Date: Tue, 4 Sep 2018 17:41:16 -0400 From: Jim Ohlstein <jim@mailman-hosting.com> To: William Dudley <wfdudley@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: DKIM is driving me nuts Message-ID: <1f9110ef-7cc6-a359-58a6-290a3d16ff47@mailman-hosting.com> In-Reply-To: <CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ@mail.gmail.com> References: <mailman.104.1535976002.94972.freebsd-questions@freebsd.org> <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <CAFsnNZ%2BiHrnQAzJPwj%2Bb8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg@mail.gmail.com> <a57ff4870e5d68211e673a5383892017.squirrel@webmail.harte-lyne.ca> <CAFsnNZL-C%2B_VTw7YXvUeyM_BfiikZqgADo%2BS5KP_zpu7xcUvAg@mail.gmail.com> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> <CAFsnNZ%2B%2B4xxgjiRa3t_RGV4cQ5hF7k8=p9HU87NHXfpQ6grPyg@mail.gmail.com> <CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1 Content-Type: multipart/mixed; boundary="CxTJLnF1jXiFj8oVt7xkeIOMV1DkflP0B"; protected-headers="v1" From: Jim Ohlstein <jim@mailman-hosting.com> To: William Dudley <wfdudley@gmail.com> Cc: freebsd-questions@freebsd.org Message-ID: <1f9110ef-7cc6-a359-58a6-290a3d16ff47@mailman-hosting.com> Subject: Re: DKIM is driving me nuts References: <mailman.104.1535976002.94972.freebsd-questions@freebsd.org> <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <CAFsnNZ+iHrnQAzJPwj+b8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg@mail.gmail.com> <a57ff4870e5d68211e673a5383892017.squirrel@webmail.harte-lyne.ca> <CAFsnNZL-C+_VTw7YXvUeyM_BfiikZqgADo+S5KP_zpu7xcUvAg@mail.gmail.com> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> <CAFsnNZ++4xxgjiRa3t_RGV4cQ5hF7k8=p9HU87NHXfpQ6grPyg@mail.gmail.com> <CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ@mail.gmail.com> In-Reply-To: <CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ@mail.gmail.com> --CxTJLnF1jXiFj8oVt7xkeIOMV1DkflP0B Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello, On 09/04/2018 11:48 AM, William Dudley wrote: > I have decided to abandon this quest. >=20 > The intersection of DKIM and Mailman is a huge cluster f--k, and will n= ot > be sorted out > any time soon, if ever. >=20 > Since I value the mailing lists I host, and am unwilling to stop those > services, > it makes sense to give up on DKIM. Before you give up on DKIM, it sounds as though this is a Mailman problem. There are "fixes" for some issues in Mailman (both 2.1 and 3.1) that can be easily applied. In short, DKIM is a digital signature using a private key. The signature can be verified with the public key. If anything in the message is changed (as Mailman and other list software is apt to do by changing headers or adding a footer), DKIM will fail. Also, some large freemail providers (Yahoo and AOL) have published DMARC policies to reject any emails from them that fail DKIM. Many smaller servers do the same. Here's the DKIM results from your last email via Gmail: Authentication-Results: maurice.jlkmail.com (amavisd-new); dkim=3Dfail (2048-bit key) reason=3D"fail (body has been altered)" header.d=3Dgmail.com More and more large servers are requiring not only DKIM, but DMARC policies as well. Running a small mail server is only going to get more cumbersome. Taking down a working system may not be the best choice. What is the specific problems that this one user is having? Is it that his emails to the list are being rejected? Or is his mail server at "us.army.mil" rejecting emails from the list? Can you post the relevant entries from your mail log (usually /var/log/maillog on FreeBSD)? >=20 > DKIM doesn't solve any problems (except for one poor schmuck who has a = ". > us.army.mil" > email address, that rejects all email without DKIM), I don't find DKIM > valuable > enough to fight with it any more. >=20 > Thanks to all for their suggestions. I have learned somethings, which = was > the point, > after all. >=20 > Bill Dudley >=20 >=20 >=20 --=20 Jim Ohlstein Professional Mailman Hosting https://mailman-hosting.com --CxTJLnF1jXiFj8oVt7xkeIOMV1DkflP0B-- --iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEGuTcIH7bi7c+YS0aS/VKDXmLVX0FAluO+/wACgkQS/VKDXmL VX0PwAgAo4DO0cSsh0JAyipMpI8LY5z6MekhjZJmqzQjnyqtiw4FI0G2gbg25JFV M/tQ9ejybxSRxZlBbXdR/4qVVrZE5iF2dzfeTzEalpcsvK5M5VxqCL7TCluBv88Z cqfDDbOj7EeuSL8h3pMT4zL1WOIyUG0wBc3rNhMFTke/nJ3qsoijyBjmFUzryUmT Ue5vQkOYE2h4mCcQvC5806RRUZ5eUBRLp8tWigiCs5yntGAnqSfMq6XaA4jneKM4 iyYgYA2CFx4Fe0Aw1XH5CW2ElHzLVAYjgB7xFh3eqq6IAwivjQ8Al0PuMOTVz1dq RoiC1Z6st4ZoUgwjqKf7t3oaPOxVfQ== =nx5c -----END PGP SIGNATURE----- --iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1f9110ef-7cc6-a359-58a6-290a3d16ff47>