Re: [exim-dev] [Bug 1309] Headers included in dkim_sign_head…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
M 
Delete this message
Reply to this message
Author: Robert Blayzor
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 1309] Headers included in dkim_sign_headers are not in the signature when not in the message
On Sep 23, 2016, at 12:00 PM, Jeremy Harris <jgh@???> wrote:
> ... and doesn't say you can't add other things as well, including
> headers not present.
>
> Yes, DKIM breaks mailinglists…

Well, not entirely true. It only breaks if original signed headers are modified. “most” should not be, and dual signing usually isn’t a problem.

But over signing most certainly does break it more. ie: Posting into a mailing list, over signing it with List-Id that doesn’t exist when sending but is added by the list server on the way back out.


>
>> Is there a knob to turn this back to the original functionality and “not oversign” ?
>
> Not a simple knob, no.
> You could construct a non-oversigning list for dkim_sign_headers by
> using a suitably complex expansion. Probably involving ${filter…}.


I guess the “work around” to make them break less would be something like:

dkim_sign_headers = MIME-Version:Date:From:Subject:In-Reply-To:References:Message-Id:To:CC


But something like this would work?

dkim_sign_headers = ${if def:h_Date: {Date}}


(obviously you’d have to build some lager/ugly concatenated list)


--
Robert
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP Key: 78BEDCE1 @ pgp.mit.edu





This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] [Bug 1309] Headers included in dkim_sign_headers are not in the signature when not in the message[exim] Exim 4.88 RC1 uploaded->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)