When operating a mailing list with Mailman, you may want to accept and deliver all emails sent from within your organization. For example, if you are using Mailman as a contact point for your organization. This article describes how to extend Mailman's moderator module to accept and deliver all DKIM-signed emails posted from specific domains [^ restriction].
[^ restriction]: Recently, there seems to be a case where abandoned account is created by Gmail etc. and DKIM signed spam is sent. Therefore, we do not recommend the policy of accepting and delivering all DKIM-signed emails.
To receive mail from non-mailing list participants when running a mailing list with Mailman, either (1) set the generic_nonmember_action option to "Approve" or (2) set the accept_these_nonmembers option to an appropriate regular expression. There are options such as. However, the former (1) accepts all emails, and the latter (2) also relies on headers that are easy to spoof, making it vulnerable to spam.
To address this issue, we have tried the following extensions:
However, since the mail server of our university has moved from on-premises to G Suite, the sending mail server used by the members can no longer be limited, and [all mail posted from a specific mail server will be delivered](https: // qiita). .com / tsuchm / items / 44a76392ca94d28f1617) The method is no longer available.
As an alternative, you can verify your DKIM signature by using Emails sent from G Suite have a DKIM signature. I will introduce the setting that the From of the received mail will be delivered to all the mails that match the domain of your organization.
First, install the Python module for verifying the DKIM signature.
sudo apt install python-dkim
Then copy DKIMModerate.py to / usr / lib / mailman / Mailman / Handlers /. In addition, please read the part of / usr / lib / mailman / as appropriate according to your environment.
Then, write the following settings in /etc/mailman/mm_cfg.py.
DKIMDOMAINPATTERN = "[@.]example\.jp$"
GLOBAL_PIPELINE[GLOBAL_PIPELINE.index('Moderate')] = 'DKIMModerate'
The first line is a regular expression that matches your organization's domain. The following line specifies to use the above module instead of the Mailman / Handlers / Moderate.py that comes with Mailman itself.
That's all for the settings. All emails that have a domain that matches DKIMDOMAINPATTERN in the From address and have a valid DKIM signature will now be delivered.