Thanks Russ

The only thing that I found that worked with Yahoo/DMARC was to set hide_sender to true.

If systems that honour DMARC (includes Gmail and many others) find a FROM header, they use it to verify the sending domain/IP.

Surprisingly, "surgemail-list@netwinsite.com" leaves the sender's FROM header in, which means the mail would fail if sent from a Yahoo user to Yahoo, Gmail or others. Mail to systems that don't verify DMARC get through fine.

Neil

Neil,

Here's the config file I've been using for years for the one list I run.

list mac-mgrs@lists.mac-mgrs.org
� header_add X-list-mom-address: xxxxxxxx@lists.mac-mgrs.org
� access_join anyone
� access_list moderator
� access_leave member
� access_post member
� access_who moderator
� archive true
� footer /usr/local/surgemail/dlist/macHIDDEN@ists_mac-mgrs_org/footer.tpl
� footer_html /usr/local/surgemail/dlist/macHIDDEN@ists_mac-mgrs_org/footer_html.tpl
� join_cookie true
� max_per_user 5
� max_size 20
� max_users 5000
� moderator xxxxxxxx@lists.mac-mgrs.org
� no_processed_message true
� password xxxxxxxx
� reply_to_user True
� status_interval 3
� subject_prefix [MM]
� title Mac-Mgrs
� web_archive true
� web_hide_email true
� list_textonly true
� digest_rfc true

Might help.

On 4/28/16 2:28 PM, Neil Herber (nospam) wrote:

I cannot find a field on the GUI for "from_list", nor is there any
documentation of this feature in:

http://netwinsite.com/surgemail/help/dlist.htm#list_specific_settings

Is this a "secret" feature? ;-)

Neil


On 2016-04-28 1:12 AM, surgemail-support wrote:

Ooops, sorry I thought you'd already changed the from, yes you need to set
it to be from the list.

from_list true

No there's no nice work around that I know of, they are specifically
stopping forged from headers which is what mailing lists traditionally use.

��� ChrisP.


On 28/04/2016 3:17 p.m., Neil Herber (nospam) wrote:

From my tests, setting sender_list true has no effect. The mail is still
rejected. I am pretty sure that DMARC only looks at the FROM header.

An online article suggested that removing the DKIM signature from the
forwarded mail would solve the problem, but it does not. The mail gets
refused as unauthenticated.

It looks like I am reduced to banning Yahoo senders or stripping the
sender data and making all the mail appear to come from the list rather
than the original senders.

Neil


On 2016-04-27 6:02 PM, surgemail-support wrote:

I think the short answer is set:
��� sender_list true
to rewrite the sender header.

��� ChrisP.


On 28/04/2016 7:53 a.m., Neil Herber (nospam) wrote:

I have several small, closed mailing lists running on SurgeMail. A new
list member has a YAHOO address, and the mail he sends gets rejected by
Gmail, Hotmail, Yahoo, and others with this error message:

Site gmail.com (173.194.74.27) said after data sent: 550 5.7.1 initiative. rc7si2769636igc.23 - gsmtp 550-5.7.1 Unauthenticated email from yahoo.ca is not accepted due to domain's\n550-5.7.1 DMARC policy. Please contact administrator of yahoo.ca domain if this\n550-5.7.1 was a legitimate mail. Please visit\n550-5.7.1https://support.google.com/mail/answer/2451690� to learn about DMARC

I suspect that the sender's FROM address is triggering this false
positive, even though:

1) The return path is set to Return-Path: <servicename-bounce@eton.ca>

2) The reply-to is set to Reply-To: servicename@eton.ca

3) The sender was verified by SPF "Received-SPF: pass (Last token
{ptr:yahoo.com} (res=PASS)) client-ip=98.xxx.xxx.173; " so they were a
real Yahoo customer.

Is there any way around this? Or do I need to strip out the sender info
in DLIST which makes it harder for users to see who originated the
message to the list?

Note that my current setup has worked for ALL users for years. This is
our first "yahoo" list member.

--
Neil Herber