[Linux-aus] PSA: Messages sent through LA mailing lists being classified as SPAM
russell at coker.com.au
Thu Jan 14 22:25:46 AEDT 2016
On Thu, 14 Jan 2016 08:19:43 PM Joel W. Shea wrote:
> > dkim=neutral (body hash did not verify) email@example.com;
> > dmarc=fail (p=QUARANTINE dis=QUARANTINE) header.from=samba.org
> > [...]
> but fails DMARC, because;
> a) DKIM authentication fails, as the body hash verification fails (since
> the mailing list modified the body by appending a footer)
If the appended signature was the only problem then it could be fixed by using
the l= flag when generating the DKIM signature.
There's also the modification of the Subject: header, but that's something that
can be fixed too.
The biggest problem at the moment is that Mailman rewrote the DKIM signature
header to use spaces instead of tabs. While it seems to be standards
compliant to rewrite headers like that both OpenDKIM and libmail-dkim-perl
will report such messages as invalid.
If we wanted the list to pass messages with valid DKIM signatures then here is
what needs to be done:
1) Turn off Subject munging.
2) Turn off the list footer.
3) Make Mailman not munge the DKIM header - or install a milter that reverses
such munging (which is quite trivial in terms of message editing).
But it's much easier to just change the From: header to the list address.
> b) According to DMARC, the domain in the "From:" header must match the
> domain used to validate SPF (hence not an SPF error, per se)
> Although this might be desired behaviour, it's possible the strict
> policy may have been set while overlooking this unanticipated
It's expected that when you add new anti-spam features that there will be some
false positives. But everyone else will just deal with it eventually, and
that includes list servers configuration being changed to work with it.
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the linux-aus