subject:"\[Mailman\-Users\] DKIM signing issue \- relaying mailman e\-mails from third party sources"

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

2017-10-12 Thread Mark Sapiro

On 10/12/2017 02:15 PM, Grant Taylor via Mailman-Users wrote:
> On 10/11/2017 12:12 PM, Mark Sapiro wrote:
>> solution 2). Your mail relaying process can rewrite the envelope
>> sender to your domain, e.g., campa...@myserver.com or some other
>> appropriate @myserver.com address. This will break mailman's automated
>> bounce processing for mail from mailman-boun...@external-company.com
>> that is relayed by you, but if you can verify the deliverability of
>> that mail before relaying it and if it's not deliverable, reject it
>> before rewriting the envelope sender, that won't be an issue.
> 
> Would something like configuring the MTA to use Sender Rewrite Scheme
> help avoid this issue?


Yes. SRS, as I understand it from
, would solve the
whole problem.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

2017-10-12 Thread Grant Taylor via Mailman-Users


On 10/11/2017 12:12 PM, Mark Sapiro wrote:
solution 2). Your mail relaying process can rewrite the envelope sender 
to your domain, e.g., campa...@myserver.com or some other appropriate 
@myserver.com address. This will break mailman's automated bounce 
processing for mail from mailman-boun...@external-company.com that is 
relayed by you, but if you can verify the deliverability of that mail 
before relaying it and if it's not deliverable, reject it before 
rewriting the envelope sender, that won't be an issue.


Would something like configuring the MTA to use Sender Rewrite Scheme 
help avoid this issue?


SRS would mean that the MTA would rewrite the SMTP envelope from address 
to be a local domain that is permitted by SPF.  SRS would also decode 
any bounces and send the original address into Mailman.  -  I think.




--
Grant. . . .
unix || die
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

2017-10-11 Thread Mark Sapiro

On 10/11/2017 01:23 AM, Dlugasny via Mailman-Users wrote:
> 
> The problem is that we are sending an E-mail which looks as follow:
> 
> From: campa...@myserver.com
> Return-Path: mailman-boun...@external-company.com
> To: @gmail.com
> 
> The problem is that DKIM check on the gmail server server (and all others) 
> returning error:
> [...mailman-boun...@external-company.com](mailto:mailman-boun...@external-company.com)
>  does not designate xx.xx.xx.xx as permitted sender

This is not DKIM. it is SPF. external-company.com publishes an SPF
record that doesn't allow myserver.com as a sender. Start at
 to learn more
about SPF.

There are two solutions to this. The

Return-Path: mailman-boun...@external-company.com

header indicates that mailman-boun...@external-company.com is the
envelope sender of the message and SPF is based on the domain of the
envelope sender.

solution 1). external-company.com can augment its published SPF record
to designate your myserver.com server as a permitted sender.

solution 2). Your mail relaying process can rewrite the envelope sender
to your domain, e.g., campa...@myserver.com or some other appropriate
@myserver.com address. This will break mailman's automated bounce
processing for mail from mailman-boun...@external-company.com that is
relayed by you, but if you can verify the deliverability of that mail
before relaying it and if it's not deliverable, reject it before
rewriting the envelope sender, that won't be an issue.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

2017-10-11 Thread Dlugasny via Mailman-Users

Hallo Mark, Kolleagues,

maybe somebody will be able to help me here.

I would like to relay (also check with Antivir and sign them with DKIM) all 
Mailman e-mails from our external partners to our final customers. Relaying 
seems to work nice but we have a problem with DKIM authentication and 
Return-Path.
Mailman server needs to stay by external partners with old domains and needs to 
receive bounces. My SMTP gateway is only responsible for receiving and sending 
e-mails out from the all mailman instances.

The problem is that we are sending an E-mail which looks as follow:

From: campa...@myserver.com
Return-Path: mailman-boun...@external-company.com
To: @gmail.com

The problem is that DKIM check on the gmail server server (and all others) 
returning error:
[...mailman-boun...@external-company.com](mailto:mailman-boun...@external-company.com)
 does not designate xx.xx.xx.xx as permitted sender

How to solve that issue ? At the moment we have a DKIM key only for 
myserver.com. Why DKIM check checking Return-Path and not From address ?

Could You please help here how to manage that issue ? We simply would like to 
forward all messages from the external mailman instances installed on the 
different domains to the final customers using our sender domain 
[myserver.com.](mailto:campa...@myserver.com)

I will appreciate any feedback from Your side.

Cheers
Dlugasny
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

Re: [Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

[Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources

4 matches

Site Navigation

Mail list logo

Footer information