Hi,
I am using Exim (4.92.1, as part of Ubuntu 19.10) together with DKIM. I use a fairly vanilla DKIM configuration, providing and selectors
based on the domain part of selected outgoing mails (using dkim_domain, dkim_selector, dkim_private_key). Everything works as expected,
however in case of mailing list posts, I get DKIM errors as the Exim-generated DKIM signature contains headers, which are not in my original
mail (those get inserted by mailing list software afterwards). This Exim behavior is fully compliant with the relevant RFCs but somewhat
annoying. Is there any chance to tell Exim only to list existing headers in DKIM signature (would be a feature request) instead of limiting
the headers which are DKIM signed in general (I could do this on a rule basis, however that config will be incomplete and would need constant
adaption).
Example headers below:
--cut headers before signing (from sent folder)
Subject: Re: [RCU] Roundcube version
To: users@???
References: <46EBC8B9-5A35-4A33-9111-09C2C660C9E5@???>
From: roundcube--lists@???
Message-ID: <cdf2edeb-bafb-5c74-dbf6-09026678da58@???>
Date: Tue, 26 Nov 2019 21:34:35 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.1.2
MIME-Version: 1.0
In-Reply-To: <46EBC8B9-5A35-4A33-9111-09C2C660C9E5@???>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
--cut
--cut headers after signing (from mailing list archive)
Return-path: <users-bounces@???>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
deep-thought.ursa-minor-beta.org
X-Spam-Level:
X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
HEADER_FROM_DIFFERENT_DOMAINS,IPV6_RELAY,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_NONE,RELAYCOUNTRY_GOOD,SPF_HELO_NONE,SPF_NONE
autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Relay-Country: CH ** ** ** ** ** ** ** DE DE
Envelope-to: roundcube--lists@???
Delivery-date: Tue, 26 Nov 2019 21:38:08 +0100
Received: from mx.kolabsys.com ([95.128.36.21]:25832)
by deep-thought.ursa-minor-beta.org with esmtps (TLS1.2:ECDHE_SECP256R1__RSA_SHA512__AES_256_GCM:256)
(Exim 4.92.1)
(envelope-from <users-bounces@???>)
id 1iZhb2-0007ld-Dk
for roundcube--lists@???; Tue, 26 Nov 2019 21:38:08 +0100
Received: from localhost (unknown [127.0.0.1])
by ext-mx-out001.kolabsys.com (Postfix) with ESMTP id 46D794BEE;
Tue, 26 Nov 2019 21:38:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kolabsys.com; h=
content-transfer-encoding:content-type:content-type
:list-subscribe:list-help:list-post:list-archive
:list-unsubscribe:list-id:reply-to:precedence:subject:subject
:content-language:in-reply-to:mime-version:user-agent:date:date
:message-id:from:from:references:received:received:received
:received:received:received:received:received; s=dkim20160901;
t=1574800682; x=1576615083; bh=Fqo2f7ZH0MBZT9ggUmwI2EhncLbZsRER
3qgdNLwpGAc=; b=OvnGc9vl/pwRxSqp6Ym1/OMXqya6J/j8Hpw/2TRMnxh+9p9q
aVRpahoXpgVSexesqtMnd+tkxkHuIPG8Uw624KhHuifZ5Y+Tpof+DRhEx6dFSsbG
qB/JazE1OFUwKFFkbGY+UrYeK4bMUhU/pWnYO4sRoB6JZzKFYFeIQnyFEsr9SLs2
SHUAI0Eowo00E0VVP3y0JNFjBbPZbMit357iwtX2RXJUg1AXzDrXBvdoqTZ9cKVp
0IWSJSKhtiqWGn6hHGCR/gh2u8KC6TL7AmLncBV9fTRIpF4FK9SH+mjOAHKaasUH
BGbxCcJ+Ws5Im7ZjEbOQGss/fwbpUKl1HI0s4ngwmL/V0ISvpgBKKCIKpBob4MsX
SOkxE4e8FlVBWndLp4uhCQZtFuhbGRuDbGwBk0DQnUNYjZT+v/xO2D6ozDQTWpYi
rvayamDa5ravFpdQTnk/NlCfXfPnk0nsYVnkgv5hJN8etWdoSIEVD33Z6mG7ZPXg
B7NDPOj591NotuIIJ/qdH0BloG8nutm0HAGy+MyAMGjQ1i2ZYSh16bds8HwGz8MN
XOuyfiJYxrMJh2uWbOZtQJGC1sGyPQsrSd7AZ0mPitrr+h7/Ix4P6Gm07gtiXj1V
BY4flddPDoykZObt8BPmp2BqNxPoWzn1eDsv1zunKKUXdCfJxnQ4AJ20Blo=
X-Virus-Scanned: amavisd-new at kolabsys.com
Received: from mx.kolabsys.com ([127.0.0.1])
by localhost (ext-mx-out001.kolabsys.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id G-6FT4uVXiHd; Tue, 26 Nov 2019 21:38:02 +0100 (CET)
Received: from int-mx001.kolabsys.com (unknown [10.5.9.1])
by ext-mx-out001.kolabsys.com (Postfix) with ESMTPS id 8D80F3BF9;
Tue, 26 Nov 2019 21:38:02 +0100 (CET)
Received: from mx.kolabsys.com (unknown [10.5.3.2])
by int-mx001.kolabsys.com (Postfix) with ESMTPS id AE004C24653B;
Tue, 26 Nov 2019 21:37:59 +0100 (CET)
X-Virus-Scanned: amavisd-new at kolabsys.com
Authentication-Results: ext-mx-in002.kolabsys.com (amavisd-new);
dkim=fail (2048-bit key) reason="fail (message has been altered)"
header.d=thomas.freit.ag
Received: from lists02.kolabsys.com (unknown [10.10.20.114])
by ext-mx-in002.kolabsys.com (Postfix) with ESMTP id 9B9853B30;
Tue, 26 Nov 2019 21:37:10 +0100 (CET)
X-Original-To: users@???
Delivered-To: users-at-lists-dot-roundcube-dot-net@???
Received: from int-mx001.kolabsys.com (unknown [10.5.9.1])
by lists02.kolabsys.com (Postfix) with ESMTP id 026DC616F3
for <users@???>; Tue, 26 Nov 2019 21:37:08 +0100 (CET)
Received: from mx.kolabsys.com (unknown [10.5.3.2])
by int-mx001.kolabsys.com (Postfix) with ESMTPS id D67E9C245B3C
for <users@???>; Tue, 26 Nov 2019 21:37:07 +0100 (CET)
X-Orig-Spam-Flag: NO
X-Orig-Spam-Score: -4.3
X-Orig-Spam-Level:
X-Orig-Spam-Status: No, score=-4.3 tagged_above=-999 required=4.5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DMARC-Filter: OpenDMARC Filter v1.3.2 ext-mx-in002.kolabsys.com E05B9FB9
Received: from slartibartfass.ursa-minor-beta.org
(slartibartfass.ursa-minor-beta.org [176.9.140.174])
by ext-mx-in002.kolabsys.com (Postfix) with ESMTPS id E05B9FB9
for <users@???>; Tue, 26 Nov 2019 21:36:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=thomas.freit.ag; s=dkim; h=Content-Transfer-Encoding:Content-Type:
In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Vj2ES2vlG9vPsu+tIYpru3iM6RHPwMucoC/QOTSvZ1Q=;
b=jl/uTqyBHhvGbggtG1n9xHBF11
X5DjD3Eeqb2V+b/cWNpeNPYq0FIHxtZ7XU5kcYJxuj+5qZuzXH+ohhQ06UNsYSw3d9SrRqiLwL7Sm
EhEMNrEQVnd3trkrElAK/insFpRbGicpe6MYuaPZxWoEM4Bq8V+vmzWjIx2VGJHX0FyVIA9emS6+D
2xpM1IfZmAGqUDn1FuUINGdvTeiqW5qUKbv4bnrUwB+QtZBDiQUoBrUOfdrSL0YHBkczejEL1YeSg
VPCBpqD5VwuVZunh4eX/rkpWD8Ahznxflp5Nhja9gia727zbPW2Aj5OUL7wfKwsg94c1cuw0t4svT
9VwFaoBg==;
Received: from [2001:4dd4:dadf:f0:ac92:77e5:8ae4:1f53] (port=47856)
by deep-thought.ursa-minor-beta.org with esmtpsa
(TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
(Exim 4.92.1) (envelope-from <roundcube--lists@???>)
id 1iZhXm-00077L-9J
for users@???; Tue, 26 Nov 2019 21:34:42 +0100
To: users@???
References: <46EBC8B9-5A35-4A33-9111-09C2C660C9E5@???>
From: roundcube--lists@???
Message-ID: <cdf2edeb-bafb-5c74-dbf6-09026678da58@???>
Date: Tue, 26 Nov 2019 21:34:35 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.1.2
MIME-Version: 1.0
In-Reply-To: <46EBC8B9-5A35-4A33-9111-09C2C660C9E5@???>
Content-Language: en-US
X-BeenThere: users@???
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Roundcube Users mailing list <users@???>
List-Id: Roundcube Users mailing list <users.lists.roundcube.net>
List-Unsubscribe: <http://lists.roundcube.net/mailman/options/users>,
<mailto:users-request@lists.roundcube.net?subject=unsubscribe>
List-Archive: <http://lists.roundcube.net/pipermail/users/>
List-Post: <mailto:users@lists.roundcube.net>
List-Help: <mailto:users-request@lists.roundcube.net?subject=help>
List-Subscribe: <http://lists.roundcube.net/mailman/listinfo/users>,
<mailto:users-request@lists.roundcube.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: users-bounces@???
Sender: users-bounces@???
Received-SPF: none client-ip=95.128.36.21; envelope-from=users-bounces@???; helo=mx.kolabsys.com
--cut
Best regards,
Thomas
