Tomas Hlavaty skrev den 2023-06-22 10:04:
Hi,
lists.roundcube.net/kolabsys seems to be altering messages leading to
dkim=fail reason="signature verification failed" reason="fail (body has
been altered)" and a flood of failure reports showing where are the
messages from kolabsys.com forwarded to, quarantined or rejected.
Would it be possible for lists.roundcube.net/kolabsys not to break dkim
signatures?
spamassassin maillist does not break dkim, and postfix maillist on
cloud9 did not break dkim, after its moved to sys4 mailman, it breaks
dkim
Authentication-Results mx.junc.eu (amavisd-new); dkim=pass (4096-bit
key) header.d=kolabsys.com header.b="ia4iONMD"; dkim=fail (2048-bit key)
reason="fail (message has been altered)" header.d=knowledgetools.de
header.b="TFaxQjJe"; dkim=fail (2048-bit key) reason="fail (message has
been altered)" header.d=knowledgetools.de header.b="HNNvJA0M"
Authentication-Results ext-mx-out002.kolabsys.com (amavisd-new);
dkim=pass reason="pass (just generated, assumed good)"
header.d=kolabsys.com
Authentication-Results ext-mx-out002.kolabsys.com (amavisd-new);
dkim=fail (2048-bit key) reason="fail (message has been altered)"
header.d=knowledgetools.de header.b=TFaxQjJe; dkim=fail (2048-bit key)
reason="fail (message has been altered)" header.d=knowledgetools.de
header.b=HNNvJA0M
Authentication-Results ext-mx-in001.kolabsys.com (amavisd-new);
dkim=fail (2048-bit key) reason="fail (message has been altered)"
header.d=knowledgetools.de header.b=TFaxQjJe; dkim=fail (2048-bit key)
reason="fail (message has been altered)" header.d=knowledgetools.de
header.b=HNNvJA0M
Authentication-Results ext-mx-in002.kolabsys.com (amavisd-new);
dkim=pass (2048-bit key) header.d=knowledgetools.de header.b=TFaxQjJe;
dkim=pass (2048-bit key) header.d=knowledgetools.de header.b=HNNvJA0M
amavisd should stop dkim sign if not originating mails, all others
should be ARC-Sign/ARC-Seal before its manglede in mailman, that will
solve downsream verify to see that original dkim was pass or fail, this
will be like what dmarc expect all maillist owners to solve, then
maillist can add headers/body content without break dmarc, this is the
important part of it
hopefully amavisd will soon do the ARC, metacpan Mail::DKIM already do
support it, so only love in amavisd is missing
sadly mailman breaks it all :/
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
