Hello,
thanks for these hints. Now it works and outgoing mails from my lists are no longer greylisted.
.... ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=xx.de ... .... ARC-Seal: i=1; s=dkim; d=xx.de ....
Here my mailman.cfg (debian buster/dovecot/postfix/rspamd/mysql/mailman3)
quote
[ARC] enabled= yes selector= dkim privkey: /path/to/rspamd/dkim/{conf.ARC.domain}.{conf.ARC.selector}.key
unquote
The below mentioned hash should be deleted.
In the above mentioned directory the dkim key-files are saved in following style [domain].[selector].key
Regards
Wolfgang
Am 02.11.2019 um 01:19 schrieb Mark Sapiro:
On 11/1/19 4:04 PM, Wolfgang Bock via Mailman-users wrote:
Hello,
in https://mailman.readthedocs.io/en/latest/src/mailman/handlers/docs/arc_sign.... I found this hint
"It is highly recommended that Mailman maintainers configure ARC siging of their outgoing email. ..."
So I added in my mailman.cfg: " [ARC] privkey: /path/to/private.key "
But I don't understand the meaning of
"... and located at: " #{config.ARC.selector}._domainkeys.#{config.ARC.domain} –ex.– test._domainkeys.example.com " This doesn't seem correct. The DNS TXT record should be added to #{config.ARC.selector}._domainkey.#{config.ARC.domain} (note _domainkey, not _domainkeys)
I.e., this is a normal DNS TXT record containing the public key for DKIM signing.
Where can I find this string or where do I have to place it. I am using bind9 as dns-handler.
Read the entire ARC section beginning at <https://gitlab.com/mailman/mailman/blob/master/src/mailman/config/schema.cfg#L607>. You have to configure more than just privkey.
Once you have configured
enabled: yes privkey: /some/location/yourprivatekey.pem selector: test (or whatever you want) domain: your_domain.com
The substitutions for #{config.ARC.selector} and #{config.ARC.domain} should be more clear.