On 1/25/25 12:30, jerry.barnabee--- via Mailman-Users wrote:
CPANEL does all the heavy lifting for me - e.g. I don't have to add any code
anywhere - the only thing that I have to do is make sure the correct spf, dkim
and dmarc dns records exist on my name server for each of my domains- which
they do. Pretty sure opendkim is not being used by CPANEL.
Then this is a cPanel issue.
Is python.org using mailman 2.x or 3.x ?
The reason I ask is that the email the python.org list sent out was DKIM signed
correctly.
python.org has both Mailman 2 and Mailman 3 lists. This list is Mailman
3, , but that's irrelevant as all the DKIM signing is done by the MTA
using opendkim.
The email I got from msapiro.net did not pass DKIM nor DMARC which is not
always fatal - since I did get your email, but more email servers are starting
to pay more attention to those failures - and causing those of use that use
mailman to distribute emails to be getting more and more frustrated with things
not being signed and causing failures of one kind or another .... I check if I
can see any DKIM settings in EXIM - but there is a reason I use a WHM/CPANEL on
my VPS servers - unix administration is not my strong suit ... about all I can
say is that I do know how to spell unix .....
My post that you receive from the list should contain two DKIM
signatures. One sig from the msapiro.net domain will be broken because
of list transformations such as subject prefixing and addition of the
list footer[1], but there will be another sig from the python.org domain
which should be valid and the mail should pass DKIM. It won't pass DMARC
because of From: domain misalignment, but msapiro.net publishes DMARC
policy = none so it shouldn't matter.
[1]The broken DKIM sig should be ignored, From
https://www.rfc-editor.org/rfc/rfc6376.html#section-6.1
INFORMATIVE NOTE: The rationale of this requirement is to permit
messages that have invalid signatures but also a valid signature
to work. For example, a mailing list exploder might opt to leave
the original submitter signature in place even though the exploder
knows that it is modifying the message in some way that will break
that signature, and the exploder inserts its own signature. In
this case, the message should succeed even in the presence of the
known-broken signature.
--
Mark Sapiro <[email protected]> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/[email protected]/
https://mail.python.org/archives/list/[email protected]/
Member address: [email protected]
