On 6/17/23 17:02, Mike Wertheim wrote:
I set
remove_dkim_headers: yesin the [mta] section of mailman.cfg.I'm seeing a bunch of these errors in the logs: 2023-06-17 18:57:11 1qAbMA-005Y7W-HP ** mike.wertheim@gmail.com <mailto:mike.wertheim@gmail.com> R=dnslookup_single_domain T=remote_smtp_single_domain H=alt2.gmail-smtp-in.l.google.com <http://alt2.gmail-smtp-in.l.google.com> [172.253.62.26]: SMTP error from remote mail server after end of data: 550-5.7.26 Unauthenticated email from gmail.com <http://gmail.com> is not accepted due to domain's\n550-5.7.26 DMARC policy. Please contact the administrator of gmail.com <http://gmail.com> domain\n550-5.7.26 if this was a legitimate mail. Please visit\n550-5.7.26 https://support.google.com/mail/answer/2451690 <https://support.google.com/mail/answer/2451690> to learn about the\n550 5.7.26 DMARC initiative. w13-20020a05622a190d00b003fde5babbf5si1170418qtc.14 - gsmtp
Your issue is mail From: the gmail.com domain to the list and sent to gmail users is being bounced because it fails DMARC. I.e. Gmail applies a DMARC policy of p=reject to mail From: gmail.com even though it's published DMARC policy is p=none.
You need to apply DMARC mitigations to this mail. Unfortunately, this requires setting DMARC Mitigate unconditionally to Yes. Mailman 2.1 has a feature to apply DMARC mitigation to messages From: specific domains regardless of any domain specific DMARC Policy. Unfortunately this hasn't been implemented in Mailman 3 yet. I just filed https://gitlab.com/mailman/mailman/-/issues/1084 for that.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan