> On 12-30-2021 10:11 am, Benny Pedersen wrote: > On 2021-12-30 12:58, Aki Tuomi wrote: >>> On 30/12/2021 06:38 Benny Pedersen <me at junc.eu> wrote: >>> would be nice to see added :=) >>> talvi.dovecot.org txt "spfv1 a -all" >> Why? > > dkim fails here > spf is more stable > results from current msgDMARC breaks on dovecot mailing list. DMARC does not break on postfix mailing list. Having a mailing list that doesn't break DMARC is possible. Maybe ask Wietse how he does it :)
Am Donnerstag, dem 30.12.2021 um 10:32 -0500 schrieb dovecot at ptld.com:> > On 12-30-2021 10:11 am, Benny Pedersen wrote: > > On 2021-12-30 12:58, Aki Tuomi wrote: > > > > On 30/12/2021 06:38 Benny Pedersen <me at junc.eu> wrote: > > > > would be nice to see added :=) > > > > talvi.dovecot.org txt "spfv1 a -all" > > > Why? > > > > dkim fails here > > spf is more stable > > results from current msg > > > DMARC breaks on dovecot mailing list. > DMARC does not break on postfix mailing list. > Having a mailing list that doesn't break DMARC is possible. > > Maybe ask Wietse how he does it :)But dovecot mailing list uses ARC Headers. And they seem to verify for me (using rspamd)
On 2021-12-30 16:32, dovecot at ptld.com wrote:> DMARC breaks on dovecot mailing list.dmarc is fine if spf pass, but that is only half correct depending on dmarc policy> DMARC does not break on postfix mailing list.there is no spf on postfix maillist, so lets remove it on dovecot ?, fool :=)> Having a mailing list that doesn't break DMARC is possible.indeed> Maybe ask Wietse how he does it :)that will delay porcupine clamav signatures
On 31/12/21 4:32 am, dovecot at ptld.com wrote:> DMARC breaks on dovecot mailing list.That is not always the case. Indeed your message explicitly passes DMARC.> DMARC does not break on postfix mailing list.This is not true either. I have had several messages fail DMARC from the postfix list.> Having a mailing list that doesn't break DMARC is possible.Yes, but it requires rewriting the From: header (among other things). Having an SPF entry for the HELO domain, while it wouldn't hurt, will not help with DMARC. DMARC will only look at it if the domain matches the domain in the From: header, and so unless the message has a From: header with a dovecot.org domain then no amount of SPF records under dovecot.org will help here. The reason that the postfix list (and indeed this list) often times passes DMARC is because the messages are forwarded un-altered, and as such the DKIM signature passes. As long as teh message is originally DKIM signed by the same domain as that in the From: header then it will pass DMARC regardless of SPF. This, of course, is heavily dependent on the proper usage of DKIM by the original sender. Peter