On Tue, Nov 03, 2020 at 06:13:14PM +0100, Dominique Martinet wrote: > Hi, > > I just enabled dkim/dmarc on my domain last week, so sent my first email > with that setup to devel@ just earlier today and got a few "invalid dkim > signature" return emails... > > > So I was wondering how do people deal with that? > > Normally lists have two ways of handling dkim: > - either they don't mangle the subject/signed headers (for me: > h=Date:From:To:Cc:Subject:References:In-Reply-To:From). > In that case, just leave the original dkim header and things should just > work™. > That's what e.g. kernel lists do and worked well for me. > > - either they DO mangle headers, often adding a [tag] to the subject > line; in which case the From is also updated to be the list address with > the original sender name (e.g. Bob <whateverlist@somewhere>) and the > original mail is eventually appended to the Reply-To addresses, with the > original dkim header stripped off. Or add a footer, or handle mime attachments in different ways or ... any number of things. > As far as I can see devel@xxxxxxxxxxxxxxxxxxxxxxx doesn't mangle > anything so should fall into the first category of "doing nothing just > works" -- but it stripped my original dkim header, hence the failures. It does. It adds a footer. > I'm pretty sure mailman can deal with this, is that on purpose? Or is it > just a mishap? > my dmarc policy says to ignore dkim failures (for now) so I could just > ignore this but it's a bit annoying that I had setup dmarc/dkim because > my mails often get treated as spam for some reason and such errors won't > be helping... Mailman can detect if someone has set dmarc to reject and if so, change the from address to be the address from the list. This is a per list setting. I think I reluctantly enabled it on devel and users, I am not sure what other lists enable it. It should have worked for you, I am not sure why not... IMHO, setting dmarc to reject is a really bad idea if you send any emails from your domain that go to lists. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
