On 04/10/2018 02:18 AM, Henrik Rasmussen wrote:
I have set up Postfix to DKIM sign outgoing mails from GNU Mailman 3.2.0a1 which validates nicely ("dkim=pass (signature was verified)"), but DMARC fails ("dmarc=fail action=none") on the recipient end, probably because the "header.from=gmail.com;" (or similar) which means that DKIM d= will not match.
Right. DMARC deals with the From: domain. For DMARC to pass, either a valid DKIM sig or SPF with domain 'aligned' with the From: domain must be true. I.e., your DKIM sig and/or SPF won't do if the From: domain is not your domain.
According to dmarc.org*) "Mailing lists usually do not take authorship of the emails they relay" so I should "consider to apply specific rules for emails coming from mailing lists". Also according to dmarc.org*) Mailman (Mailman 2 that is, and I presume Mailman 3 does too) "include features to interoperate with DMARC senders".
I assume that the dmarc mitigations list settings in Mailman is for incoming messages, but how do I set Mailman to cope with this on outgoing messages?
I'm not sure I understand what you are saying. Mailman's (both 2 and 3) DMARC mitigations allow modifying the outgoing message in some or all cases so the From: domain is the list's domain so the message won't be dealt with by the recipient MTA according to the original From: domain's DMARC policy.
See <https://wiki.list.org/DEV/DMARC>. Also, <https://wiki.list.org/x/17891458> may be of interest.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan