James B. Byrne
2017-Jun-05 17:08 UTC
[asterisk-users] OT: DMARC enabled domains on this list
On Fri, June 2, 2017 16:30, Doug Lytle wrote: This is likely the issue surrounding mailing lists rewriting headers and/or modifying messages bodies or simply re-transmitting messages as the original sender from an unapproved domain. This was discussed at length on the ITEF mailing list. Without seeing your headers and those of a recipient it is impossible to be sure but my spidy sense tells me this is so. You can manage this in your DNS forward zone by turning off the DMARC reporting request. No, I no longer recall the details. Or you can simply direct the incoming reports to /dev/null. As I get the digest version of the list the message sender and domain match DMARC provisions, if any are set for digium.com. HTH. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Daniel Tryba
2017-Jun-05 19:30 UTC
[asterisk-users] OT: DMARC enabled domains on this list
On Mon, Jun 05, 2017 at 01:08:17PM -0400, James B. Byrne wrote:> This is likely the issue surrounding mailing lists rewriting headers > and/or modifying messages bodies or simply re-transmitting messages as > the original sender from an unapproved domain. This was discussed at > length on the ITEF mailing list. Without seeing your headers and > those of a recipient it is impossible to be sure but my spidy sense > tells me this is so.Subjects (atleast) are being rewritten, a recipient can't verify the original (signed) hash to match the received message (replay protection). Only thing that is needed is a valid DKIM signature after the subject (and maybe others) has "[asterisk-users]" prepended. It appears exim 4.76 is being used, that version is recent enough to add DKIM on sending via smtp. begin transports remote_smtp: driver = smtp dkim_domain = lists.digium.com dkim_selector = auniqueid dkim_private_key = /etc/exim4/dkim/list.digium.com-private.pem dkim_canon = relaxed More info for example from: https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4 The hints to do this for only 1 domain if the smtpd is used for others are all there.> You can manage this in your DNS forward zone by turning off the DMARC > reporting request. No, I no longer recall the details. Or you can > simply direct the incoming reports to /dev/null.The reports are there to tell you something isn't right (like on this mailing list). Disabling them is only hiding the problem, people might be replying with the correct answer to a problem, but the OP might never gets that message.