Hi Matthias, On 2025-02-21 13:28, Matthias Apitz wrote:
> El día jueves, febrero 20, 2025 a las 08:40:46a. m. -0800, > [email protected] escribió: > > > > I've got a reject of an email to a public PostgreSQL mailing list > > > due to an issue with my DKIM signature. Attached below. I've sent a > > > test email to my company mailbox to see my resulting DKIM > > > signature. It's: > > > > > What could be wrong with this and how do I fix this. mutt is sending > > > the mail to the SMTP server of my provider 1blu, i.e. I have in > > > ~/.muttrc: > > > > Just read the reply carefully: > > > > > This email has a DKIM signature on the List- headers of the email, > > > indicating that it is not allowed to pass this email on through a > > > mailinglist. > > > > The DKIM signature header you quote shows that you're signing over the > > List-* headers. You -- or your SMTP server -- should not do that. > > > > If you can't change that, you could try a public remailer of some sort. > > > > Btw, I had exactly this problem with the postgresql-general mailing > > list too. But I run my own mail server, so the fix was easy. > > I have access to the DNS configuration at the server of my ISP for the > zone 'unixarea.de'. See attached screen. Some years ago I've added there > this this because I couldn't sent mails anymore to gmail: > > $ host -t txt unixarea.de > unixarea.de descriptive text "v=spf1 ip4:178.254.4.101 a:unixarea.de -all" > > I see there something DKIM related, which was not inserted by me and > must be relatively new. The line says: > > v=DKIM1; k=rsa; > p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEiF06k04ltYm1C53caXqEu+6wlR9MetdGnjUUX4P+tlkRYEU8t+xYMuTknhZ+96C2V1Eol8iU81YxxW3pogXHuSITZuYiwFoZ2LvmiCJvswUDGgCqQJhqHA1K7+M4AE15bV/mwCqwQRI/UGhEvRtdens+F+lYhf7IEsELI2W7/pr5AovtP3NQWgMI/4eLNDJtQOvTBGESexiWqsUweAYUrW80xchEUlWE2pvhLwF61DP3YcIhbfHMIxw/KkFw4QIk2/r50y8bM70aQIY6EhcoFnh1FquG3P4TRs/W1E5d+wZtuPpRzOtHJKq9ayTDNO7J5GRAis9J+NmSucJFomYQIDAQAB > > but there is nothing List-* related or is this encrypted in the p=.... > value? Any mail I do send has this DKIM-signature which is added by my > ISP 1blu as the s=blu3434000 shows: The DNS entry contains the public key to verify your DKIM signatures, but the signature is applied by the mailserver (using the DKIM private key). I am not sure how 1blu handles this and whether you can ask them to change the signing configuration with respect to the included headers. > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=unixarea.de > ; s=blu3434000; h=Content-Transfer-Encoding:Content-Type:MIME-Version: > Reply-To:Message-ID:Subject:To:From:Date:Sender:Cc:Content-ID: > > Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc > > :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: > List-Subscribe:List-Post:List-Owner:List-Archive; > bh=mUXCo4CB5VS0jsNsC2LeR8NOxLomD73G556GgsVmluA=; > b=evptchc8isl0uD+RpFR+iPUP1z > > Fsx3N3+Hy1JPLQlNuGuHzKZA460Lgd/X+ZZQfp/LQVvcVVWfvMPXOOoNz9ANhTJPCfhAtfu0zit2a > > Xozgq0bH66Ig2PNNayGDoz+BOocDLTqT87Ue9O+OOYp5VXrV2r3xFdwPMI5rmSklhECwQiMMgpfb2 > > Hnp1yOfjq5W9JdHjYCbMPFWCR+4BCyfPzUCKRJDN/txoUMTHr73Ip0S95QAhw1cT++2zGHeIv9Sdv > > 3G+bZxy/UpIRg0WMmD6P+04gNjxGBWlOu8YukSX/g3k1sYiBpnbKnh5NdWI/ZPpS5S+WQAqbzteWS > dhKhQmVw==; > > Should I just delete this TXT entry in the DNS config? No, without the DNS entry, the signature cannot be verified. - Jan
