On 24.01.2016 16:14, Genes Lists wrote:
The message from you to the list is DKIM signed and appears to check out - but the outgoing message from the arch mail server fails DKIM. So anyone rejecting invalid DKIM will reject list mail - yahoo may be doing that now I don't know.
That's possible, but we can only speculate. While these are certainly issues to be addressed, yahoo might be blocking us for some completely different reason that may very well be outside of our control (like someone marking our mail as spam). The goal here is to get yahoo to accept our mails again. Everything else is nice, but not too important right now. Also as for rejecting invalid DKIM mails: People should really not do that unless DMARC tells them to. Large providers might still use the information to generate internal blacklists though. I wish they were more transparent or, better yet, they'd respond to postmaster mail. Sadly, large providers seem to not care about postmaster which kind of puts me off because delivering email is really a team effort. The way to go is probably to register as a bulk sender on their website, but I'm not a fan of giving them my birthday and phone number, which seems to be required because they send a confirmation SMS, and creating an email account with their service just because they think they do not have to read postmaster mail. I'll probably still do it at some point, but I really really dislike the idea. I guess I'm somewhat of an idealist in that regard. On the other hand, I do also dislike taking this out on our users because it's really not their fault. *sigh* Anyway, back to the quote. What is interesting is that the mail was still signed. Since I've enabled From munging mailman correctly changes the sender, but it doesn't strip the existing (now invalid) signature. Should be simple enough to remove it in postfix. I'll set that up tomorrow. As for real solutions: I guess we can either stop changing mails or drop DKIM signatures and sign the mails ourselves. If we want to keep the signatures valid that would require us to remove the subject prefix (list name in brackets). I find this rather unnecessary to begin with, but there are probably lots of people who disagree with me. If we want to sign the mails ourselves, we'd have to munge the From header which is also somewhat ugly. Especially when DKIM/DMARC usage, and thus the amount of mail affected, is growing. I'll think about what to do here at some later date. Florian