[Mailman-Users] Spam/DKIM issues
Mark Sapiro
mark at msapiro.net
Mon Oct 19 19:16:25 CEST 2015
On 10/19/2015 02:24 AM, Marc Bourgeois wrote:
>
> When someone write to the list, the relayed mail to other users is
> considered as spam in their mailboxes (gmail for instance)
>
> It seems that directly sent mails from mailman, signed with dkim, pass spam
> filters
And DKIM signing your outbound Mailman mail may help too, but a lot
depends on why the mail is considered spam by the recipient ISPs.
See the FAQ article at <http://wiki.list.org/x/4030690> for some more on
this.
Also, DMARC may be involved. See <http://wiki.list.org/DEV/DMARC> and
<http://wiki.list.org/x/17891458>.
> I was trying to sign with dkim outgoing relayed mail to avoid spam filters.
> Apparently this is not a solution
And are your outbound posts from Mailman actually being DKIM signed by
your outgoing MTA?
If so, and this doesn't help, there are other possibilities.
If the incoming mail is DKIM signed by the sender's MTA, that signature
normally gets broken by list transformations such as subject prefixing,
addition of msg_footer and content filtering. A broken (invalid) DKIM
signature is *supposed* to be treated by a recipient the same as no
signature, but it may not be. Mailman has the ability to remove incoming
DKIM sigs. This shouldn't help, but it may. See the documentation in
Defaults.py for REMOVE_DKIM_HEADERS and consider setting
'REMOVE_DKIM_HEADERS = 2' (for current Mailman) in mm_cfg.py.
This could also be a DMARC issue in which case neither removing incoming
DKIM sigs nor DKIM signing outbound mail will help. See the above
referenced wiki pages.
>> > opendkim[1507]: 19D41278A1A5: no signing table match for '
>> kemkem42 at gmail.com'
opendkim has a signing table (usually /etc/opendkim/SigningTable) that
tells it what keys to sign with for what senders. To sign outgoing list
mail, you want something like
SenderHeaders List-Post,Sender,From
in opendkim.conf so that if the message has a List-Post: header,
opendkim will consider that address as the sender and sign with the
list's key rather than the From: or other address's key.
Other things I have are
SigningTable refile:/etc/opendkim/SigningTable
in opendkim.conf and
*@mailman.list.domain KeyTable_entry_name
in /etc/opendkim/SigningTable.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list