On 2011-04-15 at 14:38 +0200, Luca Bertoncello wrote:
> Now, as I know, DKIM (and DomainKey before) should solve the problem of a
> forward, which can fail with SPF.
> Could someone say me, why I get these errors?
Mailing-lists tend to edit Subject: lines (see "[exim]" above) and add
footers:
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
Thus DKIM messages which are modified no longer have valid signatures.
This is an accurate state of affairs (what you received has been
tampered with, and the crypto caught that) but not helpful for ultimate
receivers.
Ideally, the mailing-list manager's local MTA will verify DKIM and the
MLM will strip the inbound DKIM (or rename them to X-Old-*) and then
sign the messages so that they're verified as coming from the list.
If you run a mailing-list but don't control the host, then turning off
those modifications for your list may help.
(We should look closely at this for lists like, uhm,
"exim-users@???")
-Phil