On 10/15/18 8:37 PM, Abhijith PA via Mailman-users wrote:
I am seeing dkim fail in mail that people send to lists /dkim=fail reason="signature verification failed"/ but it is not happening when the list solely sending mail to subscribers (like digest, or subscribe/unsubscribe messages etc). I recently added a new domain to the mailman3. After this I started noticing this issue. Any help ?
Are you saying the DKIM signature on the incoming post fails to validate in the post as sent from the list, or are you saying that a DKIM signature added by your MTA to the outgoing post fails to validate.
If the former, this is probably expected. If your list does any content filtering, adds a subject prefix or adds a list header or footer, these transformations will break the incoming DKIM signature. This is why we offer DMARC mitigations.
If the latter, you may be doing your own DKIM signing before Mailman applies transformations to the message. You need to sign the message on the way out, not before.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan