[CentOS] Passwords in plain text

Sat Jun 16 11:02:41 UTC 2018
Johnny Hughes <johnny at centos.org>

On 06/16/2018 05:50 AM, Richard via CentOS wrote:
>> Date: Saturday, June 16, 2018 05:25:05 -0500
>> From: Johnny Hughes via CentOS <centos at centos.org>
>> On 06/15/2018 05:18 PM, Richard wrote:
>>> I believe this is a DMARC issue. Yahoo, among other places, has set
>>> their dmarc records to p=reject:
>>>   dig +short txt _dmarc.yahoo.com
>>>   "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc_y_rua at yahoo.com;"
>>> So, if your mail hosting provider enforces dmarc,(gmail does) and
>>> you get mail from a list that doesn't rewrite the headers, and
>>> people from places like yahoo post to the list, you'll likely get
>>> some form of warning about being being kicked off the mailing list
>>> every now and then. The frequency depends on how often people from
>>> p=reject places post, and what the settings are for bounce
>>> handling of the mailing list in question.
>>> I believe that the current version of mailman can be configured to
>>> do the necessary header rewrites. Some lists I'm on only do the
>>> rewrites for headers of posts coming from p=reject sites (much
>>> less annoying than having them all rewritten).
>> This is indeed what happened.  An email from yahoo.com.uk caused
>> gmail to reject all the mails sent by that user because of the
>> yahoo DMARC settings.
>> We have now set the mailing list to rewrite headers.  That also has
>> set the From: of the email to the Mailing list and not the Original
>> Author. The author is moved to the CC: block and you can still
>> easily see who sent it and my email client (thunderbird) still does
>> things the same way (reply to list sends to the list, reply sends
>> to the  original author).
>>  This should prevent the yahoo/gmail (or other dmarc) issues from
>> happening again.
>> For others running mailings lists on CentOS with this issue, Red
>> Hat has back ported the 'dmarc_moderation_action' into the current
>> version of mailman that is used in RHEL and CentOS.  You can follow
>> the instructions here for Mailman 2 (for version 2.1.18) even
>> though the version in CentOS is mailman-2.1.15-26.el7_4.1
>> we will be watching the list for the next few days to see if this
>> change is working as expected.  If it id not working for other
>> email clients please let us know.
>> Great job by Brian Stinson to figure all this out :)
>> Thanks,
>> Johnny Hughes
> Thank you - one less list I'll get kicked off of regularly. 
> One note, I am seeing the author in the Reply-To: in the message
> headers, not in the visible Cc: as you indicate:
>    From: Johnny Hughes via CentOS <centos at centos.org>
>    Reply-To: Johnny Hughes <johnny at centos.org>,
>     CentOS mailing list <centos at centos.org>
> so to see the address of the sender I have to either poke through the
> headers or initiate a reply. I don't think that this is email client
> specific.

RIGHT ! .. I am showing that in Thunderbird for my emails (instead of CC
on the lists :D).  So I thought it was CC.

So in thunderbird, you should see reply to (at least I do) when viewing
the mail.  For other email clients, not sure what is seen.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20180616/a52b11ab/attachment-0004.sig>