From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 6ED263854171; Fri, 21 Oct 2022 14:56:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6ED263854171 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666364181; bh=ZCWHZBeAXdim7h4/4ISPKQIngatQpzc7QR1qMcMyJ0Y=; h=From:To:Subject:Date:In-Reply-To:References:From; b=kIe2py2tZLQ9CbcAqOlQmq3j4gAjbdSc0DTCEBxySdSp21kqHY4My5xRuVEwc1VvM QfVGx+wUOQefv4MbTB4O0SFDLix1Bcyay5fcytMGdC0e30YOTBkHMTbA2GaoZGiAsq LgLnAd7PgyRtHqUILyE5kj4JmvFvT0+cxgseX+dk= From: "iank at fsf dot org" To: overseers@sourceware.org Subject: =?UTF-8?B?W0J1ZyBJbmZyYXN0cnVjdHVyZS8yOTcxM10gUGxlYXNlIG1ha2Ug?= =?UTF-8?B?bGliYy1hbHBoYSBtYWlsaW5nIGxpc3QgY29tcGF0aWJsZSB3aXRoIOKAnGdp?= =?UTF-8?B?dCBhbeKAnQ==?= Date: Fri, 21 Oct 2022 14:56:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: sourceware X-Bugzilla-Component: Infrastructure X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: iank at fsf dot org X-Bugzilla-Status: WAITING X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: overseers at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29713 --- Comment #6 from iank at fsf dot org --- I admin the GNU lists. Here is some info about how to accomplish this: The mailman docs imply that it's From: rewriting is needed for DMARC compliance, but that isn't the case. Instead, you just ensure that dkim signatures are not broken for that list. The mailman options needed are to make the mailman list have no subject modification or footer addition, and then set dmarc_moderation_action to accept. In mailman web interface, that under privacy, sender filter. Also to fix where mailman breaks dkim signatures by removing CCs using no duplicates user setting, either use new mailman https://launchpad.net/mailman/+milestone/2.1.30 and set appropriate DEFAULT_DROP_CC described there, or a lightly patched older mailman. We use a patch, https://launchpadlibrarian.net/444501204/nodup-dkim.patch, which is linked from the relevant bug. After applying the patch, compile mailman with "pycompile -p mailman /usr/lib/mailman/Mailman -V 2.4-", then restart. There are a few other rare non-default settings that would break all dkim signatures. Just send a test message to make sure you don't have these. Then, there is the rare case someone sends from a domain with DMARC set to reject or quarantine and a missing or broken dkim signature. In that case, the sender has sent a bad message. These are quite rare, and rare enough that other big free software lists I've looked at ignore them and let them get rejected by any recipient which does dmarc validation. On GNU lists, I decided that wasn't good enough because if the sender just made a mistake, or just had a misconfiguration, those rejections just go into the list server mta log and no one notices them, and then only some subscribers will get their message, leading to confusion. It is better to either reject the message from the poster, telling them the problem in the reject message, or be even nicer and do from rewriting in the mta because their message may still be useful even with a rewritten from. Then, if the rewriting causes a problem, a human can tell them to fix the issue on their end. That is what we do, it is documented here, https://wiki.debian.org/Exim#For_running_a_mailing_list_and_ensuring_all_se= nt_mail_is_DMARC_compliant . Sourcware uses postfix, so that is not a drop in solution, and is probably much easier to setup rejecting of the message. --=20 You are receiving this mail because: You are the assignee for the bug.=