[Mailman-Users] Re: Trouble with DMARC on Mailing Lists
onyeibo via Mailman-Users writes: > I was wondering if there is justifcation for OpenARC here. > Is that standard still in use? Mailman 2 probably never will implement the ARC protocol unless a 3rd party picks up maintenance and development (Mailman 3 does, though), but like most things that have to do with mail authentication and filtering it's much more efficient to implement it at the border MTA. It's in use by the large serious providers (both Gmail and pre-Verizon Yahoo! implemented it, I don't know about current Verizon/AOL/Yahoo! or Microsoft/o365/Hotmail, but the latter seems to me to be likely to do so). I'm not sure whether many smaller providers use it. It's not obvious how much value-added there is to using it for Google; they always seem to do their own thing in the Gmail MUA, and their content-based spam detection seems to be very good. I get a fair number of pretty spammy lists that I have indeed signed up for -- manufacturers of my stuff, my Congresscritters) on my Gmail account, and they rarely if ever end up in spam (they're all announce lists, though, so they wouldn't fall afoul of DMARC anyway). On the other hand I rarely get spam that doesn't end up in the spam folder there. Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Trouble with DMARC on Mailing Lists
Hi Mark On Friday, July 2nd, 2021 at 5:55 AM, Mark Sapiro wrote: > > The Mailman server is trying to DKIM sign the outgoing mail, but > > opendkim on that server is misconfigured. It should have > > SenderHeaders List-Post,Sender,From > > in it's opendkim.conf so that it signs list mail with the list's domain. > > See the MAILING LISTS section near the bottom of > > http://www.opendkim.org/opendkim-README > Thank you for that. I was wondering if there is justifcation for OpenARC here. Is that standard still in use? Regards Onyeibo -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: Trouble with DMARC on Mailing Lists
On 7/1/21 9:11 PM, Onyeibo wrote: The email from my VPS arrives at the organization's server and passes authentication (including SPF/DKIM/DMARC checks) If the address is not a mailing list, dovecot delivers the email to local/virtual accounts without errors. It is all fine for regular destinations. If the address belongs to a mailing list, Mailman receives the email and includes it in the archives. Something goes wrong at this stage (i.e. when Mailman begins to send copies to subscribers). The log records the following: Jul 01 11:51:35 mail.organization.com opendkim[663]: 40D84274532: no signing table match for 'onye...@mydomain.com' Jul 01 11:51:35 mail.organization.com opendmarc[826730]: 40D84274532: mydomain.com fail It appears the mail server hosting Mailman on the other end wants to sign my email all over again before sending out copies to the list subscribers. The signing fails for obvious reasons. The host cannot possibly have signing keys for every subscribed domain on the list. The result is that Mailman archives an email that subscribers never see. The Mailman server is trying to DKIM sign the outgoing mail, but opendkim on that server is misconfigured. It should have SenderHeaders List-Post,Sender,From in it's opendkim.conf so that it signs list mail with the list's domain. See the MAILING LISTS section near the bottom of http://www.opendkim.org/opendkim-README -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/