On Mon, Oct 10, 2016 at 11:32 PM, Stephen J. Turnbull <[email protected]> wrote: > Jim Popovitch writes: > > > I've noticed that Mailman "hold" notifications (to:list-owner@) > > fail DMARC (if the mailing list domain has a _dmarc RR) because of > > a simple code issue..... (not calling it a bug at this point) > > I don't see how direct mail can fail DMARC if the list's host MTA is > correctly configured for SPF and DKIM. Can you give example headers > showing the problem? > > Steve >
I provided headers to Steven offline. The emails fail DMARC because the From: is the virtual list domain, but the Sender is set to the site-list (often a neutral domain used for the MTA that hosts the virtual lists). OpenDKIM signs based on the Sender (see: "MAILING LISTS" at http://www.opendkim.org/opendkim-README), so the sig is NOT aligned with From, thus failing DMARC...and getting notification emails de-prioritized or worse. I've discovered 4 more places that needed "adjustments", the totality of the most recent changes are detailed here: http://bazaar.launchpad.net/~jimpop/mailman/virtual-notices/revision/1379?&compare_revid=1374 -Jim P. ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
