On 11/4/19 7:42 AM, Andy Cravens wrote: > Using mailman 2.1.26. I’m auditing the lists on my server for DMARC > compliance I’ve found several list configs that do not have the DMARC action > set to “munge_from.” It appears I need to edit all those list and fix that > setting. I’ve also noticed that in mm_cfg.py there is no setting for > REMOVE_DMIM_HEADERS. I just wanted to verify the proper order for fixing > these issues. Seems like I need to correct the munge_from setting for all > the affected lists and them as quickly as possible add REMOVE_DKIM_HEADERS = > 1 to mm_cfg.py and restart. It appears that which ever task I complete first > some messages will be undeliverable until both changes are complete. Maybe > it would be best to stop mailman, complete both changes and then restart? > Just looking for the best way to do this.
REMOVE_DMIM_HEADERS has nothing do do with and should not affect DMARC. While it is true that DMARC action set to “munge_from will break DKIM, DKIM is already broken by other list modifications to the message or you wouldn't be having DMARC issues. Best practice is to Munge the From: if necessary based on the DMARK policy of the original From: domain and to DKIM sign the outgoing message with a sig from your domain which is also the munged From: domain. If you want Mailman to remove the older DKIM sigs, you can configure that, but it should have no effect one way or the other. See <https://tools.ietf.org/html/rfc6376#section-6.1>. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org