Jerry Barnabee via Mailman-Users writes:
Thanks for your reply. I am replying directly to your email as I didn't see your reply in the threads of my original post.
It's there in the archive. I recently retired and they cut off my email for several months (despite being reemployed part-time), so U may have been unsubscribed. For that reason it may have been held for approval by the moderators.
My guess is that you are not getting complaints because it is just recently that the big name email servers (gmail, yahoo, icloud, microsoft) have just recently started enforcing the DKIM standard
DMARC is ten years old: there was a huge kerfluffle in April 2014 when DMARC p=reject was rolled out by Yahoo! and AOL early the development of the standard. DKIM itself is several years older, depending on how you count earlier DomainKeys standards.
I am pretty sure that if there were a widespread problem we *would* hear about it frequently because we do get a lot of traffic about problems that Mailman can do nothing about, but only show up with Mailman because related software is not working correctly or remote sites have a list-unfriendly policy.
and what makes it worse is that they all seem to be taking different approaches to that enforcement.
This is true. Google is especially pernicious, as they advertise p=none but then turn around and enforce it on their own users.
Could also be that most of the mailman users are using mailman 3.xx
Irrelevant. Neither Mailman 2 nor Mailman 3 supports DKIM signing. Sufficiently recent versions of both support "via $LIST" rewriting of the From header, which should get you past DMARC. But you need to do the outgoing DKIM signatures yourself. As Mark said, the best way to do DKIM signature is via the MTA.
In my environment (WHM/CPANEL) mailman version 2.1.39 is not DKIM signing the mailman emails.
No version of Mailman we distribute does DKIM signing. That's an MTA function.
All other emails that my domains send out are being DKIM signed - so it looks like EXIM is doing it's job on all outgoing mail except that being sent by mailman ...
Then that's an Exim configuration problem. You have an MTA that does DKIM signing, you just need to persuade it to sign Mailman traffic.
I have added you to a mailing list on my test server and will send a message out. You will see that it does not have a DKIM signature from the domain that is sending the emails out
Yes I saw that post, and confirmed it has no DKIM signature. I did not expect one, since you reported that as a problem. I haven't seen the separate email you said you would send, though.
My VPS is OS Alma Lunix 9.x on which I installed WHM/CPANEL (124.0.23), CloudLinux 9.5 and Imunify 360.
None of this is likely to be relevant to the issue. What I would really like to see is your Exim configuration (the whole thing). If you worry about exposing it to the public, you can send it to me by direct mail. If there are sensitive parts, you can redact them but it would be a good idea to explain what was in the redacted parts.
Steve