Re: [exim] DKIM signing options - specially list of headers

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: Exim-users
Subject: Re: [exim] DKIM signing options - specially list of headers
On 31 Jul 2018, at 11:51, Jeremy Harris via Exim-users <exim-users@???> wrote:
> Starting with "DKIM breaks mailing-lists".


Indeed.

However, I'm puzzled: a post to a mailing list shouldn't have the List-*: headers until it's traversed the MLM server, as they're added by the MLM.

At that point it's the MLM's job (or its MTA) to sign the message, which should then be removing/replacing all other DKIM sigs and sending the message on with a new one - exactly as the exim.org MLM, mailman, does.

In the original message in this thread, there's:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=exim.org;
     s=d201804; h=Sender:Content-Type:Content-Transfer-Encoding:..


X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt;
c=relaxed/relaxed;
d=open-t.co.uk; s=20170820; h=Content-Transfer-Encoding:Content-Type:...

The second one has included headers which I would not expect to be present on a message from a client to a mailing list. It also includes them in the DKIM sig - yet they don't exist, or shouldn't, at the submission stage.

To answer Sebastian's question - something in your outbound mail flow is doing that, as the headers were present on the inbound message to the exim.org listserver. Whether you've got some Thunderbird plugin or something else in your exim config doing it, only you can tell!

Graeme