On 06/20/2015 06:39 PM, Yasir Assam wrote: > > I'm using mailman 2.1.18 on Debian Jessie with exim4. I have full > personlisation and verp turned on. > > What should I do about DKIM? > > At the moment I preserve the original poster's DKIM header and my list's > MTA also adds DKIM to all outgoing mail.
This is the good and is the best you can do. > If I set from_is_list to Munge, hotmail users can't reply to the list, > even when they hit Reply All (if I try doing Reply All from a hotmail > account, I only see the sender's address, not the list address). If it > wasn't for this hotmail problem, I'd probably prefer to have a munged > from header. With Munge From and Full Personalization, delivered posts will be From: the list with Reply-To: the poster and To: the recipient. Hotmail is taking the Reply-To: as overriding the From: even for reply-all and with Full Personalization, the From: is the only header (other than List-Post) with the list address. > If I set from_is_list to No, the hotmail Reply All problem goes away, > but now Yahoo-sent email ends up in Yahoo's spam (i.e. if > [email protected] sends to [email protected], bob receives the email he > just posted in his spam folder, not in his inbox). I'm specifically > talking about a yahoo.com.au address (I haven't tried yahoo.com yet). Yahoo.com.au publishes DMARC p=none. Yahoo.com publishes DMARC p=reject. Without some Munge From, Wrap Message or anonymous_list transformation, yahoo.com mail will not be accepted by Yahoo, Hotmail and many other ISPs. As far as the mail from yahoo.com.au ending up in spam, removing the broken DKIM sig may help (REMOVE_DKIM_HEADERS = 2). It shouldn't matter (see below), but it may help. > Just to be clear, when from_is_list is No, the DKIM header I'm adding is > for the list domain, e.g. if the list is [email protected] then > d=example.com in my added DKIM header. > Here's an example Authentication-Results added by a gmail subscriber > receiving a post from a yahoo.com.au subscriber (names changed): > > Authentication-Results: mx.google.com; > spf=pass (google.com: domain of > [email protected] designates x.x.x.x as permitted > sender) [email protected]; > dkim=pass [email protected]; > dmarc=fail (p=NONE dis=NONE) header.from=yahoo.com.au > > So what is the recommended way of doing this? Should I not bother adding > a DKIM header to mailman-sent emails? Should I strip the original DKIM > header (REMOVE_DKIM_HEADERS) ? What you are doing is correct and good practice. Removing incoming DKIM headers probably won't help. The DKIM standard says an invalid DKIM signature and no DKIM signature SHOULD be treated the same (RFC 6376/STD 76, sec 6.3) > Is there any way I can get hotmail to reply to the list when the From: > header is munged? Is munging considered bad form (when not mitigating > DMARC reject policies)? There are a few things you can do. You can turn off Full Personalization which will leave the list address in To: and Hotmail's reply-all should include it. You can set reply_to_list to this list which will put the list address in Reply-To: (along with the poster's address), but this will make it more difficult to reply only to the poster as a simple reply will also include the list. There are some changes in this area in 2.1.19 (see <https://bugs.launchpad.net/mailman/+bug/1407098>), but I don't think they help your situation. You could modify CookHeaders.py to add the poster's address to Cc: rather than Reply-To: in your case. You should also consider using dmarc_moderation_action rather than from_is_list to only Munge From when 'necessary'. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
