[dns-operations] Mailing List Behaviour Change

Jim Popovitch jimpop at domainmail.org
Sun Apr 7 20:36:36 UTC 2019

On Sun, 2019-04-07 at 12:27 -0600, Grant Taylor wrote:
> On 4/7/19 9:46 AM, Jim Popovitch wrote:
> > Nope, It's per list configuration.
> Sorry, I was conflating the REMOVE_DKIM_HEADERS option, which is across 
> lists.
> I associate it with DMARC, because incoming DKIM headers can cause 
> problems if anything that is signed changes.
> > Mailman can default to munging if the domain has DNS/DNSSEC resolution 
> > issues.> The decision was made to munge when in doubt if DNSSEC 
> > mitigations are enabled and there are DNS resolution (such as when the 
> > mailman host is doing DNSSEC validation)
> Which version of Mailman does that apply to?  I'm more familiar with 
> version 2.x.  I'm wondering if that's new in 3.x.

That specific fix was introduced in mailman 2.1.25 (Oct-2017).  Basically if
python's dns.resolver returns NoNameservers for a sender's domain, we assume
there is a DNSSEC Validating failure of the local resolver and
wrap/munge/discard/hold the message.  Here's the comments in the commit:

-Jim P.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190407/41a2c3f8/attachment.sig>

More information about the dns-operations mailing list