On Thu, 23 Sept 2021 at 06:19, Torge Riedel <torgeriedel@gmx.de> wrote:
Am 22.09.21 um 11:20 schrieb Philip Colmer:
why don't you let Mailman3 do the DMARC mitigation?
I do have DMARC mitigation activated in mailman3, so that all mails sent are coming from a unique mail for each list. Some list members have strict SPF setups forcing me to do that.
Just to confirm, the DMARC mitigation action is "Replace From: with list address" and DMARC mitigate unconditionally set to Yes?
Following the config, I use rspamd from http://rspamd.com/apt-stable/
I was using the ASAN build but I've switched back to the normal build just for consistency. Version is 3.0-2~focal
rspamadm configdump arc *** Section arc *** sign_networks [ "127.2.4.7", ] use_domain = "recipient"; allow_envfrom_empty = true; allow_hdrfrom_multiple = false; allow_username_mismatch = true; sign_inbound = true; sign_local = false; symbol_sign = "ARC_SIGNED"; path = "/var/lib/rspamd/dkim/$selector.key"; try_fallback = true; use_redis = false; key_prefix = "ARC_KEYS"; allow_hdrfrom_mismatch = true; sign_authenticated = false; use_esld = true; selector = "2019";
*** End of section arc ***
rspamadm configdump dkim_signing *** Section dkim_signing *** sign_authenticated = true; use_esld = true; selector = "2019"; try_fallback = true; use_domain = "header"; allow_hdrfrom_mismatch = false; symbol = "DKIM_SIGNED"; allow_username_mismatch = true; allow_envfrom_empty = true; allow_hdrfrom_multiple = false; key_prefix = "DKIM_KEYS"; use_redis = false; sign_local = true; sign_networks [ "127.2.4.7", ] path = "/var/lib/rspamd/dkim/$selector.key";
*** End of section dkim_signing ***
Thanks for sharing that. There wasn't anything of substance that was different. I'm still hitting a problem though where the final receiving MTA says that the ARC header provided by Rspamd is invalid (BodyHash is different from the expected one). I have now submitted an issue on GitHub against Rspamd because I am concerned it is trying to apply ARC before it applies DKIM, which is incorrect.
Regards
Philip