On Sat, Aug 14, 2021 at 01:39:29AM +0200, Benny Pedersen <m...@junc.eu> wrote:
> On 2021-08-14 01:22, Ken N wrote: > > Yes I agree. > > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; > d=purpleemail.com; s=x; h= headers .... > > oversigned headers that dont exist to validators breaks dkim I don't think that's the case. When validating, if a header doesn't exist, it would probably just be treated as an empty header for the purpose of validating the signature. > imho some headers changes on transit here, dont sign every header at signing > stata > > reduce your signed headers list to begin with from, to, date, subject > > this will solve some of the problems you have Not in this case. It's the To: header that is being changed by the dovecot mailing list software. So if the To: header is included in the signature, then the signature will become invalid. cheers, raf