Request: Please sign this list's messages via DKIM or SPF

Binarus lists at
Mon Apr 4 11:12:11 EDT 2016


On 04.04.2016 16:32, Dave McMurtrie wrote:
> I completely agree.  I'll run this up the management chain and see if I
> can get approval.  Really, the ideal solution would be to set up a list
> server in the domain and handle it there because CMU
> management doesn't care what we do in that domain.  I'd love to do that,
> but I'm hesitant to foist that change on Cyrus users since info-cyrus
> has been on lists.andrew for so many years now.
> Your input is appreciated, though.

Well, not being an expert in that area, my 2 cents:

I think I wouldn't move to another server, too (never touch a running system). But eventually you could forward all messages from lists.andrew to which then could sign and send them? That way you could keep the current server (nearly unaltered) for mailing list management, processing the received messages and sending messages. The only change would be to not directly send messages, but to forward them.

Before sending, should rewrite the envelope-from and from, making them something like "cyrus-imapd-list at". The receiving MTAs could then get the public DKIM key from and check if the signature is valid, i.e. if the message actually has been sent by

Or, even easier: Just add an appropriate SPF record to the DNS configuration of, and we could test what happens. Adding such record should get immediate approval by your management since it does not affect other DNS records or the mailing list server in any way. In other words, you would just have one more TXT record in your DNS which will not interfere with any other system component in any way. I strongly assume that this already would be sufficient.



More information about the Info-cyrus mailing list