Re: [Mailman-Users] List DMARC compliance reconfiguration

[Mark Sapiro]

On 11/4/19 7:42 AM, Andy Cravens wrote:
> Using mailman 2.1.26.  I’m auditing the lists on my server for DMARC 
> compliance I’ve found several list configs that do not have the DMARC action 
> set to “munge_from.”  It appears I need to edit all those list and fix that 
> setting.  I’ve also noticed that in mm_cfg.py there is no setting for 
> REMOVE_DMIM_HEADERS.  I just wanted to verify the proper order for fixing 
> these issues.  Seems like I need to correct the munge_from setting for all 
> the affected lists and them as quickly as possible add REMOVE_DKIM_HEADERS = 
> 1 to mm_cfg.py and restart.  It appears that which ever task I complete first 
> some messages will be undeliverable until both changes are complete.  Maybe 
> it would be best to stop mailman, complete both changes and then restart?  
> Just looking for the best way to do this.


REMOVE_DMIM_HEADERS has nothing do do with and should not affect DMARC.
While it is true that DMARC action set to “munge_from will break DKIM,
DKIM is already broken by other list modifications to the message or you
wouldn't be having DMARC issues.

Best practice is to Munge the From: if necessary based on the DMARK
policy of the original From: domain and to DKIM sign the outgoing
message with a sig from your domain which is also the munged From: domain.

If you want Mailman to remove the older DKIM sigs, you can configure
that, but it should have no effect one way or the other. See
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] List DMARC compliance reconfiguration

[Andy Cravens]

Using mailman 2.1.26.  I’m auditing the lists on my server for DMARC compliance 
I’ve found several list configs that do not have the DMARC action set to 
“munge_from.”  It appears I need to edit all those list and fix that setting.  
I’ve also noticed that in mm_cfg.py there is no setting for 
REMOVE_DMIM_HEADERS.  I just wanted to verify the proper order for fixing these 
issues.  Seems like I need to correct the munge_from setting for all the 
affected lists and them as quickly as possible add REMOVE_DKIM_HEADERS = 1 to 
mm_cfg.py and restart.  It appears that which ever task I complete first some 
messages will be undeliverable until both changes are complete.  Maybe it would 
be best to stop mailman, complete both changes and then restart?  Just looking 
for the best way to do this.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org