On 8 Jun 2023, at 11:47, Jonas Meier via swinog swinog@lists.swinog.ch wrote:
Hi Franco, Dear List
Thank you for your feedback.
- I configured mailman3 [1] dmarc_mitigate_action to "munge_from" (to replace the from header) and dmarc_mitigate_unconditionally to true. My thought was that this would mean that there can no longer be a dmarc policy which sets dkim to strict. This way, an invalid dkim signature would no longer be such a big problem. But I was probably wrong. I don't want to set up the mails to be re-signed overnight, maybe there is an option to remove the signature. If anyone has experience with mailman3 and dkim, please write to me directly.
The only real solution is effectively to do SRS aka "From Rewriting" to be able to decently send emails through a mailinglist and have them not land up in spam/junk...
The list has to remove the Original "From" and replace it with eg jeroen+massar.ch@via.lists.swinog mailto:jeroen+massar.ch@via.lists.swinog.ch Then you sign that From with your DKIM key.
To make the receiver happy that there is the 'old' DKIM header you then need to do ARC signingt: http://arc-spec.org/ That way, a receiver knows "oh the rewrote something and they are taking responsibility for this mail"
For Mailman there is some info here: https://wiki.list.org/DEV/DMARC
Thus the option you need to do is:
"Munge the From: header" some other details: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/do...
For ARC: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers/do...
Greets, Jeroen