[asterisk-users] OT: DMARC enabled domains on this list
daniel at tryba.nl
Mon Jun 5 14:30:58 CDT 2017
On Mon, Jun 05, 2017 at 01:08:17PM -0400, James B. Byrne wrote:
> This is likely the issue surrounding mailing lists rewriting headers
> and/or modifying messages bodies or simply re-transmitting messages as
> the original sender from an unapproved domain. This was discussed at
> length on the ITEF mailing list. Without seeing your headers and
> those of a recipient it is impossible to be sure but my spidy sense
> tells me this is so.
Subjects (atleast) are being rewritten, a recipient can't verify the
original (signed) hash to match the received message (replay
protection). Only thing that is needed is a valid DKIM signature after
the subject (and maybe others) has "[asterisk-users]" prepended.
It appears exim 4.76 is being used, that version is recent enough to add
DKIM on sending via smtp.
driver = smtp
dkim_domain = lists.digium.com
dkim_selector = auniqueid
dkim_private_key = /etc/exim4/dkim/list.digium.com-private.pem
dkim_canon = relaxed
More info for example from:
The hints to do this for only 1 domain if the smtpd is used for others
are all there.
> You can manage this in your DNS forward zone by turning off the DMARC
> reporting request. No, I no longer recall the details. Or you can
> simply direct the incoming reports to /dev/null.
The reports are there to tell you something isn't right (like on this
mailing list). Disabling them is only hiding the problem, people might
be replying with the correct answer to a problem, but the OP might never
gets that message.
More information about the asterisk-users