[Mailman-Users] cause of bounces

Mark Sapiro mark at msapiro.net
Tue Oct 17 17:22:33 EDT 2017 

On 10/17/2017 10:38 AM, Grant Taylor via Mailman-Users wrote:
> On 10/17/2017 10:55 AM, Christian F Buser via Mailman-Users wrote:
> 
>> However, could you please elaborate whether Mailman (version 2.x or
>> 3.x) or any other mailing list software really follows your ideas?
> 
> Yes!!!  Mailman (and other MLMs) /can/ be configured to be SPF / DKIM /
> DMARC compliant!


Agreed, but the above imply NOT RFC 5322 compliant.


> I don't have the exact step by step details.  -  I'm sure others
> (Mark...) on this list can give specifics on /how/ to configure Mailman.
> 
> The high level as I understand it is to do the following:
> 
> 1) Set dmarc_moderation_action to munge From header.

This is available in both MM 2.1 and 3.1

> 2) Set REMOVE_DKIM_HEADERS to Yes (1) or 2 or 3.

In MM 3, The only options are always remove or never remove. The "remove
only if munging From:" and "rename" options are not in MM 3

However, it SHOULD not be necessary. Section 6.3 of RFC 4871 says in part:

   If the email cannot be verified, then it SHOULD
   be rendered the same as all unverified email regardless of whether or
   not it looks like it was signed.

In other words, an invalid DKIM signature SHOULD be treated no
differently from no signature.


> 3) Send messages from the list address.  I recommend VERP.


Mailman sends (SMTP envelope) all messages from the list-bounces
address. Both MM 2.1 and MM 3 can be configured to VERP some or all
deliveries.


> I would suggest that you also consider adding SPF / DKIM / DMARC for the
> domain of the mailing list to apply similar protections to outgoing
> messages.  However that is not necessary to avoid undesired bounces.


Publishing SPF and DKIM signing outgoing mail are good things.
Publishing a DMARC policy and what policy to publish depend on how your
server is used and what classes of mail it sends. In particular, if
individuals send personal email, possibly to mailing lists From:
addresses in the server's domain, I think publishing a DMARC policy
other than "none" is not a good idea. On the other hand, if you are a
financial institution and all mail From: your domain is official
correspondence between you and clients, you are who DMARC was designed for.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list