On 2/9/19 10:48 AM, Juri Haberland via dovecot wrote:
On 09/02/2019 10:44, Aki Tuomi via dovecot wrote:
For some reason mailman failed to "munge from" for senders with dmarc policy ;(
It's now configured to always munge to avoid this again.
I'd say, let Mailman throw all people off the list that have enabled DMARC checking without using exceptions for the lists they are on. It's a known fact that DMARC does not cope well with mailing lists. Blindly enabling DMARC checks without thinking about the consequences for themselves should not be the problem of other well behaving participants.
Most people use OpenDMARC and there are patches to mark certain hosts as mailing lists senders, so it is possible.
can you please let me know where to find those patches?
I ran DMARC in testing on one domain and had to disable it because over 95% of the reports were false positives from mailing lists, and the few that were genuine spoofed would have easily been caught by spam/malware filters anyway.
However a project I am working on, DMARC is highly desired. Designing a white-list for known mailing lists is something I want to do.
Honestly I was sort of tempted to try and create my own DMARC validator (I was thinking one daemon that does both DKIM and DMARC - for postfix, Exim has DKIM native but I only use Exim for submission) that tried to sniff Mailman and not enforce it but it looks like it would be very time consuming.