[Mailman-Users] Spam/DKIM issues

Mark Sapiro mark at msapiro.net
Mon Oct 19 19:16:25 CEST 2015 

On 10/19/2015 02:24 AM, Marc Bourgeois wrote:
> 
> When someone write to the list, the relayed mail to other users is
> considered as spam in their mailboxes (gmail for instance)
> 
> It seems that directly sent mails from mailman, signed with dkim, pass spam
> filters


And DKIM signing your outbound Mailman mail may help too, but a lot
depends on why the mail is considered spam by the recipient ISPs.

See the FAQ article at <http://wiki.list.org/x/4030690> for some more on
this.

Also, DMARC may be involved. See <http://wiki.list.org/DEV/DMARC> and
<http://wiki.list.org/x/17891458>.



> I was trying to sign with dkim outgoing relayed mail to avoid spam filters.
> Apparently this is not a solution


And are your outbound posts from Mailman actually being DKIM signed by
your outgoing MTA?

If so, and this doesn't help, there are other possibilities.

If the incoming mail is DKIM signed by the sender's MTA, that signature
normally gets broken by list transformations such as subject prefixing,
addition of msg_footer and content filtering. A broken (invalid) DKIM
signature is *supposed* to be treated by a recipient the same as no
signature, but it may not be. Mailman has the ability to remove incoming
DKIM sigs. This shouldn't help, but it may. See the documentation in
Defaults.py for REMOVE_DKIM_HEADERS and consider setting
'REMOVE_DKIM_HEADERS = 2' (for current Mailman) in mm_cfg.py.

This could also be a DMARC issue in which case neither removing incoming
DKIM sigs nor DKIM signing outbound mail will help. See the above
referenced wiki pages.


>>  > opendkim[1507]: 19D41278A1A5: no signing table match for '
>> kemkem42 at gmail.com'

opendkim has a signing table (usually /etc/opendkim/SigningTable) that
tells it what keys to sign with for what senders. To sign outgoing list
mail, you want something like

SenderHeaders           List-Post,Sender,From

in opendkim.conf so that if the message has a List-Post: header,
opendkim will consider that address as the sender and sign with the
list's key rather than the From: or other address's key.

Other things I have are

SigningTable            refile:/etc/opendkim/SigningTable

in opendkim.conf and

*@mailman.list.domain	KeyTable_entry_name

in /etc/opendkim/SigningTable.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list