On 4/13/23 07:25, Mohsen Masoudfar wrote:
I am observing the following error message in the logs for one specific list:
= = = relay=email-smtp.us-east-1.amazonaws.com[35.168.84.210]:587, delay=0.27, delays=0.05/0.04/0.12/0.06, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[35.168.84.210] said: 554 Transaction failed: Duplicate header 'DKIM-Signature'. (in reply to end of DATA command)) = = =
This is non-compliant. Various parts of RFC6376, e.g. sections 5.6 and 6.1 clearly anticipate that a message can contain multiple DKIM-Signature: headers.
As I mentioned, this happens for one single list only and this list has not been able to send any email for a week now. After checking mailman-users, I came across the following setting, which seems kind of related to my issue:
Is email-smtp.us-east-1.amazonaws.com the outgoing MTA for Mailman. I.e
the value reported by mailman conf -k smtp_host or perhaps smtp_host
is a local MTA which is configured to relay via
email-smtp.us-east-1.amazonaws.com?
In what log is that message?
Presumably this error occurs on Mailman's attempt to deliver the mail to
smtp_host. Otherwise, I don't see how it affects all mail from this
list, but I also don't understand why this list's delivery would be
different from other lists.
= = = To distribute messages with valid DKIM signatures, I set remove_dkim_headers: yes in /etc/mailman3/mailman.cf = = =
Here are my questions: 1 - I have around 100 lists and this happens for this one list only, so, I am not sure, if the issue might be solved with this change.
This setting will remove all DKIM headers from the message as Mailman receives it. Then, it depends on how and how many DKIM signatures are added to the outgoing mail.
2 - Because this happens for this one list only, I would rather change it for this one list only, is there any option available changing it for one list only and not for the whole server?
No, there is no such option.
The fact that this happens for only one list is very strange. I would
need more information to understand why. Do these messages get queued in
Mailman's retry queue? If so, if you examine one such message with
mailman qfile, what are the complete headers from that message.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan