[opendmarc-users] OpenDMARC NOT useless with Postfix
Christian Rößner
c at roessner-network-solutions.com
Thu Sep 18 14:24:30 PDT 2014
Hi,
Am 18.09.2014 um 20:30 schrieb Joachim Fahrner <jf at fahrner.name>:
> Sorry, but you are wrong. When I have a reject policy for dmarc and send
> to a mailing list, I get the same mail back from the list. SPF does not
> pass, because the list server is not of my domain. dkim should pass
> because the signature is ok. OpenDKIM does so, but OpenDMARC fails and
> refuses that mail. Thats NOT OK!
this is a problem with the mailing list admin. Many mailing list admins configure list manager software to rewrite the subject and add a mailing list footer. Like _this_ mailing list. This breaks DKIM. A second problem is the From:-header which often is not the ML, but the OP. This breaks SPF.
I had mailman configured to work with DMARC. After receiving mail to the ML, DKIM is verified and the original DKIM headers can be removed. When mailman starts sending out the mail back to the public (including original poster), it can do it’s own DKIM signing procedure. And the mailing list email address should be in the From: header; not the OP. With these, you have no problems with DKIM, SPF or DMARC. Unfortunately even if it is so simple to have a ML doing fine, most admins do not fix the lists.
And this is the main reason, why I had to drop „reject“ and have to go back to „none“ policy. Very sad, …
These are just my thoughts to this paragraph.
Christian
--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3089 bytes
Desc: not available
URL: <http://www.trusteddomain.org/pipermail/opendmarc-users/attachments/20140918/e08b5394/attachment.bin>
More information about the opendmarc-users
mailing list