[ietf-dkim] Wrong Discussion - was Why mailing lists should strip DKIM signatures

[Ian Eiloart]

--On 27 April 2010 13:29:25 -0600 "McDowell, Brett" <bmcdowell at paypal.com> 
wrote:

>
> Are there MLM vendors or service providers on this list who feel they
> know enough about this use case at this point to have a firm position
> either for or against standardizing this functionality?

I'm neither, but I know that Mailman has the option (per list) to remove 
DKIM headers. IIRC, that's because some sites were incorrectly rejecting 
list messages because of the broken headers. That was causing list members 
to become unsubscribed.

Mailman doesn't check DKIM signatures, or add them. Quite properly, in my 
opinion, this is regarded as the business of the local MTA, not the MLM 
software.

I guess that one enhancement would be the ability to require (per site, per 
list or per user) that senders are authenticated by a DKIM signature, was 
well as authorised, before they can send mail to the list. That would 
require tighter integration than Mailman 2 offers, but it might be feasible 
with Mailman 3.

For example, Mailman 3 will accept mail over LMTP and will reject 
unauthorised emails at RCPT TO. That will allow Exim to call forward to 
test authorisation at SMTP time. Doing something clever with 2xx return 
codes might allow Mailman 3 to say "only if authenticated", otherwise such 
policy could be expressed in a common directory service like LDAP.

-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/