==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 2024030401 (Backend: mariadb, Date: 2024-04-08 12:13:19)
- Deployed with iRedMail Easy
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend: MySQL
- Web server: Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
====

We have a few mailing lists hosted on our mail server.  With Google and Yahoo basically enforcing everyone to use SPF, DKIM and DMARC our clients have now implemented this (This is a good thing overall, just introduces new issues).

I've been trying to track down why some clients were going too Spam (Google) or not delivered at all (mac.com). But others had no issues.

After investigation I've found out that it depends on the DMARC policy of none, quarantine or reject.

The client whose emails were either going to Google's spam or not delivered at all (mac.com) had their policy to 'reject'.

I found this posting: https://begriffs.com/posts/2018-09-18-d … -list.html

I've modified:  /opt/iredmail/custom/mlmmjadmin/settings.py
--------
MLMMJ_DEFAULT_REMOVED_HEADERS = [
    'Authentication-Results:',
    'ARC-Authentication-Results:',
    'DKIM-Signature:'
]
--------
Then restarted the mlmmjadmin service. (and eventually the whole server).

Questions:
1) Why is the mac.com one passing but the two clients using google failing ?
2) Can I moved the source dkim, etc. headers so that only my dkim header is passed onto the receiver ?

For now - the client has changed their policy to none also and their messages are being received - but this seems like something that a mailing list should be able to do ?

thanks
Kent.

======
Looking at the source headers for the dkim/spf/dmarc authentication (these are from my test gmail account).

Sender: via google, dmarac policy = reject
------------------------------------------------------
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kamar.nz header.s=dkim header.b="Pwjw6jF/";
dkim=fail header.i=@obhs.school.nz header.s=google header.b=T8ewpJO+;
spf=pass (google.com: domain of betas+bounces-...@kamar.nz designates 2001:df5:5e80::251 as permitted sender) smtp.mailfrom="betas+bounces-...@kamar.nz";
dmarc=fail (p=REJECT sp=REJECT dis=QUARANTINE) header.from=obhs.school.nz

Sendar: via google, dmarc policy = none
------------------------------------------------------
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kamar.nz header.s=dkim header.b=rEVBGEAt;
dkim=fail header.i=@gc.ac.nz header.s=google header.b=hULp+8fg;
spf=pass (google.com: domain of betas+bounces-...@kamar.nz designates 103.158.176.251 as permitted sender) smtp.mailfrom="betas+bounces-...@kamar.nz";
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gc.ac.nz

Sendar: via mac.com, dmarc policy = none
--------------------------------------------------------
Authentication-Results: mx.google.com;
dkim=pass header.i=@kamar.nz header.s=dkim header.b=PkEba7EG;
dkim=pass header.i=@mac.com header.s=1a1hai header.b=dxSFCrB5;
spf=pass (google.com: domain of betas+bounces-...@kamar.nz designates 103.158.176.251 as permitted sender) smtp.mailfrom="betas+bounces-...@kamar.nz";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mac.com