On 9/10/25 04:24, M.Ede via Mailman-users wrote:
Thanks, I will not do any DMARC mitigations for my list.
When I switch to anonymous list, my Headers looks like this: [QUOTE] Authentication-Results: mailserv.er; dkim=none; dmarc=pass (policy=none) header.from=t-online.de; spf=pass (mailserv.er: domain of sender@t-online.de designates 194.25.134.17 as permitted sender) smtp.mailfrom=sender@t-online.de ...
Ist there any possibility to change smtp.from or to remove it when using anonymous lists?
This is a bug. It was not recognized that the Authentication-Results: header could expose the sender. This should be fixed. The following patch will remove the header. Hopefully it will not have unwanted side effects. What in your MTA is providing this? I don't think opendkim or openarc include an smtp.from in Authentication-Results: ``` --- a/src/mailman/handlers/cleanse.py +++ b/src/mailman/handlers/cleanse.py @@ -91,6 +91,8 @@ class Cleanse: # And something sets these del msg['x-mailfrom'] del msg['x-envelope-from'] + # In some cases Authentication-Results: can expose the sender. + del msg['authentication-results'] # And now remove all but the keepers. self.remove_nonkeepers(msg) i18ndesc = str(uheader(mlist, mlist.description, 'From')) ```
(I habe found a solution to configure rspamd to whitelist my mailinglist, but I think there should be a better solution, right?)
That's an rspamd issue. If you can find out exactly what causes rspamd to hit SPOOFED_UNAUTH, there may be something we can do in Mailman. It seems from the above Authentication-Results: that you are not DKIM signing your list's outgoing mail with the list domain? You should do that in your outgoing MTA. That may avoid the SPOOFED_UNAUTH. -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan