[CentOS] Passwords in plain text

[Richard]

> Date: Friday, June 15, 2018 14:55:21 -0700
> From: Akemi Yagi <amyagi at gmail.com>
>
> On Fri, Jun 15, 2018 at 9:57 AM, Gianluca Cecchi
> <gianluca.cecchi at gmail.com> wrote:
>> 
>> Il Ven 15 Giu 2018, 18:45 Larry Martell <larry.martell at gmail.com>
>> ha scritto:
>> 
>>> On Fri, Jun 15, 2018 at 12:41 PM rj coleman
>>> <rjcdevelop at gmail.com> wrote:
>>> 
>>> > Am I the only one who just received this email from this group?
>>> > Which came with my password in the email in plain text?
> 
>>> > > Your membership in the mailing list CentOS has been disabled
>>> > > due to excessive bounces The last bounce received from you
>>> > > was dated 15-Jun-2018.  You will not get any more messages
>>> > > from this list until you re-enable your membership.  You will
>>> > > receive 3 more reminders like this before your membership in
>>> > > the list is deleted.
>>> > > 
>>> I got it as well.
>>> 
>> Mee too
> 
> I also received the "has been disabled" notification. It looks like
> users with gmail addresses are affected.
> 
> CentOS admins are looking into this issue (I believe).
> 
> Akemi

I believe this is a DMARC issue. Yahoo, among other places, has set
their dmarc records to p=reject:

  dig +short txt _dmarc.yahoo.com
  "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua at yahoo.com;"

So, if your mail hosting provider enforces dmarc,(gmail does) and you
get mail from a list that doesn't rewrite the headers, and people
from places like yahoo post to the list, you'll likely get some form
of warning about being being kicked off the mailing list every now
and then. The frequency depends on how often people from p=reject
places post, and what the settings are for bounce handling of the
mailing list in question.

I believe that the current version of mailman can be configured to do
the necessary header rewrites. Some lists I'm on only do the rewrites
for headers of posts coming from p=reject sites (much less annoying
than having them all rewritten).