The mailing list for listmasters using Sympa

[Steve Shipway <address@concealed>]

We use option #3 in the list -- take ownership of the email -- since it is
by far easier.

Our DKIM is handled by our mail gateway (a Cisco Ironport cluster), not by
Sympa, which makes it easier.   We strip off any DKIM headers when
distributing a message via a list, and allow the gateway to re-add new DKIM
headers for our domain.  So, DKIM can still be used for Sympa authorization
(though we don't do this) and we don't need to worry about additional
headers.  If a message had failed the SPF or DKIM checks, we would have
already have bounced, rejected or quarantined it before it gets to the Sympa
servers.  

While we do get headers added by our gateway for SPF and DKIM checks, they
are not in Authentication-Results format and so cannot easily be moved to
the X-Original-Authentication-Results header.  To create one of these, we'd
either need Sympa to do the SPF validation (which it can't since it is not
the gateway) or to parse the Received-SPF header (which would need a lot of
work to be a general solution).

Our current focus is more on S/MIME as being a solution to mail woes; though
the problem is getting the legacy mail clients able to handle it and Outlook
to stop using ms-tnef format encapsulation where it should use multipart.
Improving the SMIME signature handling in Sympa, particularly with regard to
mailmerge lists (optionally stripping signatures before merge), lists
signing messages with their own certificate, etc, is somewhere we'd like to
see movement.  If we were able to state that all official communications
would be SMIME signed it would be great, but currently there is insufficient
support for SMIME amongst clients.

Incidentally, I have yet to see any messages come into our site with a
failed DKIM check flagged; though we have thousands of failed SPF checks
each day.

Steve

Steve Shipway
address@concealed

Attachment: smime.p7s
Description: S/MIME cryptographic signature