Re: Issue: pglister: emails to list owners break SPF/DMARC

public inbox for pgsql-www@postgresql.org  
help / color / mirror / Atom feed

From: Célestin Matte <celestin.matte@cmatte.me>
To: pgsql-www@lists.postgresql.org
Subject: Re: Issue: pglister: emails to list owners break SPF/DMARC
Date: Fri, 24 Apr 2026 12:14:18 +0200
Message-ID: <8b93374e-e32e-42f4-a5fa-a925d86d2c57@cmatte.me> (raw)
In-Reply-To: <1aaa8202-1dfa-4316-8af6-60955882492c@cmatte.me>
References: <1aaa8202-1dfa-4316-8af6-60955882492c@cmatte.me>

On 15/09/2025 18:00, Célestin Matte wrote:
> Unlike regular mailing list emails, emails to <listname>-owner@ are forwarded as-is to mailing list owners, which means they will probably be blocked later on as the mailing list email server is not the legitimate sender. This breaks SPF/DMARC. In my case, smtp-relay.gmail.com (which I use to emit mailing list emails) refuses to forward any such email.
> 
> I did not dig too much into ways to fix this because most (if not all) emails to these address are spam anyway, some of them passing spamassassin filters. But it may be better to do things properly at some point.

Here's a patch to fix this issue. To do so, I embed the email in a moderation email sent from the moderation address.

-- 
Célestin Matte

Attachments:

  [text/x-patch] 0001-Use-template-to-forward-emails-to-mailing-list-owner.patch (3.0K, 2-0001-Use-template-to-forward-emails-to-mailing-list-owner.patch)
  download | inline diff:
From 8837dca5d3a03429ae51b0c1b4890cc23ca3666a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9lestin=20Matte?= <dev@cmatte.me>
Date: Fri, 24 Apr 2026 10:31:38 +0200
Subject: [PATCH] Use template to forward emails to mailing list owners via a
 system address

Relaying the email directly breaks SPF/DMARC. To avoid this issue,
embbed the email in a moderation email sent from the moderation
address.
---
 lib/handlers/mailhandler.py     | 26 ++++++++++++++++++++------
 mailtemplates/owner_forward.txt |  7 +++++++
 2 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 mailtemplates/owner_forward.txt

diff --git a/lib/handlers/mailhandler.py b/lib/handlers/mailhandler.py
index 71a7d4e..beb2cb0 100644
--- a/lib/handlers/mailhandler.py
+++ b/lib/handlers/mailhandler.py
@@ -15,7 +15,7 @@ from baselib.lists import CcPolicies, BccPolicies
 from mailutil.header import decode_mime_header
 from mailutil.body import get_truncated_body
 from mailutil.attachment import get_attachment_info
-from baselib.misc import generate_random_token, log, format_size
+from baselib.misc import generate_random_token, log, format_size, obfuscate_email_address
 from baselib.config import config
 from baselib.template import send_mailtemplate
 
@@ -911,12 +911,26 @@ ORDER BY 1""",
         # pass the mail on to there.
         with self.conn.cursor() as curs:
             mods = self.mlist.get_moderators()
+            context = {
+                'sender': obfuscate_email_address(self.sender),
+                'from': obfuscate_email_address(self.fromaddr),
+                'subject': self.subject,
+                'body': self._get_truncated_body(),
+                'list_name': self.mlist.name,
+                'moderator_address': self.mlist.moderator_notice_address()
+            }
+
             for email, name in mods:
-                curs.execute("INSERT INTO raw_out (sender, recipient, contents) VALUES (%(sender)s, %(recipient)s, %(contents)s)", {
-                    'sender': self.sender,
-                    'recipient': email,
-                    'contents': self.bio.getvalue(),
-                })
+                send_mailtemplate(
+                    curs,
+                    self.mlist.moderator_notice_address(),
+                    self.mlist.moderator_notice_name(),
+                    email,
+                    name,
+                    f"Email received on {self.mlist.name} list moderators address",
+                    'owner_forward.txt',
+                    context
+                )
             log(curs, 0, 'mail',
                 'Mail to list owner of {0} delivered to {1} moderators.'.format(self.mlist.name, len(mods)),
                 self.messageid)
diff --git a/mailtemplates/owner_forward.txt b/mailtemplates/owner_forward.txt
new file mode 100644
index 0000000..d122038
--- /dev/null
+++ b/mailtemplates/owner_forward.txt
@@ -0,0 +1,7 @@
+The following email was received on the list moderators address ($moderator_address):
+
+Sender:  $from ($sender)
+Subject: $subject
+List: $list_name
+
+$body
-- 
2.53.0

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: pgsql-www@postgresql.org
  Cc: celestin.matte@cmatte.me, pgsql-www@lists.postgresql.org
  Subject: Re: Issue: pglister: emails to list owners break SPF/DMARC
  In-Reply-To: <8b93374e-e32e-42f4-a5fa-a925d86d2c57@cmatte.me>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox