[lca2018-chat] DKIM and this list
Russell Coker
russell at coker.com.au
Sun Dec 31 02:58:44 AEDT 2017
http://lists.lca2017.linux.org.au/pipermail/chat/2017-January/thread.html
Could we please have this list work with DKIM messages? Above is a link to
the archives from last year's list which includes a discussion of this.
https://doc.coker.com.au/internet/dkim-and-mailing-lists/
Above is a document I wrote briefly describing the problem after the
discussion at LCA 2017 (and several discussions on the Linux Australia list).
As a very brief summary, you need to either make Mailman not modify the
messages or have it remove the DKIM signature and change the From: field if
the sender uses DMARC.
To not modify the message it has to not change the subject (a simple
configuration option), not change the encoding of the body (which seemed
impossible last time I tried it), and have the sender use "relaxed" settings
so the signature won't be broken WHEN Mailman munges the headers (which it
will always do no matter what you want).
If you remove the DKIM signature you must also change the From: field so that
mail using ADSP or DMARC doesn't get rejected by any recipients. You can make
Mailman only change the From: field for DMARC messages, but that doesn't help
people who use ADSP. Even though ADSP hasn't been recommended for some years
it was still being used by some large hosting companies last time I checked.
If you configure Mailman to change the From: field when DMARC is used then
that encourages senders to use DMARC which breaks things for list servers that
just strip DKIM headers.
Samba.org is one noteworthy domain in our community that uses DMARC.
More information about the lca2018-chat
mailing list