On 10. 05. 23 18:43, Konstantin Ryabitsev wrote:
On Wed, May 10, 2023 at 06:19:15PM +0200, Jaroslav Kysela wrote:
On 10. 05. 23 17:34, Konstantin Ryabitsev wrote:
So, I'm just going to repeat this: operating a mailing list and remaining DMARC compliant is perfectly possible, provided:
- the original message is DKIM-signed
- all existing headers are unmodified
- the message body is unmodified
Example of e-mail which is rejected by google's mx servers:
https://lore.kernel.org/alsa-devel/20230510142227.32945-1-vitalyr@opensource...
Thank you for this example -- it plainly illustrates the problem, which is that Mailman 3 mangles messages.
If you compare the above message with the message that passed via vger, you will notice what went wrong:
-CC: <alsa-devel@alsa-project.org>, <patches@opensource.cirrus.com>, - <linux-kernel@vger.kernel.org>, - Vitaly Rodionov <vitalyr@opensource.cirrus.com> +CC: alsa-devel@alsa-project.org, patches@opensource.cirrus.com, + linux-kernel@vger.kernel.org, Vitaly Rodionov <vitalyr@opensource.cirrus.com>For some bizarre reason Mailman-3 decided to make the CC header "more pretty" by stripping the angle brackets around addresses. Since it's a DKIM-signed header, this invalidates the signature and results in DMARC violations.
The answer, unfortunately, is to stop using Mailman-3. It's not usable for patch-based workflows.
Whoops. It seems that mm3 guys knows about it:
https://gitlab.com/mailman/mailman/-/merge_requests/1039
I tried to apply the noted workaround. Crossing fingers.
Thank you for your help.
Jaroslav