On 10/11/22 07:42, hi@zakaria.website wrote:
Another update yet with a solution.
I found the causing issue with DKIM and DMARC failure when a signed
email pass through mailing list such as dovecot as I expected, it has
nothing to do with the mailing list but it's to do with DKIM signing
headers set. It's due to one of or several headers in the DKIM signing
set, getting added or modified after signing at dovecot end.
Anyhow, here is the DKIM signing headers set in this mailing list, that
it should work and it will prevent the batch of DMARC emails and bad
signature from happening again.
from:from:reply-to:date:date:message-id:message-id:to:to:cc:
mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references
Please forgive me for jumping in, but I just noticed this. I (like
many others) have issues with mailing lists and the flurry of DMARC
emails after posting. I'm using OpenDKIM. There's a lot of material
out there about proper configuration of DKIM, but nothing really
definitive, with lots of "it depends on your requirements" type of
noncommittal crap. Email use cases don't differ THAT much.
So does what you said above mean that you've come up with a working
configuration to address the issue of mailing lists causing DKIM to barf
due to header modifications? If so, can you tell me more about
specifically what you're doing, like which headers you're signing and
how? I've been at my wits' end with this for some time; DKIM (and SPF
etc etc) seem to be really quite awful overall.
Thanks,
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
