to the list:

To: alist@listdomain
From: Anne Example Person <exampleperson@examplepersonsdomain>

Is modified my Mailman and sent to subscribers as:

To: alist@listdomain
From: Anne Example Person via Alist <alist@listdomain>
Reply-To: Anne Example Person <exampleperson@examplepersonsdomain>

Without going into all of the details, here's a few points about why we
concluded the unmodified message fix is better for discussion
lists. Email clients don't all treat munged messages the same way as
unmunged, and humans read these headers so it can confuse people,
causing messages not to be sent to the expected recipients. GNU Mailman
has an option to do "Munge From" always, but does not recommend using
it[1]. While we're not bound by what others do, it's worth noting that
other very large free software communities like Debian GNU/Linux have
adopted the unmodified message fix[2]. The unmodified messages fix
avoids breaking DKIM cryptographic signatures, which show the message was
authorized by the signing domain.

Since this list appears to be a discussion list that adds subject
prefixes or footers, "Munge From" has been turned on as an initially
less disruptive fix, but we will change this lists settings to send
unmodified messages in one month from now unless a list
administrator/owner or moderator opts this list out of the change.

To opt this list out, reply to sysadmin@gnu.org, append "opt out" to the
subject line, and send it from one of the list administrator or
moderator email addresses.

We will notify the list directly a few days before making prefix &
footer change.

For any Mailman list administrator who wants to change or look over the
relevant settings: The dmarc_moderation_action setting is under "Privacy
Options" subsection "Sender Filters". The only options that should be
selected are "Accept" or "Munge From", along with corresponding changes
to the subject_prefix option under "General Options", and msg_footer is
under "Non-digest options".

Please send any questions that should be public to mailman@gnu.org. For
private ones, just reply to sysadmin@gnu.org.

For the general announcement of these changes, please read

https://lists.gnu.org/archive/html/savannah-hackers-public/2019-06/msg00018.html



A short DMARC technical overview:

DMARC policy is a DNS txt record at a _dmarc subdomain. For example:

$ host -t txt _dmarc.yahoo.com
_dmarc.yahoo.com descriptive text "v=DMARC1; p=reject; pct=100;
rua=mailto:address@hidden;";

The only important thing there for our purpose is p=reject. p=reject
means that conforming mail servers that receive mail with a from header
of *@yahoo.com will reject that email unless it was either 1. sent from
Yahoo's email servers, or 2. its DKIM signature is verified. A DKIM
signature[5] is a public key cryptographic signature of the email body
and some headers included in the message header "DKIM-Signature". A
verified DKIM signature means that email body and signed headers have
not been modified.

Comprehensive resources about DMARC tend to downplay or ignore its
problems, but some that have helped me are Wikipedia[6], the Mailman
wiki[1], dmarc.org wiki[7], and the DMARC rfc[8].



[1]: https://wiki.list.org/DEV/DMARC
[2]: https://lists.debian.org/debian-devel-announce/2015/08/msg00003.html
[5]: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
[6]: https://en.wikipedia.org/wiki/DMARC
[7]: https://dmarc.org/wiki/FAQ#senders
[8]: https://tools.ietf.org/html/rfc7489

Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org


Maggiori informazioni sulla lista tp