On Tue 22/Dec/2020 03:37:52 +0100 Benny Pedersen wrote:
On 2020-12-21 18:27, Alessandro Vesely wrote:
On Mon 21/Dec/2020 01:52:11 +0100 Benny Pedersen wrote:
For the message I'm replying to, I got:
Authentication-Results: wmail.tana.it;
spf=pass smtp.mailfrom=ietf.org;
dkim=pass reason="Original-From: transformed" (whitelisted) header.d=junc.eu;
dkim=pass (whitelisted) header.d=ietf.org
header.b=GUNfiCpP;
dkim=fail (signature verification failed, whitelisted) header.d=ietf.org
header.b=IIMQxhd+
Two out of three is not bad, is it? If IETF only did ARC seals, I'd
probably verified no signature at all —since I don't run ARC checks.
metacpan Mail::DKIM gives dkim invalid if just one dkim is invalid, so
spamassassin says aswell dkim invalid
I don't think that's a reasonable choice. A DKIM informative note exemplifies
this very case:
INFORMATIVE NOTE: The rationale of this requirement is to permit
messages that have invalid signatures but also a valid signature
to work. For example, a mailing list exploder might opt to leave
the original submitter signature in place even though the exploder
knows that it is modifying the message in some way that will break
that signature, and the exploder inserts its own signature. In
this case, the message should succeed even in the presence of the
known-broken signature.
https://tools.ietf.org/html/rfc6376#section-6.1
what software used above to show this results ?
zdkimfilter
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
