From owner-freebsd-questions@freebsd.org Tue Sep 4 21:41:22 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB937FFD0C4 for ; Tue, 4 Sep 2018 21:41:22 +0000 (UTC) (envelope-from jim@mailman-hosting.com) Received: from maurice.jlkmail.com (maurice.jlkmail.com [IPv6:2606:c700:1:30::23:2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5668A82F3C for ; Tue, 4 Sep 2018 21:41:22 +0000 (UTC) (envelope-from jim@mailman-hosting.com) Received: from maurice.jlkmail.com (localhost [127.0.0.1]) by maurice.jlkmail.com (Postfix) with ESMTP id 3C55624C06C9 for ; Tue, 4 Sep 2018 17:41:20 -0400 (EDT) Authentication-Results: maurice.jlkmail.com (amavisd-new); dkim=pass (1024-bit key) reason="pass (just generated, assumed good)" header.d=mailman-hosting.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= mailman-hosting.com; h=content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:to:subject:subject; s=dkim; t=1536097278; x= 1536961279; bh=KTl49t/wg2CI7FnY08k5VhQ40OOe9aJVdCO77sRGOVY=; b=B DnX2WOAB9akIWxxGt7LM1XRNA4Dcl1gPZiRKp/DlXFytGEzgQWzjJYEI/XxIT9A1 SNqQzU715OcBNGPP7fKVGhl8DtwdOkGtiQ1MsnAPTEgeAN5W40e0EUmOhIHlJOrl bdw4FqKcm1d1Q1T/yLZ6J2AFhbAtjB63bRfGGc19uM= X-Virus-Scanned: Debian amavisd-new at maurice.jlkmail.com X-Spam-Flag: NO X-Spam-Score: 3.931 X-Spam-Level: *** X-Spam-Status: No, score=3.931 tagged_above=-999 required=6.31 tests=[ALL_TRUSTED=-1, RAZOR2_CF_RANGE_51_100=2.43, RAZOR2_CHECK=2.5, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from maurice.jlkmail.com ([127.0.0.1]) by maurice.jlkmail.com (maurice.jlkmail.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id YFFDlBIX-lrq for ; Tue, 4 Sep 2018 17:41:18 -0400 (EDT) Received: from [192.168.1.164] (static-70-104-198-156.nrflva.fios.verizon.net [70.104.198.156]) by maurice.jlkmail.com (Postfix) with ESMTPSA id E74DA24C019B; Tue, 4 Sep 2018 17:41:17 -0400 (EDT) Subject: Re: DKIM is driving me nuts To: William Dudley References: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> From: Jim Ohlstein Openpgp: preference=signencrypt Autocrypt: addr=jim@mailman-hosting.com; prefer-encrypt=mutual; keydata= xsBNBFk4U7QBCAD0xK4/jXvDamBRX1uQX9DD874PhAYLPZGuqgppchs41JpfUWOrbzKeYOca iPrryvtFfUz5mKY8Yzh3sLwpkrgsFsxDS2ByC/DJMo7BAoD3jCjzI35SH/8pTLDp8/QCj09k +u8PMA7Tc03OoITGkqXwsrZGxPYjVtA07aanY+Zk2B0ywET2XRhjI+3RNgTTulsw+ifm8WEm Woxpp5uFtx9sWFbMx1h6cUmbth44GYLyFoqB2yMiaEPcEX/vyMkeEZ2Xy7wA1kJi+rsCoLeG YlRyF7PWA75KYSNP/0kNIzrs9HFI7gm/Ad50+NrqOvcDoJ5eoOuWYVtk/OVDiBQb/bvHABEB AAHNJkppbSBPaGxzdGVpbiA8amltQG1haWxtYW4taG9zdGluZy5jb20+wsB3BBMBCAAhBQJZ OFO0AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEEv1Sg15i1V9TSEIALyJeMwKKJYn HstciQnX4+t4TXqCYSHtm/ZruJ6y2Z0MtXZqzcYI+ZB/y9+/81kKml8WI0swpPQPUUx6h4uJ d19NvoJTAjtDnU+H5p8o95vU+QfKaIB+XC3O2DirFlnFo6nXwjUYAscWAclh65fH9saBoM4Z TCtgDuiG5DKuLdTcW34QrTl5z6vODNUExGKcHiY5+wpI7irXbLBwxcyuRy6sq9ohriIjGaAj 0SrsvkkiojXx6xOPJprA27kwSdj2d2XrKT1X/uxmqJNgARgi6QhbA2nQMiYQ+Tr+6HDdSzTn ltdFLnmfSQoX/zJNx6DXK4I8cLYE4EDKw98bhSAzG7XOwE0EWThTtAEIALab7EzO2xKXRsF/ 6b0WgFvLWrkKqX07zqiLAUJTP8NzmGZzKUVlTGGIXnK5eTfWa0HE3/ksTyFJfJRAORpITjpq WPMwcvJDNf+/CKC1C6P7YtfUX+voX58XN0lzbF/7Zqn7QbeyKntU8qHaMQUvYDBHuVru+qd/ jqHWqBUBx2wXC1qYiQtQwVA5bUt4jtBXOla2fRp+1cVBiG0sdB2qWW+ZvjYJRKamXhhpbrNz BzAbry2JjM2QXl71cuzD37OK5tXusYqKrv58wHiG1MiWknW0cU4vorbNcnskga/Zvq2UqHTV THbLS0CiQ2Z8zzfFtm9f55GwLamOXhdAYh4xoD8AEQEAAcLAXwQYAQgACQUCWThTtAIbDAAK CRBL9UoNeYtVfVucCADTNR6FdXsLFEinBaSxRCcIUaCPzTwYCTzWKLAvB2vpTtgZM4FHySpy BxHuGLtPOkujtRN51Ow1ejZ8qmJMM0qWb2IKTa2eNFAVE/vBxcn9rr2d7djTQDPPp0oKogeE llaCrvlqE0LbjvUWQXgpcRx/Xz0jsvrCnDX3OCm/SUxbaxAdz7fhg/D1zHGTi/KBQTIxpL58 /xFUwP55aGRdxzlEGJul5NDYdyTQLZTMK1PS62dK4k5q9OF9h7h4kgkLUfmD33ABmPktx8R8 86v6qQ5ye7rjZ+HIZwWVVCSbLE2DsLMgIQp7O/x8PnrSEEMAiz1Dw54Egc2j6Ahc2Ckm4OAo Cc: freebsd-questions@freebsd.org Message-ID: <1f9110ef-7cc6-a359-58a6-290a3d16ff47@mailman-hosting.com> Date: Tue, 4 Sep 2018 17:41:16 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2018 21:41:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1 Content-Type: multipart/mixed; boundary="CxTJLnF1jXiFj8oVt7xkeIOMV1DkflP0B"; protected-headers="v1" From: Jim Ohlstein To: William Dudley Cc: freebsd-questions@freebsd.org Message-ID: <1f9110ef-7cc6-a359-58a6-290a3d16ff47@mailman-hosting.com> Subject: Re: DKIM is driving me nuts References: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> In-Reply-To: --CxTJLnF1jXiFj8oVt7xkeIOMV1DkflP0B Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hello, On 09/04/2018 11:48 AM, William Dudley wrote: > I have decided to abandon this quest. >=20 > The intersection of DKIM and Mailman is a huge cluster f--k, and will n= ot > be sorted out > any time soon, if ever. >=20 > Since I value the mailing lists I host, and am unwilling to stop those > services, > it makes sense to give up on DKIM. Before you give up on DKIM, it sounds as though this is a Mailman problem. There are "fixes" for some issues in Mailman (both 2.1 and 3.1) that can be easily applied. In short, DKIM is a digital signature using a private key. The signature can be verified with the public key. If anything in the message is changed (as Mailman and other list software is apt to do by changing headers or adding a footer), DKIM will fail. Also, some large freemail providers (Yahoo and AOL) have published DMARC policies to reject any emails from them that fail DKIM. Many smaller servers do the same. Here's the DKIM results from your last email via Gmail: Authentication-Results: maurice.jlkmail.com (amavisd-new); dkim=3Dfail (2048-bit key) reason=3D"fail (body has been altered)" header.d=3Dgmail.com More and more large servers are requiring not only DKIM, but DMARC policies as well. Running a small mail server is only going to get more cumbersome. Taking down a working system may not be the best choice. What is the specific problems that this one user is having? Is it that his emails to the list are being rejected? Or is his mail server at "us.army.mil" rejecting emails from the list? Can you post the relevant entries from your mail log (usually /var/log/maillog on FreeBSD)? >=20 > DKIM doesn't solve any problems (except for one poor schmuck who has a = ". > us.army.mil" > email address, that rejects all email without DKIM), I don't find DKIM > valuable > enough to fight with it any more. >=20 > Thanks to all for their suggestions. I have learned somethings, which = was > the point, > after all. >=20 > Bill Dudley >=20 >=20 >=20 --=20 Jim Ohlstein Professional Mailman Hosting https://mailman-hosting.com --CxTJLnF1jXiFj8oVt7xkeIOMV1DkflP0B-- --iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEGuTcIH7bi7c+YS0aS/VKDXmLVX0FAluO+/wACgkQS/VKDXmL VX0PwAgAo4DO0cSsh0JAyipMpI8LY5z6MekhjZJmqzQjnyqtiw4FI0G2gbg25JFV M/tQ9ejybxSRxZlBbXdR/4qVVrZE5iF2dzfeTzEalpcsvK5M5VxqCL7TCluBv88Z cqfDDbOj7EeuSL8h3pMT4zL1WOIyUG0wBc3rNhMFTke/nJ3qsoijyBjmFUzryUmT Ue5vQkOYE2h4mCcQvC5806RRUZ5eUBRLp8tWigiCs5yntGAnqSfMq6XaA4jneKM4 iyYgYA2CFx4Fe0Aw1XH5CW2ElHzLVAYjgB7xFh3eqq6IAwivjQ8Al0PuMOTVz1dq RoiC1Z6st4ZoUgwjqKf7t3oaPOxVfQ== =nx5c -----END PGP SIGNATURE----- --iqfLenNuEVXfsrEJNBgrRK3FlINpsXld1--