[Rspamd-Users] false positives with DKIM/DMARC and mailing lists (sympa)

Kapetanakis Giannis bilias at edu.physics.uoc.gr
Wed Nov 5 11:13:57 UTC 2025 

Hi,

We're having some trouble with some valid mails coming from mailing list when the original sender has dkim signatures and dmarc policy.

rspamd applies a big score and I know it's ok and that something is missing on the mailing list server side.
Since I also run sympa I want to find what is the best way to handle this, in order to apply both to my site and inform the remote
mailing list admin.

- Munge the From address?
- Strip original DKIM headers (this will probably fail dmarc)?
- Make the mail list server apply a new DKIM header?
- Make the mail list apply ARC?
- All/some of the above?

I'm whitelisting mails detected as MAILLIST and have a specific MIME_TO or MIME_FROM header,
but this is done after they are blocked once (and spotted by me or reported). So this is not a permanent solution.

Here is a test mail that got blocked by rspamd. I've altered the domain names, hoping I didn't make any mistake there

sender at original.sender.com sends mail to list at mailglist.com
His email is also handled by gmail, so we have 
X-Google-DKIM-Signature
DKIM-Signature for d=original.sender.com

Mailing list does not apply DKIM for @mailglist.com

Mail comes to my domain.

Mail From: list-owner at mailglist.com
Mime From: sender at original.sender.com
Mime To: list at mailglist.com
Rcpt To: my_user at example.com

Does rspamd also check mail from (instead of mime from) for DKIM?
Is there a preference there?

The relevant headers are bellow. If someone can have a look and post an advice I would appreciate it.

Thanks,

G

R_DKIM_REJECT:8:original.sender.com:s=google
DMARC_POLICY_QUARANTINE:8:original.sender.com : SPF not aligned (relaxed), quarantine
MISSING_XM_UA:0
REPLYTO_DOM_NEQ_FROM_DOM:0
TO_DN_SOME:0
PRECEDENCE_BULK:0
FORGED_RECIPIENTS_MAILLIST:0
FORGED_SENDER_MAILLIST:0
ARC_NA:0
DKIM_REPUTATION:0:0
HAS_REPLYTO:0:list at mailinglist.com
DKIM_TRACE:0:original.sender.com:-
FROM_NEQ_ENVFROM:0:sender at original.sender.com, list-owner at mailinglist.com
MX_GOOD:-0.01:
HAS_LIST_UNSUB:-0.01
R_SPF_ALLOW:-0.2:+a:mailinglist.com
MAILLIST:-0.2:generic

Received: from sympa  by sympa.mailinglist.com (envelope-from <list-owner at mailinglist.com>)
    with local (Exim 4.89 (Debian GNU/Linux))
    id 1vGaY6-0002aL-HZ; Wed, 05 Nov 2025 12:15:30 +0200
Received: from mx0.mailinglist.com
    by sympa.mailinglist.com (envelope-from <sender at original.sender.com>)
    with esmtps (tls_cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
    id 1vGaY0-0002ZR-NR
    for list at mailinglist.com; Wed, 05 Nov 2025 12:15:24 +0200
Received: from mail-yw1-x112b.google.com
    by mx0.mailinglist.com (envelope-from <sender at original.sender.com>)
    with esmtps (tls_cipher TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
    id 1vGaXz-00041a-Ld
    for list at mailinglist.com; Wed, 05 Nov 2025 12:15:24 +0200
Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-786a822e73aso4828827b3.3
        for <list at mailinglist.com>; Wed, 05 Nov 2025 02:15:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=original.sender.com; s=google; t=1762337721; x=1762942521; darn=mailinglist.com;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=gzaBH6pMCOR0eicydoJRyLc2k3jtV6aq562/H2+xOm0=;
        b=MPL9gcB3Y/jcOqk9aQ+giHI+9G8mlC+4gE5zFuyYJgva/wB7qxYxH9vbR9+bts18ze
         88Nmu1VXiEmLJes/354kxNMuZQLChUra8WCl/Cz+SOt3r6dyjck+dIEuzdbIEKjxh3Gj
         XY8O4owAaC0L5wjPZliedRXwcurY+eeyI8oiG8gZEFv9xXe22YUs0osbqzdItjF9ZvF9
         +An9IzksYxXf9yJjHWvwNFhzsQLaDQvOFtwCyKm1fZhR4AsScNZXg5sNkC73wKoY75mW
         NfRwq9htlLTwML2rE5ICnZbJxhDaiJksqTzRXLz0eLJJHi8RXoS+uz7slfJIioNPtSWP
         W/5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762337721; x=1762942521;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=gzaBH6pMCOR0eicydoJRyLc2k3jtV6aq562/H2+xOm0=;
        b=u/y1UHU3ht0nGiIsyTjUBvQDrQ0ENQ1Kh6oSzcSoJcQ5utHpPqX1/M+LE9twrK2bFQ
         6WTQTiXec8CKpYAPdOgNLNtqQwnBeFQLUqIMzWK21fv6LfUZSH12p7MRjbW3fxnZEbp5
         gdd4S3WzIdl1zZS//y78scWhFkmUVRoheL+ojrSzL+8KSbY2zvHnf3Ntq/90ChfyX6ZE
         xML3MJQDLJvKmXsyB/yaFqXywf4n1vuvp9jeG5xhR+ByQ2OpCWKVSLhkbIiYZZleWu8E
         coI3EQC6XBvEA+ZWwNfLGr7HWG6+wUW5uXeXqSdWaGNfWAFoGOX/nWBbdrLrn1/c3R8/
         ml6A==
X-Gm-Message-State: AOJu0YzzZKOe5UhHWkUP6VNTC+a30dMUC9Bqx7SxfrgFji8vnl6/zFkm
    T0GZpTPL+0NygGMo6fxlafoYC5nFMDh0plwbV8aj33iY9Pr6Ghaf4hOnICXdZpJG71fzds/RXc7
    CiszyN2rDTO/nzm7MJez4boNKoIoeqYW73YPz7yvDEBxMGxUZQ/7sD7E=
X-Gm-Gg: ASbGncsOwVOwD8PMdtdTc+abI94oCG/wrW0VukM+g71U08j+rDqV8RpNUhUP0wTEIKn
    qQ1xZHv+dARIZ/eEfukaSwEby7pDIMSfbttGubY8914iKhvcZTpILCG0qMVs4k8JBIAp+LGsnT/
    pZ3HuIZJnr4M22OlLJuP6KemfL/V7urGxqiMPkgDOzJjQmC8qV5gtaK/4UjHhTW9eoXp6G0a3l9
    NR+4fofAc9ryTB5Uw5EP5nF8L/qbXFuG22ja7lKqcOzMDi7eYvCDQ3PlNFd4GNRgU1CorVk/und
    lIj2SAYxsOEFk40VeQg36aCm/TJI
X-Google-Smtp-Source: AGHT+IF9T6H+rXdGSA8AAGktAdi5PHynjggVJ7k2fXH5Cxo6HiRektDbBJIHmFE0TUEKr22HIcXiKQi2UtgUc4rAGS4=
MIME-Version: 1.0
In-Reply-To: <CAFv2h9rQ-wao8ordfbi9qayrSkAQO0H4qOiGk3o1ViKABigV0Q at mail.gmail.com>
From: <sender at original.sender.com>
Date: Wed, 5 Nov 2025 12:15:05 +0200
X-Gm-Features: AWmQ_bmg6VmD-_fGuHurpP_yR2S_sCnhT5fabg1MkzRo54eH-8MidY0kojsxQtc
Message-ID: <CABzp=RZ8p9THdV1fyqL-3zyX5j5pGjA43fckpud7vV0NEEh_8A at mail.gmail.com>
To: list at mailinglist.com
Cc: <another-list at mailinglist.com>
X-Loop: list at mailinglist.com
X-Sequence: 360
Errors-To: list-owner at mailinglist.com
Precedence: list
Precedence: bulk
Sender: list-request at mailinglist.com
X-no-archive: yes
List-Id: <..>
List-Help: <..>
List-Subscribe: <..>
List-Unsubscribe: <..>
List-Post: <..>
List-Owner: <..>
List-Archive: <..>
Archived-At: <..>

More information about the Users mailing list