From my tests, setting sender_list true has no effect. The mail is still rejected. I am pretty sure that DMARC only looks at the FROM header.

An online article suggested that removing the DKIM signature from the forwarded mail would solve the problem, but it does not. The mail gets refused as unauthenticated.

It looks like I am reduced to banning Yahoo senders or stripping the sender data and making all the mail appear to come from the list rather than the original senders.

Neil

I think the short answer is set:
    sender_list true
to rewrite the sender header.

    ChrisP.

On 28/04/2016 7:53 a.m., Neil Herber (nospam) wrote:

I have several small, closed mailing lists running on SurgeMail. A new list member has a YAHOO address, and the mail he sends gets rejected by Gmail, Hotmail, Yahoo, and others with this error message:

Site gmail.com (173.194.74.27) said after data sent: 550 5.7.1 initiative. rc7si2769636igc.23 - gsmtp 550-5.7.1 Unauthenticated email from yahoo.ca is not accepted due to domain's\n550-5.7.1 DMARC policy. Please contact administrator of yahoo.ca domain if this\n550-5.7.1 was a legitimate mail. Please visit\n550-5.7.1  https://support.google.com/mail/answer/2451690 to learn about DMARC

I suspect that the sender's FROM address is triggering this false positive, even though:

1) The return path is set to Return-Path: <servicename-bounce@eton.ca>

2) The reply-to is set to Reply-To: servicename@eton.ca

3) The sender was verified by SPF "Received-SPF: pass (Last token {ptr:yahoo.com} (res=PASS)) client-ip=98.xxx.xxx.173; " so they were a real Yahoo customer.

Is there any way around this? Or do I need to strip out the sender info in DLIST which makes it harder for users to see who originated the message to the list?

Note that my current setup has worked for ALL users for years. This is our first "yahoo" list member.

Neil

--
Neil Herber

--
Neil Herber