Alessandro Vesely via mailop skrev den 2022-11-22 10:54:
On Tue 22/Nov/2022 09:55:17 +0100 Sebastian Nielsen via mailop wrote:
The message you wrote had:
Return-Path: <mailop-boun...@mailop.org>
Authentication-Results: wmail.tana.it;
spf=pass smtp.mailfrom=mailop.org;
dkim=fail (signature verification failed) header.d=sebbe.eu;
dmarc=pass header.from=mailop.org
v=DMARC1; p=reject; sp=reject; ri=604800; rf=afrf; aspf=s; adkim=s;
rua=mailto:ab...@sebbe.eu; ruf=mailto:ab...@sebbe.eu; pct=100; fo=1;
that trigger take over domain in from: header so its basicly not origin
poster any more, but it pass dmarc, lol :)
what mailman should have done is either to reject senders with policy
reject, and only accept maillist members from policy none or quarantine
if we all did that there would be more fair problem to solve, eg make
sure maillists ips is never rejected on mta stage
in postfix there is support for smtpd_milter_maps this map can disabled
all milters if the client ip is listed 127.0.0.2 DISABLE
i use just fuglu in prequeue setup so i can reject with std smtp
i give up on specs, but dont break dkim, if mailman cant do arc-seal and
arc-sign before breaking dkim we are lost
on dmarc policy none pleas dont take over, i can turn dkim into test
mode to help :)
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
