
On Fri, Nov 20, 2015 at 07:29:04AM +1100, Brian May wrote:
"Joel W. Shea via luv-talk" <luv-talk@luv.asn.au> writes:
1) DKIM signing messages sent by the mailing list
[...]
IIRC I think somebody said that Mailman breaks the DKIM on the original message.
I was referring to the mailing list making it's own signatures, but you're correct, in some circumstances mailmain will break signatures, for instance; by rewriting the From/Subject fields where they were signed by the original sender.
Which provokes the question - why not fix Mailman so it doesn't break the DKIM on the original message?
Mailman can already sensibly handle DKIM signatures.
IIRC this is because of the design of Mailman; it interprets the headers and writes them out again, so it can't write them back exactly the same as they were before.
I don't have the references handy, I apologise in advance if I got the above wrong.
I recall there being a long discussion thread on the mailman list, late last decade, regarding the handling of DKIM signature edge-cases, but I think things have improved since then
Which seems to be saying we need to mangle the From: header due to poor design decisions in Mailman.
Only if we want forwarded mail to pass DMARC policy, which is a seperate issue (the second one on my original post) [...]