On 5/8/21 2:53 PM, jonathan.mailing.li...@gmail.com wrote: > > These have included "Rejected by header based Anti-Spoofing policy" (an > organisation using Mimecast recognising its own email address in the From: > header),
Recent Mailman 2.1 (>=2.1.30) has a feature to specify via address or regexp matching From: posts to which dmarc_moderation_action should apply regardless of the domain's dmarc policy. > "DMARC Verification Failed" for a domain with p=reject (despite > dmarc_moderation_action being Munge From), "This email has been delivered to > the intended recipient, but our email system has identified that DKIM > Signing is missing or has been misconfigured. Please ask your IT department > to configure DKIM Signing to allow us to confirm the authenticity of your > emails." (despite the hosting company having the right DKIM record) and > more. If the outgoing mail is DKIM signed by the Mailman host server as you say, that's the best you can do. Your from munged outgoing mail should pass DMARC. If the recipient domain is complaining about an invalid DKIM signature from the originating domain, that is a bogus complaint. RFC 6376, sec. 6.3 >https://www.rfc-editor.org/rfc/rfc6376.html#section-6.3> clearly states If the email cannot be verified, then it SHOULD be treated the same as all unverified email, regardless of whether or not it looks like it was signed. I.e., broken signatures SHOULD be treated the same as if they weren't there. > I have added REMOVE_DKIM_HEADERS = Yes to mm_cfg.py and restarted Mailman, You probably needed to do that for the second of the above complaints. Hopefully that helps. > and changed from_is_list from No to Munge From. Presumably to address the first complaint. Whether you want to munge the From: unconditionally is up to you. As I said, recent Mailman 2.1 has a feature that will enable you to do this more selectively, although I don't really think it should be the mailing list's responsibility to accommodate recipient mail domains that think that all external mail From: their domain is bogus. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
