[Mailman-Developers] dkim and email list software - potential solution
barry at python.org
Fri Oct 9 21:04:01 CEST 2009
On Oct 7, 2009, at 6:00 AM, Ian Eiloart wrote:
> As far as I recall, Mailman removes DKIM signatures, and re-signs
Close, but the spirit is right. Mailman does remove DKIM headers, if
configured to do so via a site-wide option. The option is turned off
by default. This comment in the configuration file is useful:
# Some list posts and mail to the -owner address may contain DomainKey
# DomainKeys Identified Mail (DKIM) signature headers <http://www.dkim.org/
# Various list transformations to the message such as adding a list
# footer or scrubbing attachments or even reply-to munging can break
# signatures. It is generally felt that these signatures have value,
# broken and even if the outgoing message is resigned. However, some
# may wish to remove these headers by setting this to Yes.
My own personal feeling is that Mailman should not be adding any DKIM
headers, as this is the job of the outgoing MTA. Nor frankly should
it be verifying DKIM headers, as that's the job of the incoming MTA.
The optional removal of any existing DKIM headers a nod to
practicality; without that cleansing step, ironically the mailing list
appears more broken to people than with it.
> You're saying that with ADSP, that's not adequate unless Mailman
> first rewrites the "From:" address. Some lists are configured to do
> this already, the question is what to do about those that don't.
Ian and Stephen have eloquently stated opinions that I agree with. /
Requiring/ munging of the From or Reply-to headers is not acceptable
because you are trampling on long established valid use cases (not to
mention violating standards in some cases). I don't like Reply-to
munging, but Mailman does not prohibit it and it's a use-case that
must be preserved. Similarly, anonymizing the From header is a
necessary use case for other reasons, but it cannot be required.
ISTM that Stephen has the most sensible solution when he proposes to
sign the RFC 2369 headers. I still think that's something that would
happen in the outgoing MTA instead of list manager. List-ID is the
core identifying header for the list manager and a site administrator
should be making assertions about it if they want to.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: This is a digitally signed message part
More information about the Mailman-Developers