On 12/12/18 11:35 AM, Bernie Cosell wrote:
I have two questions about the DKIM/spf munging that mailman does.
First: when it replaces the 'from' with a munged address [replacing the name with "name via thislist" does it stick the original email address somewhere in the message, so if a listmember wanted to reply to the original sender they'd be able to? I thought it did but I just looked through one and didn't see the poster's original email. [actually, let me amend that: I see that his email addr is in the 'cc' field -- did mailman do that or did he?]
Mailman did that. Mailman puts the original From: address in either Cc: or Reply-To:; which one depends on other list settings. The intent is that a reasonably comliant MUA will do the same thing with 'reply' and 'reply all' whether or not the From: is munged.
This generally means the original From goes in Reply-To: unless the list mungs the Reply-To: in which case it goes in Cc:
Second, I'm a bit shaky [to say the least..:o)] about how the DKIM stuff all works.
I do have access to Unix shell account, so I can do dig and host and such. If a listmember asks me if "@randomserver.com" is OK to not-get-munged when it posts to the list, what would I do? Thanks
This is actually, DMARC, not DKIM per se, but use 'dig' or some other DNS query tool to look up a TXT record associated with the name _dmarc.randomserver.com. For example
dig txt _dmarc.aol.com
finds
"v=DMARC1; p=reject; pct=100; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com;"
host -t txt _dmarc.aol.com
returns the same text.
What you are looking for is 'v=DMARC1' which says this is a DMARC policy record and then the p= value which is the policy which is one of 'reject', 'quarantine' or 'none'.
If your list is set with dmarc_moderation_action other than accept, that action will be applied to mail From: domains with a policy of 'reject' and possibly 'quarantine' or 'none' depending on the settings of dmarc_quarantine_moderation_action and dmarc_none_moderation_action.
Also, if the From: domain is not what is known as an organizational domain, e.g., some.subdomain.aol.com and that domain doesn't publish a DMARC policy, you then have to look up the policy of the organizational domain. For common TLDs like .com, .net, .gov, .org, .edu, etc. the organizational domain is just the top two levels, e.g. python.org, aol.com, etc.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan