[asterisk-users] OT: DMARC enabled domains on this list

[Daniel Tryba]

On Mon, Jun 05, 2017 at 01:08:17PM -0400, James B. Byrne wrote:
> This is likely the issue surrounding mailing lists rewriting headers
> and/or modifying messages bodies or simply re-transmitting messages as
> the original sender from an unapproved domain. This was discussed at
> length on the ITEF mailing list.  Without seeing your headers and
> those of a recipient it is impossible to be sure but my spidy sense
> tells me this is so.

Subjects (atleast) are being rewritten, a recipient can't verify the
original (signed) hash to match the received message (replay
protection).  Only thing that is needed is a valid DKIM signature after
the subject (and maybe others) has "[asterisk-users]" prepended.

It appears exim 4.76 is being used, that version is recent enough to add
DKIM on sending via smtp.

begin transports

remote_smtp:
        driver                  = smtp
        dkim_domain             = lists.digium.com
        dkim_selector           = auniqueid
        dkim_private_key        = /etc/exim4/dkim/list.digium.com-private.pem
        dkim_canon              = relaxed

More info for example from:
https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
The hints to do this for only 1 domain if the smtpd is used for others
are all there.
 
> You can manage this in your DNS forward zone by turning off the DMARC
> reporting request. No, I no longer recall the details.  Or you can
> simply direct the incoming reports to /dev/null.

The reports are there to tell you something isn't right (like on this
mailing list). Disabling them is only hiding the problem, people might
be replying with the correct answer to a problem, but the OP might never
gets that message.