[opendmarc-users] Why did this one fail?

[postfix at ptld.com]

> On 08-06-2021 10:39 pm, Benny Pedersen wrote:
> 
> its safe to ignore dmarc fail from maillists

I agree, tell that to opendmarc.


> or try opendmarc from github trunk, if you use opendmarc stable it 
> still contains bugs

I only like installing from package managers (RHEL8/dnf) which gives me 
v1.4.1 now. Dovecot provides a repo which allows you to use the package 
manager to install newest build without waiting for OS people to include 
it. Does opendmarc have a repo like that?


> to make all milters stable with postfix use smtp_milter_maps so mails
> from maillists is never rejected based on dmarc fail

I am using opendmarc.conf:IgnoreHosts which does the same thing. However 
it doesn't seem to always work, i put the domain name from the 
connecting IP PTR and it still sometimes gets rejected. And this is a 
trial and error hit and miss method trying to setup "whitelist" to 
create work around fixes that mailing list themselves could fix if setup 
correctly. The postfix mailing list never fails dmarc and i don't have 
to whitelist them.


> you should not reject maillist anyway

Im not, opendmarc is. Is there a setting that tells dmarc to not fail 
mailing list? Or isn't whitelisting connecting sources the only way and 
trying to figure out what those even are? Wouldn't it be easier for the 
ONE mailing list to just configure their stuff right instead of 
expecting the HUNDREDS of people using it to setup workarounds to 
accommodate them? I know i went a little rant there.

Simple solution i see is have the mailing list remove dkim signatures 
before sending and only put the mailing list address in the sender 
envelope. You can prepend the author's email in the body of the message 
like what happens in replies anyways. I still don't understand how the 
people who make dmarc software can't get their own mailinglist to pass 
dmarc. Irony.