Lance A. Brown writes:
> I found a ... a dedicated service which handles the ARC sealing.
> It's working nicely!
Great! That's a perfectly acceptable solution, and you have access to
the ARC-Authentication-Results which can be checked in Mailman's
"Header Filter" configuration section with
Header | Pattern | Action
ARC-Authentication-Results | authserv-id=$SERVICE.*(arc|dkim)=fail | Hold
where $SERVICE is a token provided by your service, I definitely
recommend holding and checking the message if ARC failed. There's no
safe reason for that to happen that I know of. DKIM and especially
DMARC do fail for various reasons, so you have to judge if there are
too many false positives. You can remove the "|dkim" part or add
additional protocols with "|spf" (for example) inside the parentheses.
> I was even able to turn off the DMARC munging on my test list
> without problems.
Be careful about this in production. Monitor your bounces and the
RBLs, this is the kind of change that warrants a period of heightened
attention. There are free "pull" services for multiple RBLs that you
have to check, and of course you can pay for "push" services that do
the monitoring and notify you of events.
Steve
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/HCVBZMQY7ZGACZ6BPG7GEDCK7YGHP4QZ/
This message sent to arch...@mail-archive.com
