On 11/16/2014 12:09 PM, Les Mikesell wrote: > The point is that mailman has the fix. I suppose you can look at the > question of whether you solve the problem only for yourself or for all > centos users as two different things but the solution is pretty much > the same as any other bug that has been fixed (far) upstream. I think it's important to note that this actually isn't a bug. This is failure to strip DKIM headers when forwarding a message. Note that when RHEL6 was released DKIM was still new and DMARC was pretty much unheard of. It's not surprising that the version of Mailman in it does not take steps to remove DKIM headers as it's simply a feature that would not have existed when that version was released. It's also important to note that these headers *can* be removed in postfix (and probably other MTAs can as well) after the messages are submitted by mailman, so while it would be nice for mailman to do it it's not strictly necessary, we can deal with the problem with the versions of mailman and postfix that are running on the server already. The trick is to simply set header_checks to match and remove the DKIM header which is quite easy. At that point we can have the server sign the message with its own DKIM signature and apply any relevant DMARC policy we want. I guess what I'm saying is you don't *need* a new version of mailman to deal with this, you don't need a new version of any software really, it can be dealt with the software we already have on the server with just a few config changes. Peter