On 10/17/2017 10:38 AM, Grant Taylor via Mailman-Users wrote: > On 10/17/2017 10:55 AM, Christian F Buser via Mailman-Users wrote: > >> However, could you please elaborate whether Mailman (version 2.x or >> 3.x) or any other mailing list software really follows your ideas? > > Yes!!! Mailman (and other MLMs) /can/ be configured to be SPF / DKIM / > DMARC compliant!
Agreed, but the above imply NOT RFC 5322 compliant. > I don't have the exact step by step details. - I'm sure others > (Mark...) on this list can give specifics on /how/ to configure Mailman. > > The high level as I understand it is to do the following: > > 1) Set dmarc_moderation_action to munge From header. This is available in both MM 2.1 and 3.1 > 2) Set REMOVE_DKIM_HEADERS to Yes (1) or 2 or 3. In MM 3, The only options are always remove or never remove. The "remove only if munging From:" and "rename" options are not in MM 3 However, it SHOULD not be necessary. Section 6.3 of RFC 4871 says in part: If the email cannot be verified, then it SHOULD be rendered the same as all unverified email regardless of whether or not it looks like it was signed. In other words, an invalid DKIM signature SHOULD be treated no differently from no signature. > 3) Send messages from the list address. I recommend VERP. Mailman sends (SMTP envelope) all messages from the list-bounces address. Both MM 2.1 and MM 3 can be configured to VERP some or all deliveries. > I would suggest that you also consider adding SPF / DKIM / DMARC for the > domain of the mailing list to apply similar protections to outgoing > messages. However that is not necessary to avoid undesired bounces. Publishing SPF and DKIM signing outgoing mail are good things. Publishing a DMARC policy and what policy to publish depend on how your server is used and what classes of mail it sends. In particular, if individuals send personal email, possibly to mailing lists From: addresses in the server's domain, I think publishing a DMARC policy other than "none" is not a good idea. On the other hand, if you are a financial institution and all mail From: your domain is official correspondence between you and clients, you are who DMARC was designed for. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org