Stephen J. Turnbull wrote:
I think the missing DKIM signature may be important. One interpretation of "SPOOFED_UNAUTH" is "I think it's spoofed because I can't authenticate it". In question 9 above, if you send mail via (a) SPF *could* authenticate it, and via (c) that's pretty good authentication, but DKIM is best and Mailcow may insist on it.
First of all, thank you very much for your support! :-)
To answer question 9, I will describe my setup:
I've been using mailcow as my mail server for a while now, and recently mailman. Both run on the same host under Docker; I followed these instructions: https://docs.mailcow.email/third_party/mailman3/third_party-mailman3/
So the way how mailman is integrated ist described here: https://docs.mailcow.email/third_party/mailman3/third_party-mailman3/#add-ma...
lists.domain2.online: Domain under which the mailman mailing lists run. my.mailserver.de (1.2.3.4): Mail server running with mailcow. my.address@t-online.de: My email address is a member of the list testliste@lists.domain2.online
If I now set the test list as a non-anonymous list, I can send an email from my.address@t-online.de to testliste@lists.domain2.online. It will then arrive at my.address@t-online.de via the list and look like this: (Sorry for posting the whole email, but I don't want to miss anything important)
X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: <testliste-bounces@lists.domain2.online> Received: from mailin20.aul.t-online.de ([10.223.144.60]) by ehead25a10.aul.t-online.de with LMTP id sOxpMb8Tw2ietwAA1CIAZQ (envelope-from <testliste-bounces@lists.domain2.online>); Thu, 11 Sep 2025 20:23:59 +0200 Received: from my.mailserver.de ([1.2.3.4]) by mailin20.mgt.mul.t-online.de with (TLSv1.3:TLS_AES_256_GCM_SHA384 encrypted) esmtp id 1uwlxc-1DSY6r0; Thu, 11 Sep 2025 20:23:56 +0200 Received: from [172.29.199.3] (unknown [172.22.1.1]) by my.mailserver.de (Postcow) with ESMTP id A3C01160026; Thu, 11 Sep 2025 20:23:55 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.domain2.online; s=dkim; t=1757615035; h=from:subject:date:message-id:to:mime-version:content-type: content-transfer-encoding:content-language:list-id:list-help: list-owner:list-unsubscribe:list-subscribe:list-post; bh=uGrXLBOr+HJaZrAyNMN5fih9l4O/kF9HR9kjIHSATUM=; b=cr11tdmompC0lUHRTHmPwXmVN47+coABsWjCCr7xP5hylpkyA1X9gWGb0icHxVchbCe0+J PkEp6of1uJgVqtOvk4B+nQBaW3NkfmeiBuXQJ/vGEOpoAqffTvl6hSq8MtdovARdoGTpCW SH0Utk9waVXNu89PkB+ZfdC6yaRVr26KKkLWriw0eB6j2llXZS72wZMp/IKA8pTW2IoR8j BUaNVqlGUtSFQO8VUXuSHDRpzxz6HpLidbnuygq1jKqK4MOVX7CIcHgz56+KwNDhyfDGph 1UR27gMpy55g5biI2VsdecgxpFApAAffMKENBul/i7hc0FtaL4OvFkJpOMi1Bw== X-Original-To: testliste@lists.domain2.online Received: from mailout05.t-online.de (mailout05.t-online.de [194.25.134.82]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by my.mailserver.de (Postcow) with ESMTPS id BDF16160026 for <testliste@lists.domain2.online>; Thu, 11 Sep 2025 20:23:53 +0200 (CEST) ARC-Seal: i=1; s=dkim; d=lists.domain2.online; t=1757615033; a=rsa-sha256; cv=none; b=GPjHqy/UO/namwi50u6Hx7nkMxJn1O3SmvGH7qhrWA0qHNHYOjsfEqMK8IXI/BpGBlFY2w jM5ugK9l9dOtMlK6PeIHiLY4PMKIEJ9DOUwWynhB69o+YMqgK1060XzCXX7/N9y72wYAwI j+hf5YVnXdP3NxzioTb+9uuUls56kOyhXwNievuAcL78jvYQYZy8x/BwtY593kpwG+tWc5 axazfDr58xm+O8YleR06OfbXZk2faS1xjj/vLiOyqjoNc2GrTMhUXZKDDryhs+56DnIXuL I4N4hvYUtKse6OEWjLx537aNl6tYuXWZ/+dn8YLE7UdMX6xtSDbjWNCIKCxSgA== ARC-Authentication-Results: i=1; my.mailserver.de; dkim=none; dmarc=pass (policy=none) header.from=t-online.de; spf=pass (my.mailserver.de: domain of my.address@t-online.de designates 194.25.134.82 as permitted sender) smtp.mailfrom=my.address@t-online.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.domain2.online; s=dkim; t=1757615033; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Si6KpMIgU2cSdhN7oYV2hWnUh/PTv49n+b9Q23p38LI=; b=ENhqizYrOpISbjaf2MKl6C4dMbldPoj1THa2iG4WHH9dCk2Hpb6puB8MyhecAbj4La3Lao AlFmG+k+bT+2Tcew64ILFVZ1wPWYAq8fBQnOAE/0dhGdN9HzWzds+gDW8Hm5YLmybmug3u WRNnb0E8CzB0Ctlq4/RgdZgRMMEOW8utXNuPq7RKroZARl2g34b63ozXHERWo22h7a/T5T DVarQraTXoNrbDZ6Xgr76tWprn4dQzRImdUyMIys8T+RmkmNeQgDPFv3Fs+XYLxcZqJbWF tUBRv8J/XdQRYcaWWoVzlUFOX9fBzGp2+hTiHkSWMBtd+XDQWQwXlDd+7oXMMw== Received: from fwd79.aul.t-online.de (fwd79.aul.t-online.de [10.223.144.105]) by mailout05.t-online.de (Postfix) with SMTP id 97BA383E for <testliste@lists.domain2.online>; Thu, 11 Sep 2025 20:23:53 +0200 (CEST) Received: from [192.168.42.95] ([79.248.15.117]) by fwd79.t-online.de with (TLSv1.3:TLS_AES_256_GCM_SHA384 encrypted) esmtp id 1uwlxZ-202QnA0; Thu, 11 Sep 2025 20:23:53 +0200 Message-ID: <2a1f738e-2c21-46c7-9377-73e040acf257@t-online.de> Date: Thu, 11 Sep 2025 20:23:53 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: de-DE To: testliste@lists.domain2.online From: Matthias <my.address@t-online.de> X-Last-TLS-Session-Version: TLSv1.3 Message-ID-Hash: QHTK754PQY25N6BZSBXO3Y6K4WAESCPF X-Message-ID-Hash: QHTK754PQY25N6BZSBXO3Y6K4WAESCPF X-MailFrom: my.address@t-online.de X-Mailman-Rule-Hits: member-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency X-Mailman-Version: 3.3.10 Precedence: list Subject: =?utf-8?q?=5BTestliste=5D_Mail_von_t-online?= List-Id: Testliste <testliste.lists.domain2.online> Archived-At: <https://lists.domain2.online/hyperkitty/list/testliste@lists.domain2.online/...> List-Archive: <https://lists.domain2.online/hyperkitty/list/testliste@lists.domain2.online/> List-Help: <mailto:testliste-request@lists.domain2.online?subject=help> List-Owner: <mailto:testliste-owner@lists.domain2.online> List-Post: NO List-Subscribe: <mailto:testliste-join@lists.domain2.online> List-Unsubscribe: <mailto:testliste-leave@lists.domain2.online> Content-Type: text/plain; charset="utf-8"; format="flowed" Content-Transfer-Encoding: base64 X-Last-TLS-Session-Version: None X-Spamd-Result: default: False [-0.15 / 15.00]; BAYES_HAM(-5.44)[99.86%]; FORGED_W_BAD_POLICY(3.00)[]; SUBJ_EXCESS_QP(1.20)[]; MIME_BASE64_TEXT_BOGUS(1.00)[]; MAILLIST(-0.20)[mailman]; RCVD_NO_TLS_LAST(0.10)[]; FISHY_TLD(0.10)[lists.domain2.online]; ARC_REJECT(0.10)[signature check failed: fail, {[1] = sig:lists.domain2.online:reject}]; MIME_BASE64_TEXT(0.10)[]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; BCC(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_MAILCOW_DOMAIN(0.00)[brunsche.de,domain2.online]; FORGED_SENDER(0.00)[my.address@t-online.de,testliste-bounces@lists.domain2.online]; RCPT_COUNT_ONE(0.00)[1]; DKIM_SIGNED(0.00)[lists.domain2.online:s=dkim]; FREEMAIL_ENVRCPT(0.00)[t-online.de]; FREEMAIL_FROM(0.00)[t-online.de]; FROM_NEQ_ENVFROM(0.00)[my.address@t-online.de,testliste-bounces@lists.domain2.online]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[testliste@lists.domain2.online]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Queue-Id: A3C01160026 X-TOI-VIRUSSCAN: unchecked X-TOI-EXPURGATEID: 149288::1757615036-7DFF9602-F04AED1F/0/0 CLEAN NORMAL X-TOI-MSGID: 33a39598-248e-49ce-8014-5b8d700dc8b7 X-ENVELOPE-TO: <my.address@t-online.de> Authentication-Results: mailin20.aul.t-online.de; dkim=pass (2048-bit key; secure) header.d=lists.domain2.online header.i=@lists.domain2.online header.a=rsa-sha256 header.s=dkim header.b=cr11tdmo; dkim-atps=neutral
So there are DKIM signatures from d=lists.domain2.online attached, and the authentication results from t-online.de also say: dkim=pass
Everything's OK with this email, right? Or is something wrong here?
It would be great if you could take a look at it, so I don't miss anything.
Thanks very much, Matthias
(I'll continue with the other questions later...)