[Mailman-Users] Re: DKIM signatures

2025-01-30 Thread jerry.barnabee--- via Mailman-Users 
I open a ticket with CPANEL and they figured out what was happening. Looks like 
Imunify 360 email was stripping the dkim signature off of the mailman messages. 
Who would have thunk it  I turned the email process off and sent out a 
message and lo and behold it was dkim compliant.

Thanks for helping me get to the bottom of this.
JerryB
--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-30 Thread Mark Sapiro 

On 1/30/25 14:15, jerry.barnabee--- via Mailman-Users wrote:

all of the non-mailman emails get signed by 
template.missourimasternaturalists.org



Which also appears to be the sender domain for list mail. so I'm lost as 
to why list mail isn't signed.


This is a question for an Exim support resource. There is a mailing list 
at 
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ 
that might be helpful.



how do I execute that command ??
  ${perl{get_dkim_domain}}


You could try
```
perl get_dkim_domain
```
at a command prompt but that may only work in an Exim environment.


return a domain or list of domains including the mailman list domain?


However, since the mailman sender seems to be 
@template.missourimasternaturalists.org

 and other mail from that domain is signed, that's not the issue.

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-30 Thread jerry.barnabee--- via Mailman-Users 
all of the non-mailman emails get signed by 
template.missourimasternaturalists.org

how do I execute that command ??
 ${perl{get_dkim_domain}}
return a domain or list of domains including the mailman list domain?

JerryB
--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-30 Thread Mark Sapiro 

On 1/30/25 11:55, jerry.barnabee--- via Mailman-Users wrote:

Here is the code that Is in the exim.conf - but looks like greek to me :)
I do know that all of the domains are listed and have correct dkim entries in 
the dns.
Do you know of anyone that actually has a mailman 2.1.39 installation that does 
add dkim signatures to the mailman emails ?



mail.python.org runs Mailman 2.1.39+ for many lists in addition to 
running Mailman 3 for many other lists and all outgoing mail from both 
Mailman 2 and Mailman 3 lists is properly DKIM signed.


But the mailman version is irrelevant as the DKIM signing is done by 
Postfix.


In your case, the significant thing is cPanel's Mailman 2.1.39 because 
the issue is in Exim as configured by cPanel. You want to hear from 
someone running cPanel Mailman that does add dkim signatures to the 
mailman emails.



mailman_virtual_transport > driver = pipe

...

mailman_virtual_transport_nodns:
driver = pipe


The above transports are for mail to Mailman, not mail from Mailman.

The transport below is the relevant one.


dkim_remote_smtp:
  driver = smtp
  interface = <; ${if > \
{${extract \
{size} \
{${stat:/etc/mailips}} \
}} \
{0} \
{${lookup \
{${lc:${perl{get_message_sender_domain \
lsearch{/etc/mailips} \
{$value} \
{${lookup \
{${if match_domain \
{$original_domain} \
{+relay_domains} \
{${lc:$original_domain}} \
{} \
}} \
lsearch{/etc/mailips} \
{$value} \
{${lookup \
{${perl{get_sender_from_uid}}} \
lsearch*{/etc/mailips} \
{$value} \
{} \
}} \
}} \
}} \
}
  helo_data = ${if > \
{${extract{size}{${stat:/etc/mailhelo \
{0} \
{${lookup \
{${lc:${perl{get_message_sender_domain \
lsearch{/etc/mailhelo} \
{$value} \
{${lookup \
{${if match_domain \
{$original_domain} \
{+relay_domains} \
{${lc:$original_domain}} \
{} \
}} \
lsearch{/etc/mailhelo} \
{$value} \
{${lookup \
{${perl{get_sender_from_uid}}} \
lsearch*{/etc/mailhelo} \
{$value} \
{$primary_hostname} \
}} \
}} \
}} \
{$primary_hostname} \
}
  dkim_domain = ${perl{get_dkim_domain}}


I think the above may be the the issue. Does ${perl{get_dkim_domain}} 
return a domain or list of domains including the mailman list domain?


Your list domain is apparently template.missourimasternaturalists.org. 
Is mail which is DKIM signed From: that domain or from some other 
domain, maybe missourimasternaturalists.org.



  dkim_selector = default
  dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
  dkim_canon = relaxed
  hosts_try_chunking = 198.51.100.1
  message_linelength_limit = 2048
.ifdef ARCSIGNING
arc_sign = 
$primary_hostname:default:/var/cpanel/domain_keys/private/$primary_hostname:default
.endif


--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-30 Thread jerry.barnabee--- via Mailman-Users 
Here is the code that Is in the exim.conf - but looks like greek to me :)
I do know that all of the domains are listed and have correct dkim entries in 
the dns.
Do you know of anyone that actually has a mailman 2.1.39 installation that does 
add dkim signatures to the mailman emails ?
Thanks,
JerryB

mailman_virtual_transport:
   driver = pipe
   command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
 '${if def:local_part_suffix \
   {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
   {post}}' \
 ${perl{untaint}{${lc:$local_part}_${lc:$domain}}}
   current_directory = /usr/local/cpanel/3rdparty/mailman
   home_directory = /usr/local/cpanel/3rdparty/mailman
   user = mailman
   group = mailman




mailman_virtual_transport_nodns:
   driver = pipe
   command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
 '${if def:local_part_suffix \
   {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
   {post}}' \
 ${perl{untaint}{${lc:$local_part}}}
   current_directory = /usr/local/cpanel/3rdparty/mailman
   home_directory = /usr/local/cpanel/3rdparty/mailman
   user = mailman
   group = mailman


=

dkim_remote_smtp:
 driver = smtp
 interface = <; ${if > \
   {${extract \
   {size} \
   {${stat:/etc/mailips}} \
   }} \
   {0} \
   {${lookup \
   {${lc:${perl{get_message_sender_domain \
   lsearch{/etc/mailips} \
   {$value} \
   {${lookup \
   {${if match_domain \
   {$original_domain} \
   {+relay_domains} \
   {${lc:$original_domain}} \
   {} \
   }} \
   lsearch{/etc/mailips} \
   {$value} \
   {${lookup \
   {${perl{get_sender_from_uid}}} \
   lsearch*{/etc/mailips} \
   {$value} \
   {} \
   }} \
   }} \
   }} \
}
 helo_data = ${if > \
   {${extract{size}{${stat:/etc/mailhelo \
   {0} \
   {${lookup \
   {${lc:${perl{get_message_sender_domain \
   lsearch{/etc/mailhelo} \
   {$value} \
   {${lookup \
   {${if match_domain \
   {$original_domain} \
   {+relay_domains} \
   {${lc:$original_domain}} \
   {} \
   }} \
   lsearch{/etc/mailhelo} \
   {$value} \
   {${lookup \
   {${perl{get_sender_from_uid}}} \
   lsearch*{/etc/mailhelo} \
   {$value} \
   {$primary_hostname} \
   }} \
   }} \
   }} \
   {$primary_hostname} \
}
 dkim_domain = ${perl{get_dkim_domain}}
 dkim_selector = default
 dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
 dkim_canon = relaxed
 hosts_try_chunking = 198.51.100.1
 message_linelength_limit = 2048
.ifdef ARCSIGNING
arc_sign = 
$primary_hostname:default:/var/cpanel/domain_keys/private/$primary_hostname:default
.endif
--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-28 Thread Mark Sapiro 

On 1/28/25 11:55, jerry.barnabee--- via Mailman-Users wrote:


Event:  success success
Sender User:-remote-
Sender Domain:  

From Address:   [email protected]


So this is mail from a list.

...

Router: dkim_lookuphost
Transport:  dkim_remote_smtp


And this transport seems by its name to be one that should be doing DKIM 
signing so something in the configuration of that transport is skipping 
the DKIM signing for Mailman list mail or perhaps the mail which is 
signed uses a different transport in which case, the issue may be in the 
router. Does the dkim_domain setting in the transport include the list 
domain?


--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-28 Thread jerry.barnabee--- via Mailman-Users 
When I look at "email sent summary" (see below) it shows that the other email 
made it to and was accepted by your email server ... so since it is not in your 
inbox it should be in your spam/junk folder ... 
the message got set via the mailing list: 
[email protected]

I sent you the exim configs in a separate email as you suggested.

JerryB

Event:  success success
Sender User:-remote-
Sender Domain:  
>From Address:  [email protected]
Sender: 
Sent Time:  Jan 28, 2025, 10:38:10 AM
Sender Host:
Sender IP:  
Authentication: localdelivery
Spam Score: 
Recipient:  [email protected]
Delivered To:   [email protected]
Delivery User:  -remote-
Delivery Domain:
Router: dkim_lookuphost
Transport:  dkim_remote_smtp
Out Time:   Jan 28, 2025, 10:38:10 AM
ID: 1tcobl-0003JyD-2Leu
Delivery Host:  smtpgwin.cc.tsukuba.ac.jp
Delivery IP:207.54.83.63
Size:   79.83 KB
Result: Accepted
--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-28 Thread Stephen J. Turnbull 
Jerry Barnabee via Mailman-Users writes:

 > Thanks for your reply. I am replying directly to your email as I
 > didn't see your reply in the threads of my original post.

It's there in the archive.  I recently retired and they cut off my
email for several months (despite being reemployed part-time), so U
may have been unsubscribed.  For that reason it may have been held for
approval by the moderators.

 > My guess is that you are not getting complaints because it is just
 > recently that the big name email servers (gmail, yahoo, icloud,
 > microsoft) have just recently started enforcing the DKIM standard

DMARC is ten years old: there was a huge kerfluffle in April 2014 when
DMARC p=reject was rolled out by Yahoo! and AOL early the development
of the standard.  DKIM itself is several years older, depending on how
you count earlier DomainKeys standards.

I am pretty sure that if there were a widespread problem we *would*
hear about it frequently because we do get a lot of traffic about
problems that Mailman can do nothing about, but only show up with
Mailman because related software is not working correctly or remote
sites have a list-unfriendly policy.

 > and what makes it worse is that they all seem to be taking
 > different approaches to that enforcement.

This is true.  Google is especially pernicious, as they advertise
p=none but then turn around and enforce it on their own users.

 > Could also be that most of the mailman users are using mailman 3.xx

Irrelevant.  Neither Mailman 2 nor Mailman 3 supports DKIM signing.
Sufficiently recent versions of both support "via $LIST" rewriting of
the From header, which should get you past DMARC.  But you need to do
the outgoing DKIM signatures yourself.  As Mark said, the best way to
do DKIM signature is via the MTA.

 > In my environment (WHM/CPANEL) mailman version 2.1.39  is not DKIM
 > signing the mailman emails.

No version of Mailman we distribute does DKIM signing.  That's an MTA
function.

 > All other emails that my domains send out are being DKIM signed -
 > so it looks like EXIM is doing it's job on all outgoing mail except
 > that being sent by mailman ...

Then that's an Exim configuration problem.  You have an MTA that does
DKIM signing, you just need to persuade it to sign Mailman traffic.

 > I have added you to a mailing list on my test server and will send
 > a message out. You will see that it does not have a DKIM signature
 > from the domain that is sending the emails out

Yes I saw that post, and confirmed it has no DKIM signature.  I did
not expect one, since you reported that as a problem.  I haven't seen
the separate email you said you would send, though.

 > My VPS is OS Alma Lunix 9.x on which I installed WHM/CPANEL
 > (124.0.23),  CloudLinux 9.5 and Imunify 360.

None of this is likely to be relevant to the issue.  What I would
really like to see is your Exim configuration (the whole thing).  If
you worry about exposing it to the public, you can send it to me by
direct mail.  If there are sensitive parts, you can redact them but it
would be a good idea to explain what was in the redacted parts.

Steve

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-28 Thread Stephen J. Turnbull 
jerry.barnabee--- via Mailman-Users writes:

 > CPANEL does all the heavy lifting for me - e.g. I don't have to add
 > any code anywhere - the only thing that I have to do is make sure
 > the correct spf, dkim and dmarc dns records exist on my name server
 > for each of my domains- which they do. Pretty sure opendkim is not
 > being used by CPANEL.

I assume that cPanel uses *something*, and that it's reasonably sane
by default.  The combination of Mailman and cPanel is common enough
that I expect we would be inundated with complaints about DKIM if it
wasn't.  Unfortunately, cPanel doesn't seem to provide publicly
available documentation, so I can't say more than that.

 > I check if I can see any DKIM settings in EXIM

Exim4 (unlike Postfix and Sendmail) does implement DKIM itself.  It
uses different criteria (probably settings in individual router or
transport stanzas?) to determine how to sign a message.  As far as I
can see, there's nothing like the SenderHeaders parameter Mark
mentioned.  The documentation for current Exim4 and DKIM is in
https://exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_srs_and_dmarc.html
It looks pretty straightforward (but I haven't configured an Exim4
system in a decade).


--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-28 Thread Jerry Barnabee via Mailman-Users 
Stephen,

Thanks for your reply. I am replying directly to your email as I didn't see 
your reply in the threads of my original post.

My guess is that you are not getting complaints because it is just recently 
that the big name email servers (gmail, yahoo, icloud, microsoft) have just 
recently started enforcing the DKIM standard and what makes it worse is that 
they all seem to be taking different approaches to that enforcement. Could also 
be that most of the mailman users are using mailman 3.xx - but unfortunately 
CPANEL does not support that version -  they recently let me know that they are 
going to continue to support mailman 2.xx even though it is no longer being 
maintained by python so hopefully we can get them involved in finding a 
solution.

In my environment (WHM/CPANEL) mailman version 2.1.39  is not DKIM signing the 
mailman emails. All other emails that my domains send out are being DKIM signed 
- so it looks like EXIM is doing it's job on all outgoing mail except that 
being sent by mailman ...

I have added you to a mailing list on my test server and will send a message 
out. You will see that it does not have a DKIM signature from the domain that 
is sending the emails out - that is if you get the email at all - I can see if 
your email server rejects the email - but if it does I can not see if it 
actually makes it to your inbox .

I will send you a separate email letting you know that I sent a message thru 
the mailing list - so if it does not make it to your inbox you can check your 
spam/junk folder.

My VPS is OS Alma Lunix 9.x on which I installed WHM/CPANEL (124.0.23),  
CloudLinux 9.5 and Imunify 360.

So i just sent out a message via a mailman list  
([email protected] 
) - lets see if you get 
it.

My server tells me it made it to your email server and was accepted.



JerryB







> On Jan 27, 2025, at 8:40 AM, Stephen J. Turnbull  
> wrote:
> 
> jerry.barnabee--- via Mailman-Users writes:
> 
>> CPANEL does all the heavy lifting for me - e.g. I don't have to add
>> any code anywhere - the only thing that I have to do is make sure
>> the correct spf, dkim and dmarc dns records exist on my name server
>> for each of my domains- which they do. Pretty sure opendkim is not
>> being used by CPANEL.
> 
> I assume that cPanel uses *something*, and that it's reasonably sane
> by default.  The combination of Mailman and cPanel is common enough
> that I expect we would be inundated with complaints about DKIM if it
> wasn't.  Unfortunately, cPanel doesn't seem to provide publicly
> available documentation, so I can't say more than that.
> 
>> I check if I can see any DKIM settings in EXIM
> 
> Exim4 (unlike Postfix and Sendmail) does implement DKIM itself.  It
> uses different criteria (probably settings in individual router or
> transport stanzas?) to determine how to sign a message.  As far as I
> can see, there's nothing like the SenderHeaders parameter Mark
> mentioned.  The documentation for current Exim4 and DKIM is in
> https://exim.org/exim-html-current/doc/html/spec_html/ch-dkim_spf_srs_and_dmarc.html
> It looks pretty straightforward (but I haven't configured an Exim4
> system in a decade).
> 
> 

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-25 Thread Mark Sapiro 

On 1/25/25 12:30, jerry.barnabee--- via Mailman-Users wrote:

CPANEL does all the heavy lifting for me - e.g. I don't have to add any code 
anywhere - the only thing that I have to do is make sure the correct spf, dkim 
and dmarc dns records exist on my name server for each of my domains- which 
they do. Pretty sure opendkim is not being used by CPANEL.


Then this is a cPanel issue.


Is python.org using mailman 2.x or 3.x ?

The reason I ask is that the email the python.org list sent out was DKIM signed 
correctly.


python.org has both Mailman 2 and Mailman 3 lists. This list is Mailman 
3, , but that's irrelevant as all the DKIM signing is done by the MTA 
using opendkim.



The email I got from msapiro.net did not pass DKIM nor DMARC which is not 
always fatal - since I did get your email, but more email servers are starting 
to pay more attention to those failures - and causing those of use that use 
mailman to distribute emails to be getting more and more frustrated with things 
not being signed and causing failures of one kind or another  I check if I 
can see any DKIM settings in EXIM - but there is a reason I use a WHM/CPANEL on 
my VPS servers - unix administration is not my strong suit ... about all I can 
say is that I do know how to spell unix .


My post that you receive from the list should contain two DKIM 
signatures. One sig from the msapiro.net domain will be broken because 
of list transformations such as subject prefixing and addition of the 
list footer[1], but there will be another sig from the python.org domain 
which should be valid and the mail should pass DKIM. It won't pass DMARC 
because of From: domain misalignment, but msapiro.net publishes DMARC 
policy = none so it shouldn't matter.


[1]The broken DKIM sig should be ignored, From 
https://www.rfc-editor.org/rfc/rfc6376.html#section-6.1


  INFORMATIVE NOTE: The rationale of this requirement is to permit
  messages that have invalid signatures but also a valid signature
  to work.  For example, a mailing list exploder might opt to leave
  the original submitter signature in place even though the exploder
  knows that it is modifying the message in some way that will break
  that signature, and the exploder inserts its own signature.  In
  this case, the message should succeed even in the presence of the
  known-broken signature.

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-25 Thread jerry.barnabee--- via Mailman-Users 
CPANEL does all the heavy lifting for me - e.g. I don't have to add any code 
anywhere - the only thing that I have to do is make sure the correct spf, dkim 
and dmarc dns records exist on my name server for each of my domains- which 
they do. Pretty sure opendkim is not being used by CPANEL.

Is python.org using mailman 2.x or 3.x ?

The reason I ask is that the email the python.org list sent out was DKIM signed 
correctly.
The email I got from msapiro.net did not pass DKIM nor DMARC which is not 
always fatal - since I did get your email, but more email servers are starting 
to pay more attention to those failures - and causing those of use that use 
mailman to distribute emails to be getting more and more frustrated with things 
not being signed and causing failures of one kind or another  I check if I 
can see any DKIM settings in EXIM - but there is a reason I use a WHM/CPANEL on 
my VPS servers - unix administration is not my strong suit ... about all I can 
say is that I do know how to spell unix .
--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-25 Thread Mark Sapiro 

On 1/25/25 11:32, jerry.barnabee--- via Mailman-Users wrote:

The MTA is already set up to dkim sign messages - my php scripts that use the 
"mail" command to send out email messages get a DKIM signature, all the system 
generated emails get a DKIM signature. But mailman sent emails do not.

For some reason mailman is not sending the emails out thru the same process.  I 
had read that it was because mailman does not use SMTP to send them and that is 
why they aren't signed ...



Mailman does use SMTP to send the mail.

If you are using opendkim in your MTA to DKIM sign, you may need 
something like


SenderHeaders   List-Post,Sender,From

in your opendkim.conf. I.e., you need to reference a header that always 
contains the list domain.


--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-25 Thread jerry.barnabee--- via Mailman-Users 
The MTA is already set up to dkim sign messages - my php scripts that use the 
"mail" command to send out email messages get a DKIM signature, all the system 
generated emails get a DKIM signature. But mailman sent emails do not.

For some reason mailman is not sending the emails out thru the same process.  I 
had read that it was because mailman does not use SMTP to send them and that is 
why they aren't signed ...

JerryB
--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]

[Mailman-Users] Re: DKIM signatures

2025-01-25 Thread Mark Sapiro 

On 1/25/25 10:07, jerry.barnabee--- via Mailman-Users wrote:

Is there any work around that can add a valid DKIM signature to outgoing 
mailman 2.x emails.



You need to configure your outgoing MTA to DKIM sign the mail.

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
   https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]