An update on what I've changed and what works and what still doesn't work ...
I've switched off the ARC/DKIM processing within Mailman 3. I've installed OpenARC as a second milter for Postfix, so all DKIM/ARC processing is now being done by Postfix.
If I send a test email manually from the Mailman 3 server to a test email address, it seems to be valid:
Delivered-To: philip.colmer@codelinaro.org Received-SPF: pass (zohomail.com: domain of mm3.lavasoftware.org designates 3.230.84.86 as permitted sender) client-ip=3.230.84.86; envelope-from=philip.colmer@mm3.lavasoftware.org; helo=mm3.lavasoftware.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of mm3.lavasoftware.org designates 3.230.84.86 as permitted sender) smtp.mailfrom=philip.colmer@mm3.lavasoftware.org; arc=pass (i=1 dmarc=pass fromdomain=mm3.lavasoftware.org) ARC-Seal: i=2; a=rsa-sha256; t=1631777446; cv=pass; d=zohomail.com; s=zohoarc; b=Sf9f7Vc4utokJHB/AhzIBiYUQABBaJmLA5x/oY3fq5yPXxuAW+a5qed5oCPJEHzwopQXN8u/4hzxFa3+8sXJC5tIYMiuG4dr9EyW+oxSMz6vveiiybchxVGMqw/i9gPT5CWT4Q6eHMdiu/3AsBXdwTBqHZy61y6OACk4BbpI8FA= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631777446; h=Date:From:Message-ID:Subject:To; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=BDNvyCqYEUnD61N5OAtR3W/67HOciIm0eLZdMB4aiigaRO8rlalyM5u5Y41ADg5GJl5gyE9LgkQxpGhQfDlTAD7NvEjsh/LGElk+Esxcf7LFxhRDc9i4MqZvgXu30boDquKFQrSJVZPlpoCY3wOLkKa0F6PKz9hKGLvx8OxweOk= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of mm3.lavasoftware.org designates 3.230.84.86 as permitted sender) smtp.mailfrom=philip.colmer@mm3.lavasoftware.org; arc=pass (i=1 dmarc=pass fromdomain=mm3.lavasoftware.org) Return-Path: <philip.colmer@mm3.lavasoftware.org> Received: from mm3.lavasoftware.org (mm3.lavasoftware.org [3.230.84.86]) by mx.zohomail.com with SMTPS id 1631777446561547.6433787962904; Thu, 16 Sep 2021 00:30:46 -0700 (PDT) Received: by mm3.lavasoftware.org (Postfix, from userid 1000) id 11CC0BE198; Thu, 16 Sep 2021 07:30:45 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mm3.lavasoftware.org; s=mailman; t=1631777445; cv=none; b=ld42BgcROQcdXFNd9MorNvDrjS/EDoFKRFfCJBolfRF3Cg093kCAD8/3lIf5E7v8/9I/qePgswN9BgLbbqxr1WvIlJBZP7aBdULMZ5NlfGDuR7q3TA14hWaaS2AFsYp6rVDPSuyBl8Nl86zHfWvNDsg8ZVkDQSDvy+2BMKKRkFY= ARC-Message-Signature: i=1; a=rsa-sha256; d=mm3.lavasoftware.org; s=mailman; t=1631777445; c=relaxed/relaxed; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; h=DKIM-Signature:To:Subject:X-Mailer:Message-Id:Date:From; b=SpnEUbFx9bzXUUvWy3symoTeZlDzDPhfcoPVsvHN1zlh3alvvADoi2/UUTRF0l+bX6Iagtgn8eswO9x4Z5YnJtak3bYqd2p59xf9oMswiUvR0piY4sVx3WEE5rqQMibRJrzBmQqTan2xsmOxpCmWSgbv2o+yI+CYg++5pXEDjC4= ARC-Authentication-Results: i=1; mm3.lavasoftware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mm3.lavasoftware.org; s=mailman; t=1631777445; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; h=To:Subject:Date:From:From; b=VizzJTtzye+R1HGgm7JcpB/a/KqImAjxyDLUvLucTLiquO0xjwD1HCR6N8UXDpV5t nwNULTm0DhjyBrbZMs7jP0hTyS92PXOsIela2IypJUV3KGCagi4+ax6THHlkMgHNv3 zNnTDhTjJPUyGHKwBu9g4vT0SRaVV4VFuQGuBSBw= To: <philip.colmer@codelinaro.org> Subject: Testing X-Mailer: mail (GNU Mailutils 3.7) Message-Id: <20210916073045.11CC0BE198@mm3.lavasoftware.org> Date: Thu, 16 Sep 2021 07:30:45 +0000 (UTC) From: Ubuntu <philip.colmer@mm3.lavasoftware.org> X-ZohoMail-DKIM: pass (identity @mm3.lavasoftware.org) X-ZohoMail-Owner: <20210916073045.11CC0BE198@mm3.lavasoftware.org>+zmo_0_philip.colmer@mm3.lavasoftware.org
However, if I manually send an email from the Mailman 3 server to a list on the same server with the external email address as a subscriber to the list, the headers are no longer valid:
Delivered-To: philip.colmer@codelinaro.org Received-SPF: pass (zohomail.com: domain of mm3.lavasoftware.org designates 3.230.84.86 as permitted sender) client-ip=3.230.84.86; envelope-from=test-bounces+philip.colmer=codelinaro.org@mm3.lavasoftware.org; helo=mm3.lavasoftware.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of mm3.lavasoftware.org designates 3.230.84.86 as permitted sender) smtp.mailfrom=test-bounces+philip.colmer=codelinaro.org@mm3.lavasoftware.org; arc=fail (Bad Signature) Return-Path: <test-bounces+philip.colmer=codelinaro.org@mm3.lavasoftware.org> Received: from mm3.lavasoftware.org (mm3.lavasoftware.org [3.230.84.86]) by mx.zohomail.com with SMTPS id 1631778422868332.996514603768; Thu, 16 Sep 2021 00:47:02 -0700 (PDT) Received: from ip-172-31-73-169.ec2.internal (localhost [127.0.0.1]) by mm3.lavasoftware.org (Postfix) with ESMTP id A710EBDF0B for <philip.colmer@codelinaro.org>; Thu, 16 Sep 2021 07:47:01 +0000 (UTC) Received: by mm3.lavasoftware.org (Postfix, from userid 1001) id B116FBE198; Thu, 16 Sep 2021 07:46:59 +0000 (UTC) ARC-Seal: i=2; a=rsa-sha256; d=mm3.lavasoftware.org; s=mailman; t=1631778421; cv=none; b=Yj1zJeE+QqxFKwCi6Bmr4kGpoEAF3blzJEnimK/whxz9TJUQEzfTMTHV4i+ENdF79Bm++wJTSBfASZGxtLYWLjuf1WwIgs/CPmJI5vFLFpVvPIlCPzoUcKpZ2rPpanbI1w1ZD5R9L5TYqLKk2X0LBX8h+2m2lX12QPqTnDM/omI= ARC-Message-Signature: i=2; a=rsa-sha256; d=mm3.lavasoftware.org; s=mailman; t=1631778421; c=relaxed/relaxed; bh=7okxo56bDMUeGIn5d8B+1XloabAmDiswrokeAElWGvo=; h=DKIM-Signature:ARC-Message-Signature:ARC-Authentication-Results: Received:To:X-Mailer:Message-Id:Date:Message-ID-Hash: X-Message-ID-Hash:X-MailFrom:X-Mailman-Rule-Misses: X-Mailman-Version:Precedence:Subject:List-Id:Archived-At: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding; b=nhhYvCuj3zPh1mEVm6BOlhNeekhBeKb2l9SIMRqZqGp8VYG6xYt8754K8qjULqn2r92Vzux1lFXqnaT0ezdGI3CADLN9jgB6NVZzZYZBigh3yAtNWlr4aT6m0wSDVUxfJbAaYFXDVLuDmzTEJfEWqPAzNmHOl7rXVqBN5FvMeow= ARC-Authentication-Results: i=2; mm3.lavasoftware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mm3.lavasoftware.org; s=mailman; t=1631778421; bh=7okxo56bDMUeGIn5d8B+1XloabAmDiswrokeAElWGvo=; h=To:Date:Subject:List-Id:List-Archive:List-Help:List-Owner: List-Post:List-Subscribe:List-Unsubscribe:From:Reply-To:From; b=mLPHnhHmIOkzYTVq3NqBQepuvzC/Df3lKTYZCaB1bmpQ6PeOOz5g98HzbVVlpX9uw afblicz/ISDs131pgU1qvHQBzWq6lKQmMSwrJzZ49CCBeksfxA9tIq4mNv4DUu09io bMk/0uAgDSXs63mAXy6qw/JvXVTDgYMv00yZ+U2U= ARC-Seal: i=1; a=rsa-sha256; d=mm3.lavasoftware.org; s=mailman; t=1631778419; cv=none; b=SiDr6n4UWUHhjTPhxl06MHsElI9ZUTD8B7qLcGf1Kdfbek6OIbPt+DapUSRkRD20bKQXeCdh5O5RdhIZPOZYvYAOclMlOtyfJb5hKNTqO5hXrnVqJ0fiRMgbjQHIM2LKP4qfYVLMXkYHR7U8hNPuw2PqapiXgK8oSddP8JNMKVE= ARC-Message-Signature: i=1; a=rsa-sha256; d=mm3.lavasoftware.org; s=mailman; t=1631778419; c=relaxed/relaxed; bh=tm5RPPTfV2Opc+Qi0lNHW09jqu2Otv/5tnp8ODwYPGM=; h=To:Subject:X-Mailer:Message-Id:Date:From; b=QnXpv4s3JciqcxnUUoumLz3GrXOh20fXnyCprPzXm5mILfC5hCLhe8sCX7CQxbsl/gRDpvQuS0DpxezG3rdvtc7yofsJ+K/oPOMHFAjjNccvmF3MUTEdPrJ8S0qNU6AWl2ApT96fi2ZtgFsJeX2dcmhExpbOWhw6p5Ap/o1gbSA= ARC-Authentication-Results: i=1; mm3.lavasoftware.org To: <test@mm3.lavasoftware.org> X-Mailer: mail (GNU Mailutils 3.7) Message-Id: <20210916074659.B116FBE198@mm3.lavasoftware.org> Date: Thu, 16 Sep 2021 07:46:59 +0000 (UTC) Message-ID-Hash: XBBXTI6IJ6NHUBSN5LLI7DNXWE6IOFZI X-Message-ID-Hash: XBBXTI6IJ6NHUBSN5LLI7DNXWE6IOFZI X-MailFrom: pjctest@papillonpictures.co.uk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.4 Precedence: list Subject: [Test] Direct test List-Id: <test.mm3.lavasoftware.org> Archived-At: <> List-Archive: <> List-Help: <mailto:test-request@mm3.lavasoftware.org?subject=help> List-Owner: <mailto:test-owner@mm3.lavasoftware.org> List-Post: <mailto:test@mm3.lavasoftware.org> List-Subscribe: <mailto:test-join@mm3.lavasoftware.org> List-Unsubscribe: <mailto:test-leave@mm3.lavasoftware.org> From: pjctest--- via Test <test@mm3.lavasoftware.org> Reply-To: pjctest@papillonpictures.co.uk MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-ZohoMail-DKIM: pass (identity @mm3.lavasoftware.org)
Note that I've had to use different "From" addresses in my testing because I cannot add a "local" email address (e.g. pjctest@mm3.lavasoftware.org) as a user to Mailman 3.
The Postfix configuration for the milters is:
milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8892, unix:/var/run/openarc/openarc.sock non_smtpd_milters = inet:localhost:8892, unix:/var/run/openarc/openarc.sock
I am completely stumped about this.
Regards
Philip