[Linux-aus] LA list errors

Adam Nielsen a.nielsen at shikadi.net
Tue Apr 18 23:46:26 AEST 2017 

> If you read all the Wiki pages etc and try to set it up from first
> principles and documentation then you will have many problems with
> DKIM and Mailman.  If you do what I suggested in my first message
> then it takes about 5 minutes to get it all fixed.  Change 1 line in
> a config file, restart the daemon, and then change 1 entry in the web
> based config for the list.

Sorry the problems I was thinking of were more with other people's
lists, over which I don't have control.  Because DKIM meant I was
rejecting so many messages that others were sending to the lists, my
subscriptions quickly got disabled by Mailman's automatic bounce
processing as it thought the frequent bounces meant something was wrong
with my e-mail address.

In the past I didn't know what solution to offer (as I mentioned I
never investigated fully) so now that you have a solution for Mailman,
perhaps this is worth revisiting...

> > I've worked around the problem by whitelisting certain mailing lists I
> > am interested in.  In my case I let SpamAssassin do the DKIM checks so
> > I can add a rule to drop the spam score down quite a bit if the message
> > comes through a known mailing list, which still allows it to be flagged
> > as spam if there are other rules that match besides the DKIM ones.  
> 
> Sounds nice.  Could you publish the configuration in a blog post or
> write it up in a Wiki somewhere?

It's not really fancy enough for that.  Just a default SpamAssassin
install, linked to the MTA per the docs.  I have left the
T_DKIM_INVALID rule at the default level, and added a new rule for this
mailing list which is not very foolproof but it works, and no spam has
exploited it yet:

header LOCAL_LINUX_AUS       Sender =~ /linux-aus-bounces\@lists\.linux\.org\.au/
score LOCAL_LINUX_AUS        -5.0
describe LOCAL_LINUX_AUS     Linux Australia mailing list

By way of an example, this is what my SpamAssassin instance said for the first
message you posted to the list in this thread.  Despite it failing the DKIM test
and your domain recommending it be discarded, it ended up being classified as
'definitely not spam':

 Content analysis details:   (-3.5 points, 3.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at http://www.dnswl.org/, medium
                              trust
                             [192.55.98.181 listed in list.dnswl.org]
 -5.0 LOCAL_LINUX_AUS        Linux Australia mailing list
  1.8 DKIM_ADSP_DISCARD      No valid author signature, domain signs all mail
                             and suggests discarding the rest
  0.0 T_HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
 -0.5 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
  1.0 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
  1.5 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

Cheers,
Adam.

More information about the linux-aus mailing list