https://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422017-02-28T13:36:40ZDuckCorp ProjectsDuckCorp Infrastructure - Bug #513: Mailman: DMARC checks are enabled and could failhttps://projects.duckcorp.org/issues/513?journal_id=10402017-02-28T13:36:40ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<ul><li><strong>Status</strong> changed from <i>Rejected</i> to <i>In Progress</i></li></ul><p>Because <code>Authentication-Results</code> header if above the <code>Received</code> header of <code>BN1AFFO11HUB037.protection.gbl</code>, the <code>Authentication-Results</code> header must have been added by <code>BN1AFFO11HUB037.protection.gbl</code>:</p>
<pre>
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0065.outbound.protection.outlook.com [104.47.34.65])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.duckcorp.org (Postfix) with ESMTPS id 3vXZnh6mw4z2J7j
for <duck@duckcorp.org>; Tue, 28 Feb 2017 11:39:19 +0100 (CET)
Authentication-Results: spf=none (sender IP is )
smtp.mailfrom=no-reply@microsoft.com;
Received: from BN1AFFO11FD005.protection.gbl (10.58.52.55) by
BN1AFFO11HUB037.protection.gbl (10.58.52.148) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.933.11; Tue, 28 Feb 2017 10:39:17 +0000
Received: from BL2FFO11WSS007 (207.46.163.209) by
BN1AFFO11FD005.mail.protection.outlook.com (10.58.52.65) with Microsoft SMTP
Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id
15.1.933.11 via Frontend Transport; Tue, 28 Feb 2017 10:39:17 +0000
</pre>
Because we don't do any SPF checks (I guess we should not trust SPF results of others), we should:
<ul>
<li>either disable DMARC checks on Mailman</li>
<li>or add SPF checks</li>
</ul>
<p>I propose the former.</p> DuckCorp Infrastructure - Bug #513: Mailman: DMARC checks are enabled and could failhttps://projects.duckcorp.org/issues/513?journal_id=10432017-02-28T14:31:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>The configuration below had been added to <code>/etc/mailman/mm_cfg.py</code>:<br /><pre>
# Remove 'domainkey-signature', 'dkim-signature', 'authentication-results'
# headers
REMOVE_DKIM_HEADERS = 2
# With newer version of Mailman, 3 will allow to rename headers.
# Rename 'domainkey-signature', 'dkim-signature', 'authentication-results'
# headers, using 'X-Mailman-Original-' prefix.
</pre></p>
<p>and applied using: <code>systemctl restart mailman.service</code>.</p>