On Wed, May 10, 2023 at 06:19:15PM +0200, Jaroslav Kysela wrote:
On 10. 05. 23 17:34, Konstantin Ryabitsev wrote:
So, I'm just going to repeat this: operating a mailing list and remaining DMARC compliant is perfectly possible, provided:
- the original message is DKIM-signed
- all existing headers are unmodified
- the message body is unmodified
Example of e-mail which is rejected by google's mx servers:
https://lore.kernel.org/alsa-devel/20230510142227.32945-1-vitalyr@opensource...
Thank you for this example -- it plainly illustrates the problem, which is that Mailman 3 mangles messages.
If you compare the above message with the message that passed via vger, you will notice what went wrong:
-CC: alsa-devel@alsa-project.org, patches@opensource.cirrus.com, - linux-kernel@vger.kernel.org, - Vitaly Rodionov vitalyr@opensource.cirrus.com +CC: alsa-devel@alsa-project.org, patches@opensource.cirrus.com, + linux-kernel@vger.kernel.org, Vitaly Rodionov vitalyr@opensource.cirrus.com
For some bizarre reason Mailman-3 decided to make the CC header "more pretty" by stripping the angle brackets around addresses. Since it's a DKIM-signed header, this invalidates the signature and results in DMARC violations.
The answer, unfortunately, is to stop using Mailman-3. It's not usable for patch-based workflows.
-K