Re: [exim] DKIM signing and header choices?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Simon Josefsson
Data:  
Para: Evgeniy Berdnikov via Exim-users
CC: Evgeniy Berdnikov
Assunto: Re: [exim] DKIM signing and header choices?
Evgeniy Berdnikov via Exim-users <exim-users@???> writes:

> The built-in value could be changed with dkim_sign_headers, but
> this patch gives much more reasonable default, IMHO.


I'm now running with this local config instead:

DKIM_SIGN_HEADERS = From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:=Resent-Date:=Resent-From:=Resent-Sender:=Resent-To:=Resent-Cc:=Resent-Message-ID:=In-Reply-To:=References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive

Reviewing modern exim source makes me suggest the patch below. This
makes DKIM signature not cover any non-existing List-* headers in the
message to be signed, which seems reasonable to me, and consistent with
RFC 4871:

   The following header fields SHOULD be included in the signature, if
   they are present in the message being signed:
...
   o  List-Id, List-Help, List-Unsubscribe, List-Subscribe, List-Post,
      List-Owner, List-Archive


RFC 6376 does not contain the same wording, so maybe this is a complex
area. Perhaps a review of what other DKIM signing software is using
would be useful? In case there is any established best practice out
there.

/Simon
From 203f6e74ef669080afbc9f1adc45f64269fba3a0 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@???>
Date: Fri, 13 Aug 2021 17:38:47 +0200
Subject: [PATCH] DKIM: Make List-* headers optional in
PDKIM_DEFAULT_SIGN_HEADERS.

---
src/src/pdkim/pdkim.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index f6ff78251..4a6ff820a 100644
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -32,8 +32,8 @@
                              "Content-Description:Resent-Date:Resent-From:"\
                              "Resent-Sender:Resent-To:Resent-Cc:"\
                              "Resent-Message-ID:In-Reply-To:References:"\
-                             "List-Id:List-Help:List-Unsubscribe:"\
-                             "List-Subscribe:List-Post:List-Owner:List-Archive"
+                             "=List-Id:=List-Help:=List-Unsubscribe:"\
+                             "=List-Subscribe:=List-Post:=List-Owner:=List-Archive"


 #define PDKIM_OVERSIGN_HEADERS "+From:+Sender:+Reply-To:+Subject:+Date:"\
                              "+Message-ID:+To:+Cc:+MIME-Version:+Content-Type:"\
-- 
2.30.2