On 2022-06-26 ozzloy via Exim-users <exim-users@???> wrote:
> i'm having trouble with dkim on mail sent to a mailing list that gets
> forwarded.
[...]
> if i send an email to linux-kernel@??? that email gets
> forwarded and fails spf and dkim.
> https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/forwarded-email-fails-spf-dkim-google.com%21challenge-bot.com%211654905600%211654991999.xml
[...]
Hello,
I think you are signing using exim's default value of dkim_sign_headers
which guarantees that dkim signatures break when they pass a mailing
list. This includes e.g. "List-Id" i.e. it signs the last List-Id-header
present or for your mail (with no List-Id header) signs the absence of a
List-Id header. The mailing list headers adds one, et voila signature
broken.
You will need use a different value for dkim_sign_headers to have a
/chance/ of verifyable DKIM after a message passed through a mailing-list.
e.g. I would use "=List-Id" instead of "List-Id".
cu Andreas