On 4/29/2019 5:00 PM, Jeremy Harris via Exim-dev wrote:
> You'll get the default headers signed, then. That includes signing
> the lack-of-presence of a header in the set.
>
> However: it's irrelevant. The ML adding a header making the signature
> bad does not matter. The ML also appends to the body... making your
> signature bad. That's what signatures are for (I'm sure you know this,
> just wanting to be clear in case...)
>
> So. DKIM signatures do not survive transmission through a ML.
> (Sometime phrased as "DKIM breaks mailinglists").
>
> The DKIM RFCs say "do not treat a lack of verifiable DKIM signature as
> cause for rejecting a message". Google is ignoring that, and the
> brou-ha-ha is not really, IMHO, Exim's problem. It's a 800Kg gorilla
> problem.
Thank you for confirming. I suspected that was the case - there was a
lot of conflicting feedback, and I didn't think there was technically
anything wrong with my setup.
Just a quick thanks to all the Exim devs for their work over the years!
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org