[Linux-aus] PSA: Messages sent through LA mailing lists being classified as SPAM
Russell Coker
russell at coker.com.au
Thu Jan 14 23:50:51 AEDT 2016
On Thu, 14 Jan 2016 11:05:27 PM Joel W. Shea wrote:
> > The biggest problem at the moment is that Mailman rewrote the DKIM
> > signature header to use spaces instead of tabs. While it seems to be
> > standards compliant to rewrite headers like that both OpenDKIM and
> > libmail-dkim-perl will report such messages as invalid.
>
> Except that this particular message was signed with "c=relaxed/relaxed",
> so should still validate with spaces, otherwise you're right, since many
> leave the default "c=simple/simple"
http://www.gettingemaildelivered.com/dkim-explained-how-to-set-up-and-use-
domainkeys-identified-mail-effectively
For the benefit of others the above URL explains these things.
My tests indicate that setting relaxed/simple is enough. To get that put one
of the following lines in /etc/opendkim.conf:
Canonicalization relaxed
Canonicalization relaxed/simple
> > If we wanted the list to pass messages with valid DKIM signatures then
> > here is what needs to be done:
> >
> > 1) Turn off Subject munging.
> > 2) Turn off the list footer.
>
> Agreed.
>
> > 3) Make Mailman not munge the DKIM header - or install a milter that
> > reverses such munging (which is quite trivial in terms of message
> > editing).
>
> Alternatively, make Mailman reject the message with a DMARC failure
> report, and hope that the sender signs with "c=relaxed/simple" to allow
> whitespace variation in the header in future.
I don't think that there is any feature of Mailman to do this and I don't
think it would be desirable to do so. But making mailman not munge the
headers would be a good feature to have.
> > But it's much easier to just change the From: header to the list address.
>
> Perhaps, since even if DKIM signature verifies, DMARC will still fail
> domain alignment on SPF?
It seems that there is no option other than changing the From header.
> > It's expected that when you add new anti-spam features that there will be
> > some false positives. But everyone else will just deal with it
> > eventually, and that includes list servers configuration being changed
> > to work with it.
>
> Hence the recommendation to set DMARC to p=none at first, then
> q=quarantine; pct=1; then gradually increase pct, this gives the sender
> an opportunity to adjust their policy to accommodate for the most common
> false positive failures.
Well we know that the Linux Australia lists are one source of false positives.
We just need to get that fixed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the linux-aus
mailing list