I've recently been testing DomainKeys (http://antispam.yahoo.com/domainkeys) and DKIM (which is supposedly a merging of DomainKeys with Cisco's scheme. I am using dk-milter and dkim-milter with sendmail. What this does is add two header lines to outgoing email that allow the receiver to determine the authenticity of the sender...
Anyway, since I run a Mailman system too, I figured this might be a problem. Indeed it is, since the header lines get passed through, and when the check is done, it indicates a failure. DomainKeys recommends mail lists regenerate the keys rather than pass them through.
What I tried was pretty simple: Mailman doesn't have to deal with these things itself, but if it strips the old keys from the header, the keys will be regenerated on the way out by the MTA, thereby making the whole process clean. So the receiver of the email can at least verify that the mail came from the host hosting Mailman. I suppose Mailman could also check email on the way in for valid keys if it wanted, but that's another subject...
I patched Handlers/Cleanse.py as follows:
49a50,55
# JGP: Remove all "DomainKeys" type header lines, since we want these # to be regenerated by the MTA when this message is sent out. We need # to let new such keys be generated because Mailman alters the
message,
# and the old keys would be seen as invalid by the receiver. del msg['domainkey-signature'] del msg['dkim-signature']
I wanted to pass this by the developers here and see if:
This is a reasonable thing to do (or maybe have an option, or even a way to strip selected headers in the config?)
If this is the right place to do it.
-Thanks, Joe