Damn DMARC

So a couple of weeks or months ago, I noticed something odd with the mailing lists I run. People on Yahoo and AOL claimed that they were missing messages, and Gmail was stuffing mailing list messages from people on Yahoo or AOL into the Spam folder, even though I’d received literally hundreds of messages from those people on those mailing lists in the past.

After investigating, it turns out that both Yahoo and AOL had turned on an anti-spam feature called “DMARC”. Basically what it meant if a message came with a From line saying it was from either of those, but not coming from an approved mail sender, they were asking the rest of the net to treat it as spam. Gmail honored the DMARC request by putting it in the Spam folder, but Yahoo and AOL and some other ISPs were just bouncing the messages or throwing them away.

This DMARC was obviously a huge problem for mailing lists, because what they do is they accept an email from a person, and then send out the message to all the members of the mailing list, and most of them use the person’s email address in the From line of the mailing list message. This breaks under DMARC, because if my mailing list server recieved an email from joe.blow@yahoo and sends out a message to the mailing list members with a From: joe.blow@yahoo, then all those mail servers that implement DMARC are going to see that I’m not designated by yahoo as a valid sender of yahoo email, and they’re going to drop it.

The developers of the Mailman mailing list software were quick to offer some solutions. First they issued 2.1.16, which had a quick and dirty work-around, and then they rolled out 2.1.18, which had what I think is a much better solution. But my problem is that my mailing list server is pure Debian Stable, and I want to only install packages, not get into the hassle of installing things from source and then having to monitor if things are updated. So I waited for 2.1.18 to get backported to Debian Stable (which uses 2.1.15). I put in request tickets to get it backported. They never did. Instead, they made it a package in Debian Testing, which is less stable.

So I did some googling and discovered something called “apt pinning” that would allow me to install some Debian Testing packages on my Debian Stable system. I tried it, and it wanted to drag in a new version of python, which wanted to drag in a new version of libc, and so on. That’s just stupid – the minimum required python for 2.1.18 is exactly the same as the minimum required python for 2.1.15. Whoever set up the .deb was a little over zealous in the requirements section.

I did not particularly want to drag in unstable versions of the very core libraries of a Linux system for no reason, so my next possibility was to install it from source. That was more complicated than it should have been, but relatively painless. First I tried following the instructions that Bill Bradford pointed me at. Unfortunately, immediately it told me that “Distutils is not available or is incomplete for /usr/bin/python” and “be sure to install the -devel package”. Well, unfortunately there isn’t a “python-devel” package. I looked at the script that configure was using to determine what it was looking for, and the problem was a missing Python.h in /usr/include/python2.7/. A bit of searching, and I discovered that this was installed by a package called “python2.7-dev” – so close, but so far from the “python-devel” I had been searching for. After that, I discovered I had to install the “make” program (like I said, this was a pure server system and I hadn’t been building software on it before) and I did my “make install”. Mail seemed to flow, but I couldn’t access the web interface. Bill suggested running the “check_perms -f”, which found and fixed 26 permissions problems, but still things weren’t working. I compared the perms on a few directories between this installation and my last backup, and discovered that neither the installation program nor check_perms had noticed that the cgi-scripts in the /usr/lib/cgi-bin/mailman directory were setgid “root” instead of setgid “list”. I fixed that, and everything started to work.

Now I wanted to test whether the new “dmarc_moderation_action” setting that 2.1.18 provided would actually fix the problem. So I changed the setting on one of my mailing lists, and emailed a guy on yahoo who was on the mailing list to see if he could test it for me. Unfortunately he wasn’t around, so the next morning I bit the bullet and created a yahoo mail account and added it to that list. I tried a post by this user to the list, and it did the right thing (changed the From address to the list address, but used the Yahoo’s person name part in the person name part), and testing that gmail didn’t stuff it in the Spam folder. I made sure it doesn’t do that with non-DMARC addresses like gmail. And then I made that setting change to all my lists.

Finger crossed, and hope that there aren’t too many more updates I have to apply before a 2.1.18 or later Mailman shows up in Debian Stable.

My other kayak

Last year I found this Think Legend surf ski on Craigslist. Poor guy had bought it because he wanted a fast kayak and didn’t realize there is a skill progression required. I’m almost a good enough paddler to manage it. Last year I paddled it a lot, trying to master it. But this year I’ve hardly touched it. You see, last year my other surf ski was a ancient V10 Sport in club layup, so the fact that the Legend was their cheap layup and was heavy as hell didn’t bother me. After all, it was narrower and longer than the V10 Sport so I knew if I ever mastered it I’d be faster in it. And by the end of the year I could handle it in a straight line and on flat water. I used it in a couple of races on the canal and did ok with it.

But this year I’ve had a change of plans. I got a V10 Sport in ultra layout, and it’s so light it makes the weight of the Legend seem like paddling a brick. A tippy unstable brick. Plus I’ve become really enamored of paddling on the lake, with all the waves and boat wakes and other stuff I used to hate. Plus I signed up for the Lighthouse to Lighthouse (L2L) race, my first ocean race, and I’m committed to paddling the Blackburn Challenge next year. So I’ve been all about the V10 Sport this year and neglecting the Legend.

But I did do a bit of a time trial one against the other on the canal and it appears that the Legend might be a tiny bit faster on the flat. And when I’ve hit a bit of a wake, it seems like the Legend has the potential to be really fast in the surf. If only I could keep it upright. If and when that day happens, I’m seriously thinking of getting a light high performance boat, either another Think Legend (if I can find one) or a V12 or whatever turns up on the used market.

I paddle the Legend one night a week – Mike and I call it “tippy boat night”. I guess after l2L I should up that to two or three times a week. Unfortunately last time I dropped it on the dock, putting a rather deep looking crack in it. It’s probably repairable, but I fear it will be a bad idea it paddle it until it’s fixed. Plus the patch will make my heavy boat even heavier. So I guess no tippy boat night until it’s fixed.

Lots and lots and lots of paddling

Remember how when I first started paddling I used to blog about every workout? These days, I don’t bother. I paddle 5 times a week, and there would just be no way to keep up with that. Also, I’m starting to pile on the miles (kilometers) in preparation for the Lighthouse To Lighthouse race in a couple of weeks. The race is 14 miles (22.5 km) and it’s on Long Island Sound, which isn’t the open ocean but it’s likely to be quite different that what I’m used to. So every weekend and some Tuesdays you’ll find me and Mike F out grinding out long paddles on Lake Ontario.

I looked at my stats, and 2010, the year before my surgery, I did 18 paddles of longer than 15 km. So far this year, I’ve done 27. All but one of my paddles over 20 km have been in the last month or so. Case in point, today we did 25 km.

Several of our paddles recently have been battling boat wakes from every direction at once, which is probably good practice but it’s no fun at all. Today we got a really early start (7:30) to try and avoid the boat wakes. We probably needn’t have bothered – the lake “turned over” early this week and the skies were overcast and grey. There was a wicked wind from the south, which is no help at all, and a low amplitude long period swell coming from the north west, which we hoped would provide a bit of help on the way back.

We set off towards the west, keeping tight into shore to avoid the south wind. It was a bit of a balancing act, trying to keep out of the slow shallow water but remain mostly in the wind shadow at shore. Sometimes it didn’t work. One advantage of staying in close was we got to see more scenery – people out walking their dogs on the beach, people taking their morning coffee on their decks, and in one place, 11 deer, including babies with their white spots, coming down to the shore to drink. We paddled a bit slower than usual, and Mike and I paddled beside each other instead of him riding my wake as is often the case. My heart rate was ticking over in the low 110s mostly, which is lower than I’d like, but to go harder would mean losing Mike’s company.

Right smack dab in the middle of the trip in each direction we had to swing away from the shelter of shore to clear the end of the break wall at the river. This is a dicey spot – you’ve got the waves and wind from the south, the swell from the north west, and all sorts of reflections of both of those. However this time, because we left early and because the conditions weren’t optimal for pleasure boats, we didn’t have the usual confusing maelstrom of boat wakes on top of it. It wasn’t too difficult, but even so my heart rate went over 130.

As usual on these paddles, I normally just keep heading out until Mike suggests we turn back. Usually he does it just after I’ve decided “ok, at the next kilometer/point/whatever, I’m going to suggest we turn back”, but it’s good for my ego to make it look like it was his idea. This time it was just seconds after my GPS beeped at the 12 km point – I was going to tough it out to 12.5 or 13, but that’s good too.

As we turned, we did our homage to Oscar Chalupski and shortened our paddles. I wanted to get a bit higher heart rate, so I increased my speed and started towing Mike in my stern wake. That worked out pretty well – with a little assistance from the north west swell at my back, I was nearly 1.5 km/hr faster than on the way out. And all was well until once again we had to leave the wind shadow of the shore to swing around the river break wall. The wind blown off shore waves were bigger, and now it seems like every sailboat at the Rochester Yacht Club is heading out to the lake. Mike lost his place on my wake and started falling behind. Now I’m faced with trying to navigate this mess, but also trying not get so far ahead that I can’t check in Mike and possibly circle back if he needs help. But I don’t want to slow down, so I quickly cross the river and head directly into the wind, then circle back to Mike as he gets about half way between the end of the break wall and shore.

After we get back in the wind shadow, it’s clear that Mike is spent. He can’t even stay on my wake anymore. I don’t want to slow down, so what I start doing is paddling ahead until my GPS beeps for another kilometer mark, then circling back around Mike. That’s literally circling – I don’t have to paddle in the reverse direction, just turn 360 degrees. And even then it usually takes me to about 400 meters or more before I catch and pass Mike. It probably would have been better for Mike, who was clearly suffering, if I’d slowed down and given him a wake he could hold, but out on the water I was only thinking of my training needs and I wanted to know I could still increase my speed at will.

The circling increased my total distance – we’d turned back at almost exactly 12 km, but I finished at 24.9 km. and afterwards I still had enough energy to carry Mike’s boat back to his car for him.