Re: [chrony-users] DNS/DKIM issue with tuxfamily.org?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ] 

The big problem is that this mailinglist sends the relayed mails with the From: address
set to the original sender's address.  That is a big no-no, and it is not only for reasons
of DKIM/SPF filtering.  Mailing lists should use their own address as the sender, and
put the original sender's address in a Reply-To: header.

Not only do some users not receive the mail, also for every submission to the list several
error mails come back from mail servers that deem it necessary to reply to incoming mail.

Rob

On 2023-12-12 19:19, Adrian Zaugg wrote:
> Hi Joe
>
> Your admin should be more precise: The mailing list or the servers that send 
> the mail for the list do not add a DKIM header, only some of the member mail 
> server do add a DKIM header.
>
> Because a mailing list software alters some headers, like the subject, such 
> headers should not be used in DKIM, it leads to a failed verification. Mails, 
> which fail a DKIM verification can only be discarded safely, when the _adsp 
> record of the sender says dkim=discardable in all other cases, the mail should 
> get delivered, see under [1].
>
> This DKIM issue can only be addressed from your admin to take into account, 
> that mailing list software do exist, are used and aren't 100% compatible with 
> DKIM, and as well that some admins configure DKIM in a bad way for mailing 
> lists.
>
> That means upon receiving a mail: Do not decide to never discard mails having 
> a failed DKIM verification, give them a higher SPAM score instead. Decrease 
> the SPAM score for mails having a List-... header (resp. use the corresponding 
> test from spamassassin, if applicable).
>
> Furthermore your admin should change your DKIM record not to contain the 
> subject, content-type and mime-version, which helps to verify a DKIM 
> successfully even if the mail was altered by a mailing list software.
>
> Regards, Adrian.
>
> [1] https://dkim.org/specs/draft-ietf-dkim-ssp-04.html
>
> In der Nachricht vom Tuesday, 12 December 2023 14:50:17 CET steht:
>> Emails that I receive from tuxfamily.org for this group are being blocked by
>> my organization, reportedly for security because of a failed DKIM lookup.
>> My sysadmin indicated that the DKIM in DNS would need to be fixed. I tried
>> sending an email to the tuxfamily.org admin a while back but got no
>> response. I probably won't receive the responses to this if you respond to
>> the group. Perhaps you can reply to me directly. I do apologize for this
>> being off topic. I'd like to continue receiving these emails but can't if
>> this DKIM issue isn't addressed. If any of you are able to look into this,
>> it would be greatly appreciated. Thanks. Happy Holidays!
>  
>> Joe Smith
>>
>> Senior Software Engineer
>>
>> Phoenix Defense
>>
>> 200 East Palm Valley Drive | Suite 2000 | Oviedo, Florida 32765
>> 800-RIPTIDE
>>
>> joe.s​mith@xxxxxxxxxxxxxxx
>>
>>
>> This email and any attachments to it are intended only for the identified
>> recipients. It may contain proprietary or otherwise legally protected
>> information of Phoenix Defense.
>  
>> Any unauthorized use or disclosure of this communication is strictly
>> prohibited. If you have received this communication in error, please notify
>> the sender and delete or otherwise destroy the email and all attachments
>> immediately.
>  
>> [cid:4d3eb688-9459-4092-9b00-510a3454416b]
>> [cid:cefb756f-b8c3-47f6-8ceb-65f9b1e2c569]​
>


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/