[Mailman-Users] DKIM signing issue - relaying mailman e-mails from third party sources
Mark Sapiro
mark at msapiro.net
Wed Oct 11 14:12:00 EDT 2017
On 10/11/2017 01:23 AM, Dlugasny via Mailman-Users wrote:
>
> The problem is that we are sending an E-mail which looks as follow:
>
> From: campaign at myserver.com
> Return-Path: mailman-bounces at external-company.com
> To: @gmail.com
>
> The problem is that DKIM check on the gmail server server (and all others) returning error:
> [...mailman-bounces at external-company.com](mailto:mailman-bounces at external-company.com) does not designate xx.xx.xx.xx as permitted sender
This is not DKIM. it is SPF. external-company.com publishes an SPF
record that doesn't allow myserver.com as a sender. Start at
<https://en.wikipedia.org/wiki/Sender_Policy_Framework> to learn more
about SPF.
There are two solutions to this. The
Return-Path: mailman-bounces at external-company.com
header indicates that mailman-bounces at external-company.com is the
envelope sender of the message and SPF is based on the domain of the
envelope sender.
solution 1). external-company.com can augment its published SPF record
to designate your myserver.com server as a permitted sender.
solution 2). Your mail relaying process can rewrite the envelope sender
to your domain, e.g., campaign at myserver.com or some other appropriate
@myserver.com address. This will break mailman's automated bounce
processing for mail from mailman-bounces at external-company.com that is
relayed by you, but if you can verify the deliverability of that mail
before relaying it and if it's not deliverable, reject it before
rewriting the envelope sender, that won't be an issue.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list