On Sat, November 8, 2014 21:35, Stephen Harris wrote: > On Sat, Nov 08, 2014 at 05:58:53PM -0800, Keith Keller wrote: >> The fundamental reason is because Mailman is rewriting the headers in an >> incompatible way. It is not his site's usage of DKIM. This is a known >> issue with Mailman. (I used to have a good link explaining the issue, >> but can't find it now; if I find it later I'll post it.) > > So we have a 20-year old piece of technology ("mailman") and a modern > proposal ("DKIM")... and somehow it's mailman's fault. Uh huh. > > Note; it's not just mailman that has problems, it's _any_ mail forwarder. > Going back 27 years to my first Unix account, I could create a file called > ".forward" that would forward my mail to another address. This is BROKEN > by DKIM. > > Basically DKIM is incompatible with how internet email works. > > But here's the thing... I think DKIM has a potential future; we need to > _change_ how the internet works. So mailman will need to be rewritten; > mail forwarders will need to change. And so on. > Mailman already has been updated to ameliorate the situation. The patches are applied to the main trunk and the version has been updated. However, CentOS is, as we all know and love, a decidedly conservative collection of software. In my opinion it is unlikely that we will see any changes to Mailman's behaviour in 6 and possibly not until 8, although I think it probable that Mailman will be updated for this in 7 at some point. For the nonce we set SPF policy to softfail and our DKIM policy is quarantine. Thus Google is doing the right thing by flagging my messages through CentOS.org as suspect but forwarding them on for delivery nonetheless. So long as the MX treatment of my messages is consistent and still permits delivery then Google places the disposition in the hands of the recipient. Yahoo on the other hand does not. If there is an SPF failure then the messages are discarded. I am not sure what effect, if any, DKIM has on Yahoo. To handle Yahoo subscribers to any ML that we run internally we arbitrarily subscribe those addresses to the digest versions. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3