On 11/02/2019 09:48, Michael A. Peters via dovecot wrote:

On 2/10/19 3:46 PM, Michael A. Peters via dovecot wrote:

On 2/10/19 3:42 PM, Noel Butler via dovecot wrote:

On 10/02/2019 12:49, Benny Pedersen via dovecot wrote:

fixing mailman will be the fail, solve it by letting opendkim and opendmarc not reject detected maillist will be solution,

A general broad mailing list whitelist will be problematic, do work it needs to look for specific list type hidden headers,  spammers and nasties will incorporate those headers into their trash that impersonates mailing lists and voila, they pass.

However the majority of spammers do not spam with a properly configured Reverse DNS - so detect the list header and skip DMARC if list headers are present AND Reverse DNS matched the HELO/EHLO

Also, DMARC isn't really anti-spam technology, it's anti-spoof technology.

Rather than fake mail list headers, spammers will just use domains w/o a DMARC policy. Much easier.

I know your just nit picking but what the hell, I've got a few minutes before my meeting....

anti spoofing is also anti spam, most legit emailers dont spoof, bad guys love to, so anything that reduces noise in email can be considered "anti spam"

postfix acl's dnsbl's milters, antivirus, spamassassin, spf, dkim, whatever ... they all work to reduce noise and thats all the end users care about.