Mailing List Archive

On Wed, June 27, 2018 20:04, Dianne Skoll wrote:
> Hi,
>
> Not unexpectedly, this list is breaking DMARC and DKIM. Any chance of
> mitigating this?
>
> 0.1 DKIM query returned fail (body has been altered) (d=cisco.com)
>
> Quarantined due to DMARC policy DMARC_POLICY_QUARANTINE for domain
> cisco.com

this is with any mailling list, because, as soon as you add something like

<begin>
----------
mailling list ...
<end>

you alter the mail body, but this breaks DKIM only in case it includes the
mail body; and this is unusual, because for the mail body you have other
ways like S/MIME or PGP signatures

some mailing lists don't alter the mail body, in order not to break and
digital mail signatures like S/MIME or PGP - the prefered way a mailing
list should work;

and mailling list servers send the mails without changing the From-Header;
and to face the SPF problems use their own address in the MAIL
FROM-Envelope;



_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Thu, 28 Jun 2018 08:36:39 +0200
"Walter H." <walter.h@mathemainzel.info> wrote:

> > Not unexpectedly, this list is breaking DMARC and DKIM. Any chance
> > of mitigating this?

> this is with any mailling list,

Hence "Not unexpectedly..."

> you alter the mail body, but this breaks DKIM only in case it
> includes the mail body; and this is unusual, because for the mail
> body you have other ways like S/MIME or PGP signatures

All DKIM-signed emails I have in my INBOX include the body hash
"bh=xxx" in the signature.

I'm not sure what software runs the ClamAV mailing list, but I'd have
thought most would have ways to work around this. I use Mailman myself,
and recent versions have options to work around DMARC problems.

Regards,

Dianne.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Thu, 28 Jun 2018, Walter H. wrote:

> this is with any mailling list, because ...

Before this gets any more embarrassing, please do a little research on
the person to whom your lecture is addressed.

--

73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 28. jun. 2018 18.11.18 Dianne Skoll <dfs@roaringpenguin.com> wrote:

>>
> I'm not sure what software runs the ClamAV mailing list, but I'd have
> thought most would have ways to work around this. I use Mailman myself,
> and recent versions have options to work around DMARC problems.

Better not use mailman it will break dkim if change of body, mailman does
not break dmarc or for rhat matter spf

I think you know more on email then i do

Postfix maillist does not break dkim at all, see forward to other maillist
does maillist as good
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Mailman is used, and Mailman will break dkim if not properly configured in DNS. We are working with our operations team to create and correct the DNS entries needed.

Sent from my iPad

> On Jun 28, 2018, at 12:40 PM, Benny Pedersen <me@junc.eu> wrote:
>
>
>
> On 28. jun. 2018 18.11.18 Dianne Skoll <dfs@roaringpenguin.com> wrote:
>
>>>
>> I'm not sure what software runs the ClamAV mailing list, but I'd have
>> thought most would have ways to work around this. I use Mailman myself,
>> and recent versions have options to work around DMARC problems.
>
> Better not use mailman it will break dkim if change of body, mailman does not break dmarc or for rhat matter spf
>
> I think you know more on email then i do
>
> Postfix maillist does not break dkim at all, see forward to other maillist does maillist as good
>>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

in case this mailing list uses DKIM and sets it correctly,
there is a problem with the DKIMs already found in the mail,
when reaching the maillist server ...

these get invalid just, when adding something to the mail at bottom or
whereever;

better think of a way which doesn't break S/MIME or PGP signatures, then
the others issues are solved, too;

On 28.06.2018 18:49, Joel Esler (jesler) wrote:
> Mailman is used, and Mailman will break dkim if not properly configured in DNS. We are working with our operations team to create and correct the DNS entries needed.
>
> Sent from my iPad
>
>> On Jun 28, 2018, at 12:40 PM, Benny Pedersen<me@junc.eu> wrote:
>>
>>
>> On 28. jun. 2018 18.11.18 Dianne Skoll<dfs@roaringpenguin.com> wrote:
>>> I'm not sure what software runs the ClamAV mailing list, but I'd have
>>> thought most would have ways to work around this. I use Mailman myself,
>>> and recent versions have options to work around DMARC problems.
>> Better not use mailman it will break dkim if change of body, mailman does not break dmarc or for rhat matter spf
>>
>> I think you know more on email then i do
>>
>> Postfix maillist does not break dkim at all, see forward to other maillist does maillist as good

Mailman does have the ability, after it alters the message, do have dkim operate properly. I run about 13 mailman lists. Clamav is the only one we have set up in the situation it is in (for legacy reasons), and ClamAV is the only list I manage that has this problem. So I know it's solvable.

> On Jun 28, 2018, at 1:06 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
>
> you don't understand DKIM!
>
> as logn as the Form-Header is a foreign domain (the sender) and the
> body/subject is mangeled (subject prefix, list-footer) you can do
> whatever you want in your DNS entries, if you would be able to fix that
> with *your* DNS records DKIM would be useless at all
>
> Am 28.06.2018 um 18:49 schrieb Joel Esler (jesler):
>> Mailman is used, and Mailman will break dkim if not properly configured in DNS. We are working with our operations team to create and correct the DNS entries needed.
>>
>> Sent from my iPad
>>
>>> On Jun 28, 2018, at 12:40 PM, Benny Pedersen <me@junc.eu> wrote:
>>>
>>>
>>>
>>> On 28. jun. 2018 18.11.18 Dianne Skoll <dfs@roaringpenguin.com> wrote:
>>>
>>>>>
>>>> I'm not sure what software runs the ClamAV mailing list, but I'd have
>>>> thought most would have ways to work around this. I use Mailman myself,
>>>> and recent versions have options to work around DMARC problems.
>>>
>>> Better not use mailman it will break dkim if change of body, mailman does not break dmarc or for rhat matter spf
>>>
>>> I think you know more on email then i do
>>>
>>> Postfix maillist does not break dkim at all, see forward to other maillist does maillist as good

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml