Kevin Fenzi wrote on Tue, Nov 03, 2020:
- either they DO mangle headers, often adding a [tag] to the subject
line; in which case the From is also updated to be the list address with the original sender name (e.g. Bob whateverlist@somewhere) and the original mail is eventually appended to the Reply-To addresses, with the original dkim header stripped off.
Or add a footer, or handle mime attachments in different ways or ... any number of things.
Ah, right -- I had somehow missed that. So it would need to mangle the from supposedly as the body is part of the signed content.
I'm pretty sure mailman can deal with this, is that on purpose? Or is it just a mishap? my dmarc policy says to ignore dkim failures (for now) so I could just ignore this but it's a bit annoying that I had setup dmarc/dkim because my mails often get treated as spam for some reason and such errors won't be helping...
Mailman can detect if someone has set dmarc to reject and if so, change the from address to be the address from the list. This is a per list setting. I think I reluctantly enabled it on devel and users, I am not sure what other lists enable it.
It should have worked for you, I am not sure why not...
If mailman really looks at dmarc for reject instructions then mine is set to ignore, so it's working as expected. I'm just going to get 3+ reports of dkim failures everytime I send the list a mail, so I'm a bit surprised by the conditional as that's going to be mildly annoying.
The only way I can picture things happening from there is me getting tired of these and setting the ruf address to something I never read and not noticing real problems down the road :/
IMHO, setting dmarc to reject is a really bad idea if you send any emails from your domain that go to lists.
Yeah, well, it's not planned for now that's sure; but this is the first list that actually gave me trouble so I figured I'd ask :)
Out of curiosity, if you're reluctant to change the from, could mailman disable the footer if there is dkim involved instead?
I honestly I don't see much use in that footer for devel@ as most of it is redondant with the List-xxx headers that good mail clients handle and display accordingly (well, the code of conduct is missing, but could be sent at list subscription time) I can understand it could be useful for more user-oriented lists but maybe I'm overestimating developers... And the fact I hadn't noticed devel@ has a footer in ~5 years of subscription shows how much attention it gets from me!
Daniel Pocock wrote on Tue, Nov 03, 2020:
It may be helpful for some people, there are various sites to test your DKIM setup
For example, this site shows you a random address, you send a message to the address and they show you a report
I tested by sending the message to a gmail address and looking at headers there, but just to make sure tested again, it looks good to me (unfortunately can't see how to permalink to a result page, but it said pass to both dkim and spf)
Thanks,