[dns-operations] Mailing List Behaviour Change
jimpop at domainmail.org
Sun Apr 7 20:36:36 UTC 2019
On Sun, 2019-04-07 at 12:27 -0600, Grant Taylor wrote:
> On 4/7/19 9:46 AM, Jim Popovitch wrote:
> > Nope, It's per list configuration.
> Sorry, I was conflating the REMOVE_DKIM_HEADERS option, which is across
> I associate it with DMARC, because incoming DKIM headers can cause
> problems if anything that is signed changes.
> > Mailman can default to munging if the domain has DNS/DNSSEC resolution
> > issues.> The decision was made to munge when in doubt if DNSSEC
> > mitigations are enabled and there are DNS resolution (such as when the
> > mailman host is doing DNSSEC validation)
> Which version of Mailman does that apply to? I'm more familiar with
> version 2.x. I'm wondering if that's new in 3.x.
That specific fix was introduced in mailman 2.1.25 (Oct-2017). Basically if
python's dns.resolver returns NoNameservers for a sender's domain, we assume
there is a DNSSEC Validating failure of the local resolver and
wrap/munge/discard/hold the message. Here's the comments in the commit:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the dns-operations