DKIM is driving me nuts

Jim Ohlstein jim at mailman-hosting.com
Tue Sep 4 21:41:23 UTC 2018 

Hello,

On 09/04/2018 11:48 AM, William Dudley wrote:
> I have decided to abandon this quest.
> 
> The intersection of DKIM and Mailman is a huge cluster f--k, and will not
> be sorted out
> any time soon, if ever.
> 
> Since I value the mailing lists I host, and am unwilling to stop those
> services,
> it makes sense to give up on DKIM.

Before you give up on DKIM, it sounds as though this is a Mailman
problem. There are "fixes" for some issues in Mailman (both 2.1 and 3.1)
that can be easily applied.

In short, DKIM is a digital signature using a private key. The signature
can be verified with the public key. If anything in the message is
changed (as Mailman and other list software is apt to do by changing
headers or adding a footer), DKIM will fail. Also, some large freemail
providers (Yahoo and AOL) have published DMARC policies to reject any
emails from them that fail DKIM. Many smaller servers do the same.

Here's the DKIM results from your last email via Gmail:

Authentication-Results: maurice.jlkmail.com (amavisd-new);
	dkim=fail (2048-bit key) reason="fail (body has been altered)"
	header.d=gmail.com

More and more large servers are requiring not only DKIM, but DMARC
policies as well. Running a small mail server is only going to get more
cumbersome. Taking down a working system may not be the best choice.

What is the specific problems that this one user is having? Is it that
his emails to the list are being rejected? Or is his mail server at
"us.army.mil" rejecting emails from the list? Can you post the relevant
entries from your mail log (usually /var/log/maillog on FreeBSD)?

> 
> DKIM doesn't solve any problems (except for one poor schmuck who has a ".
> us.army.mil"
> email address, that rejects all email without DKIM), I don't find DKIM
> valuable
> enough to fight with it any more.
> 
> Thanks to all for their suggestions.  I have learned somethings, which was
> the point,
> after all.
> 
> Bill Dudley
> 
> 
> 

-- 
Jim Ohlstein
Professional Mailman Hosting
https://mailman-hosting.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20180904/5047afcc/attachment.sig>

More information about the freebsd-questions mailing list