Kevin Fenzi wrote on Tue, Nov 03, 2020: > > - either they DO mangle headers, often adding a [tag] to the subject > > line; in which case the From is also updated to be the list address with > > the original sender name (e.g. Bob <whateverlist@somewhere>) and the > > original mail is eventually appended to the Reply-To addresses, with the > > original dkim header stripped off. > > Or add a footer, or handle mime attachments in different ways or ... any > number of things. Ah, right -- I had somehow missed that. So it would need to mangle the from supposedly as the body is part of the signed content. > > I'm pretty sure mailman can deal with this, is that on purpose? Or is it > > just a mishap? > > my dmarc policy says to ignore dkim failures (for now) so I could just > > ignore this but it's a bit annoying that I had setup dmarc/dkim because > > my mails often get treated as spam for some reason and such errors won't > > be helping... > > Mailman can detect if someone has set dmarc to reject and if so, change > the from address to be the address from the list. This is a per list > setting. I think I reluctantly enabled it on devel and users, I am not > sure what other lists enable it. > > It should have worked for you, I am not sure why not... If mailman really looks at dmarc for reject instructions then mine is set to ignore, so it's working as expected. I'm just going to get 3+ reports of dkim failures everytime I send the list a mail, so I'm a bit surprised by the conditional as that's going to be mildly annoying. The only way I can picture things happening from there is me getting tired of these and setting the ruf address to something I never read and not noticing real problems down the road :/ > IMHO, setting dmarc to reject is a really bad idea if you send any > emails from your domain that go to lists. Yeah, well, it's not planned for now that's sure; but this is the first list that actually gave me trouble so I figured I'd ask :) Out of curiosity, if you're reluctant to change the from, could mailman disable the footer if there is dkim involved instead? I honestly I don't see much use in that footer for devel@ as most of it is redondant with the List-xxx headers that good mail clients handle and display accordingly (well, the code of conduct is missing, but could be sent at list subscription time) I can understand it could be useful for more user-oriented lists but maybe I'm overestimating developers... And the fact I hadn't noticed devel@ has a footer in ~5 years of subscription shows how much attention it gets from me! Daniel Pocock wrote on Tue, Nov 03, 2020: > It may be helpful for some people, there are various sites to test > your DKIM setup > > For example, this site shows you a random address, you send a message > to the address and they show you a report > > https://dkimvalidator.com/ I tested by sending the message to a gmail address and looking at headers there, but just to make sure tested again, it looks good to me (unfortunately can't see how to permalink to a result page, but it said pass to both dkim and spf) Thanks, -- Dominique _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
