On 4/28/2019 9:56 AM, Bill Cole via mailop wrote:
On 28 Apr 2019, at 2:19, Brielle Bruns wrote:
On 4/27/2019 11:19 PM, Bill Cole wrote:
Basically DKIM on my EXIM server is configured in the default way
which Debian’s config file sets it up once you provide it with the
necessary keys for signing. If it’s got something that they need to
fix to make it behave better, I’m all for getting that together.
I guess that means that Exim on Debian has matched one of the most
famous "features" long touted for Exchange...
You should be able to modify the header selection for signing in the
Exim config and you should do so with thoughtfulness, rather than
simply accepting a packager's defaults.
Considering I've been using EXIM for... 15 years or so, and its always
been well behaved in my setup, I've trusted their defaults for most things.
In this case, I've manually overridden the default with
from:to:subject:date based on some quick googling of what other people
have used.
We'll see if it has the desired effect.
but that's a change in behavior that could be suggested to the EXIM
developers to make it a bit more tolerant of what you are suggesting.
Indeed. As an Exim user, you may wish to take this up with the
developers or take ownership of your own configuration, as clearly they
don't understand the DKIM spec.
I have an absurd amount of customization in my setup - just this wasn't
one of them due to having setup dkim to appease Google's filtering on
short notice.
For a long time, I refused to insert DKIM headers on the grounds it
created situations like this.
It does not need to create situations like THIS. THIS is the result of
unwise choices by multiple parties, most significantly by Google.
I'm _still_ grappling with another situation involving google putting my
company's auction winner notifications w/ PDF attachments in the Spam
folder. That system uses postfix instead of EXIM.
My frustration with google's spam filtering grows by the day.
A broader range of possible problems can be avoided by taking care to
create robust signatures rather than fragile ones.
But, you can thank certain large providers who make some hurdles if
you don't have DKIM signed messages.
This is still mostly limited to SMTP over IPv6, which I have not yet
needed to resort to.
DMARC elicits the same 'Fuck that' response from me. I implement
something with regards to it only because I need mail to go through.
I don't disagree. I do think it is most pragmatic to implement such
things in ways that break less rather than trying to make the flaws
stand out as chronic breakage.
In the end, sane defaults should be the norm, but we all know that's a
crapshoot. Lack of documentation on how the big guys handle mail ends
up compounding issues...
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
