[dns-operations] Mailing List Behaviour Change
Jim Popovitch
jimpop at domainmail.org
Sun Apr 7 20:36:36 UTC 2019
On Sun, 2019-04-07 at 12:27 -0600, Grant Taylor wrote:
> On 4/7/19 9:46 AM, Jim Popovitch wrote:
> > Nope, It's per list configuration.
>
> Sorry, I was conflating the REMOVE_DKIM_HEADERS option, which is across
> lists.
>
> I associate it with DMARC, because incoming DKIM headers can cause
> problems if anything that is signed changes.
>
> > Mailman can default to munging if the domain has DNS/DNSSEC resolution
> > issues.> The decision was made to munge when in doubt if DNSSEC
> > mitigations are enabled and there are DNS resolution (such as when the
> > mailman host is doing DNSSEC validation)
>
> Which version of Mailman does that apply to? I'm more familiar with
> version 2.x. I'm wondering if that's new in 3.x.
That specific fix was introduced in mailman 2.1.25 (Oct-2017). Basically if
python's dns.resolver returns NoNameservers for a sender's domain, we assume
there is a DNSSEC Validating failure of the local resolver and
wrap/munge/discard/hold the message. Here's the comments in the commit:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1724
-Jim P.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190407/41a2c3f8/attachment.sig>
More information about the dns-operations
mailing list