[Mailman-Users] DomainKey problem with Mailman

Lindsay Haisley fmouse-mailman at fmp.com
Thu Feb 12 18:39:07 CET 2009 

One of the subscribers to a list I host (Jack McKinney) has been having
a problem with inbound mail from the list getting rejected by his mail
server.  He's tracked it down to a problem with the Sender header field,
which gets re-written by Mailman to the VERP address of the list bounce
processor containing the recipient's address.  This triggers a rejection
by libdomainkeys.

RFC 2822 states as follows:

 The "Sender:" field specifies the
 mailbox of the agent responsible for the actual transmission of the
 message.  For example, if a secretary were to send a message for
 another person, the mailbox of the secretary would appear in the
 "Sender:" field and the mailbox of the actual author would appear in
 the "From:" field. 

So, since Mailman is the "agent responsible for the actual transmission
of the message", re-writing the Sender header doesn't appear to be a
violation of the spec, but there is a problem here.  It appears that
Mailman _should_ either offer the option of preserving the original
poster's Sender header, or should nuke the original poster's
DomainKey-Signature: header.

Or does it appear that libdomainkeys is in error here?

Your thoughts, good people?

-------- Forwarded Message --------
From: Jack McKinney <jackmc at lorentz.com>
Reply-To: jackmc at lorentz.com
To: Lindsay Haisley <fmouse at fmp.com>
Subject: Problem Solved!
Date: Thu, 12 Feb 2009 11:15:01 -0600

	Well, problem identified, anyway.  This is something that mailman or
courier will have to fix.
	Your mailing list is adding a Sender header.  However, the Sender
header does not represent the message sender, as it should.  It instead
represents the mailing list.  Since the DomainKey in the message is for
one domain (d=brockster.us), and the sender is in a different domain
(Sender: linux-bounces+jackmc=lorentz.com at ctlug.org), it is an error.
	I believe that libdomainkey does this because adding a Sender: header
that is not the _original_ sender is a violation of the RFC (822?).
	When anyone posts from a domain that has DomainKeys to one of the
lists, the list adds a conflicting Sender header, causing anyone parsing
messages at the SMTP port using libdomainkeys to reject the message as
forgery.

-- 
Lindsay Haisley       | "Everything works    |    Accredited
FMP Computer Services |       if you let it" |      by the
512-259-1190          |    (The Roadie)      |   Austin Better
http://www.fmp.com    |                      |  Business Bureau

More information about the Mailman-Users mailing list