OK, that will not generate the right DKIM sigs, but at least it will prevent Mailman from forwarding the original ones, and consequently generate false positives in spam filters.
The problem is that mailman has been adding signatures with keys that don't exist, so they can't be verified. The fix is quite simple, put the keys into ICANN's DNS server. There's no reason to remove existing signatures; any spam filter that pays attention to signatures that don't verify is hopelessly broken anyway. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly. PS: Don't argue. I wrote some of the DKIM standards, you know.