On 03/11/2015 08:08 PM, Sebastian Nielsen wrote:
See this. (report is at the bottom of this email)
Apparently, your
list software destroys both SPF and DKIM signatures causing rejects.
Since you repackage S/MIME mail to avoid breaking S/MIME, I would
suggest doing the same to avoid breaking SPF, eg repackage the mail
in a new message/rfc822 container like this, and also DKIM sign the
repackaged mail, and also strip the invalid DKIM sig out. A good idea
can be then to put up a DKIM, SPF and DMARC record for
lists.djigzo.com. Then both SPF and DKIM will be verified against the
domain “lists.djigzo.com”, not the sender domain, since the SPF/DKIM
validator will always validate mail on the outermost container:
The problem is unfortunately not so easy to solve. For one we use
mailman for the mailing list and this is not created by us. In order to
repackage as you suggested, this should be added to mailman. The
repackaging of S/MIME is done at the receiver side, not at the sender
side. In this case it should be changed on the sender side (i.e., mailman).
See this page
http://wiki.list.org/DEV/DKIM for more discussion about
DKIM and mailman.
One option might be to strip the DKIM signature, although according the
the above page, some think this is not a good thing to do.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
http://www.ciphermail.com
Twitter:
http://twitter.com/CipherMail