Re: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

Fri, 21 Oct 2022 14:51:15 -0700 

On 2022-10-11 14:05, Benny Pedersen wrote:

hi@zakaria.website skrev den 2022-10-11 13:42:

On 2022-09-13 13:10, Benny Pedersen wrote:

hi@zakaria.website skrev den 2022-09-13 14:03:



from:from:reply-to:date:date:message-id:message-id:to:to:cc:
     mime-version:mime-version:content-type:content-type:
     in-reply-to:in-reply-to:references:references

Thanks to my friend who didnt need a credit, and helped me out in
reaching this solution.



i have no frinds, but it might be related 
https://gitlab.com/fumail/fuglu/-/issues/262


with my conservative list of signed headers it pass



Indeed, it's because you set the following headers in dkim signing 
headers:-


from : subject :
    date : to : message-id


Although not sure why you've added some space, as per standards I think 
only colon separated list its the compliant format like the following:-


from:subject:date:to:message-id


Anyhow this is my final update, the previous headers set which I 
included wasnt perfect as cc header was causing a trouble, given it can 
fail at some point e.g. when replying more than one time to the same 
recipient through a mailing list, and mind me OX and iRedMail, I had to 
check your signing headers set, hopefully you are ok for me to present 
it here as the optimal one to avoid DKIM failures:-


OX:-
Date:From:To:In-Reply-To:References:Subject:From

IRM:-
x-mailer:message-id:in-reply-to:to:references:date:subject
    :mime-version:content-transfer-encoding:content-type:from


iRedMail seems to be the best headers set given it includes X-Mailer 
header, which enhances signature validity, when client uses specific 
mail client app, although it can be faked yet one must know which client 
app the sender would use and if was able to have information to this 
length I guess signature validity would be an easy task to break it 
further.



Also, I was advised by a friend to duplicate the signing headers in 
order to disallow spoofing signature further, while I couldnt see how 
nor populate a proof of concept, I removed it but if someone understand 
it, I would appreciate their elaboration, surely with thanks :)


Good luck.

Zakaria.

























					Reply via email to