On 03/11/2015 08:08 PM, Sebastian Nielsen wrote: > See this. (report is at the bottom of this email) Apparently, your > list software destroys both SPF and DKIM signatures causing rejects. > > Since you repackage S/MIME mail to avoid breaking S/MIME, I would > suggest doing the same to avoid breaking SPF, eg repackage the mail > in a new message/rfc822 container like this, and also DKIM sign the > repackaged mail, and also strip the invalid DKIM sig out. A good idea > can be then to put up a DKIM, SPF and DMARC record for > lists.djigzo.com. Then both SPF and DKIM will be verified against the > domain “lists.djigzo.com”, not the sender domain, since the SPF/DKIM > validator will always validate mail on the outermost container:
The problem is unfortunately not so easy to solve. For one we use mailman for the mailing list and this is not created by us. In order to repackage as you suggested, this should be added to mailman. The repackaging of S/MIME is done at the receiver side, not at the sender side. In this case it should be changed on the sender side (i.e., mailman). See this page http://wiki.list.org/DEV/DKIM for more discussion about DKIM and mailman. One option might be to strip the DKIM signature, although according the the above page, some think this is not a good thing to do. Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
