> On 8 Jun 2023, at 11:47, Jonas Meier via swinog <swinog@lists.swinog.ch>
> wrote:
>
> Hi Franco, Dear List
>
> Thank you for your feedback.
>
> 1) I configured mailman3 [1] dmarc_mitigate_action to "munge_from" (to
> replace the from header) and dmarc_mitigate_unconditionally to true. My
> thought was that this would mean that there can no longer be a dmarc policy
> which sets dkim to strict. This way, an invalid dkim signature would no
> longer be such a big problem. But I was probably wrong. I don't want to set
> up the mails to be re-signed overnight, maybe there is an option to remove
> the signature. If anyone has experience with mailman3 and dkim, please write
> to me directly.
The only real solution is effectively to do SRS aka "From Rewriting" to be able
to decently send emails through a mailinglist and have them not land up in
spam/junk...
The list has to remove the Original "From" and replace it with eg
jeroen+massar.ch@via.lists.swinog <mailto:jeroen+massar.ch@via.lists.swinog>.ch
Then you sign that From with your DKIM key.
To make the receiver happy that there is the 'old' DKIM header you then need to
do ARC signingt: http://arc-spec.org/
That way, a receiver knows "oh the rewrote something and they are taking
responsibility for this mail"
For Mailman there is some info here: https://wiki.list.org/DEV/DMARC
Thus the option you need to do is:
"Munge the From: header"
some other details:
https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/dmarc-mitigations.html
For ARC:
https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/docs/arc_sign.html
Greets,
Jeroen
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch