From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E2BED1382C5 for ; Fri, 2 Mar 2018 22:51:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B6E7AE0A5E; Fri, 2 Mar 2018 22:51:42 +0000 (UTC) Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [IPv6:2600:3c00::f03c:91ff:fe26:8849]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4D133E0995 for ; Fri, 2 Mar 2018 22:51:41 +0000 (UTC) Received: from REDACTED ([IPv6:2620:0:102a:11:fe50:e322:5780:92c6]) (authenticated bits=0) by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id w22Mpda4021840 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 2 Mar 2018 16:51:41 -0600 ARC-Filter: OpenARC Filter v0.1.0 tncsrv06.tnetconsulting.net w22Mpda4021840 Authentication-Results: tncsrv06.tnetconsulting.net; arc=none header.d=tnetconsulting.net ARC-Seal: i=1; a=rsa-sha256; d=tnetconsulting.net; s=2015; t=1520031101; cv=none; b=koKX/xhsCT2WR5vhFPhgQJ6ZeqBd5Ek+8i3oB2QMBzzIyrDuUzKBd0xam02PMwXv3ACBZzmpRMF/BL3vk3F3PAgQR3ZvBSvoytiV7OrSg+b7mNp+K/6G6hc5vVPxgYr0gaMCAmJ1et7n/s3i7ZrJ/oyh/47vRikilEsAbAm1JX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=tnetconsulting.net; s=2015; t=1520031101; c=relaxed/simple; bh=u7YcPqe/p/DovbXxnt4IYw4N5zu49/8xGaQ4eDkut0U=; h=DKIM-Signature:Subject:To:From:Message-ID:Date:User-Agent: MIME-Version:Content-Type:Content-Language: Content-Transfer-Encoding; b=7KQE3juNBCyR1Hb8tdpSUMc02jxG0g6UyBLrs8u8igjjDQ+grGqM7T7s8JDaw3/wwApUmZjk0ljktQPdL2BrpF7+c8ZM8FL3GN1fjkMQpFPnlFlt0t3QNZWOyQi2A7JPQM6W3XqtY8o4n9+jLQ14NBluEZkGJ9GMnhy5zfVJrzQ= ARC-Authentication-Results: i=1; tncsrv06.tnetconsulting.net; none DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tnetconsulting.net; s=2015; t=1520031101; i=@tnetconsulting.net; bh=u7YcPqe/p/DovbXxnt4IYw4N5zu49/8xGaQ4eDkut0U=; h=Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding:Cc:Content-Disposition:Content-Language: Content-Transfer-Encoding:Content-Type:Date:From:In-Reply-To: Message-ID:MIME-Version:References:Reply-To:Resent-Date: Resent-From:Resent-To:Resent-Cc:Sender:Subject:To:User-Agent; b=rFglp2vDYCeehldC5Y5v92fcYsShK8Q3kfvaJJPeCGOQJXUHxlJARinCneLre+FHN h/aN0afVGnrrVOGatQsmGhEousN6wP4ghXJ5LsZaE/zZIlB2mq1MWVL6U1B+ncr2HW pCZFrm0HRcJNsZhqeFNDOq6TUtjQQIkEApipcaV0= Subject: Re: [gentoo-user] Re: Bouncing Messages To: gentoo-user@lists.gentoo.org References: <20180301214540.71260d0c@x220.linux.gnu> <20180301234827.5a070e07@x220.linux.gnu> <20180301235317.olvztnl3i7eeuut2@matica.foolinux.mooo.com> <20180302042152.psssgej7ctok2go2@matica.foolinux.mooo.com> <20180302044541.3ghfup6pglgds3hd@31c0.net> <7b80215b-f60b-19c5-1aa4-b962300c59b9@gmail.com> <20180302110416.mc5ugtyp7vst2skg@31c0.net> <20180302163623.66my6gmoc4hhdb36@matica.foolinux.mooo.com> From: Grant Taylor Organization: TNet Consulting Message-ID: <5dc7f190-80c6-62e8-4bed-8737b974641f@spamtrap.tnetconsulting.net> Date: Fri, 2 Mar 2018 15:51:39 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20180302163623.66my6gmoc4hhdb36@matica.foolinux.mooo.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: f7e3544c-3f16-43a5-a9bc-574953134bd8 X-Archives-Hash: b4b90c5dd1d261dfc8526ec29d1568f2 On 03/02/2018 09:36 AM, Ian Zimmerman wrote: > These are all from Grant Taylor. They are DKIM-signed, and, not > surprisingly given the list header and footer munging, signature > verification fails (on my mail server). Correct. DKIM verification is failing and my DMARC policy is configured to REJECT messages that fail DKIM or SPF tests. The reason that messages are being rejected is because of the DMARC policy. 1) I publish DMARC records and 2) Gmail honor published DMARC records. The same type of problem will happen with any other sending domain that publishes REJECT records to a recipient where the receiving server honors said REJECT records. This is not just me. More and more sending domains are publishing DMARC records and more and more receiving servers are honoring said records. Further, multiple governments are mandating that governmental agencies and sub-contractors implement DMARC (which also means DKIM and SPF). The US and Germany come to mind immediately. - This is a growing change in the email industry. - I just happen to live towards (but not on) the bleeding edge of email. > Munging by lists should just die. Why do it? Windoze and Goo users may > have to split their mail into folders by Subject, but surely Gentooers > know better? I do not believe that munging is a bad thing. I'll even go so far as to say that I think it's a good thing. (This can turn into a long running discussion that likely doesn't belong on the Gentoo-User mailing list.) IMHO the biggest issue is that the messages aren't munged enough. From also needs to be munged to make the message appear to be from a different address. (Ideally one that the mailing list owns.) I also think that any security headers that exist on the incoming message should be removed as messages come into the mailing list and certainly before going out from the mailing list. - ARC-* - Authentication-Results - DKIM-* Removing these extra headers should help ensure that they don't accidentally get mis-interpreted by servers receiving messages from the mailing list manager. I have created a new email address in a sub-domain and (re)subscribed to the Gentoo-User mailing list with it and unsubscribed my main email address. This new sub-domain has a different DMARC policy ("NONE" instead of "REJECT") and I'm hoping that it will minimize the number of messages that get bounced. (This is the first time I'm testing it, so I may not have things correctly configured for the new sub-domain yet.) -- Grant. . . . unix || die