Well, it's a moral victory. I did get the acl to do what I wanted and give
me only the final DKIM signature. No go. Then I turned back on the LISTSERV
DKIM service so I'd get a LISTSERV signature +followed+ by an SMTP
signature. That fails, too. I'm beginning to think DMARC wants mailing list
software to crawl off and die.
On Thu, Sep 29, 2022 at 2:45 PM Johnnie W Adams <jxadams@???> wrote:
> But maybe that's not necessary! This condition will only be true if the
> host which passes the mail to my SMTP server is the LISTSERV server. I take
> it that's the "calling host", correct? So:
>
> accept hosts = dbm;/etc/exim/friendly_hosts #which will contain my
> LISTSERV server's FQDN
> remove_header = DKIM-Signature
>
> On Thu, Sep 29, 2022 at 2:19 PM Johnnie W Adams <jxadams@???> wrote:
>
>> So it sounds like I need to add something like:
>>
>> accept <has a DKIM header>
>> remove_header = DKIM-Signature
>>
>> in order to remove the first pass's signature. I'm not finding a
>> condition with which to test for the presence of a DKI header, though.
>>
>> On Thu, Sep 29, 2022 at 2:01 PM Jeremy Harris via Exim-users <
>> exim-users@???> wrote:
>>
>>> On 29/09/2022 19:11, Johnnie W Adams via Exim-users wrote:
>>> > So my next step, I think, is
>>> > to add a DKIM header for the second pass through our SMTP servers.
>>>
>>> I'd be tempted to add that signature and not add the other two.
>>> You should not be removing any that you were not responsible
>>> for adding.
>>>
>>> I'd also suggest looking into ARC, verifying on initial reception
>>> by your organisation and signing on exit. But that's a little
>>> more abstruse.
>>> --
>>> Cheers,
>>> Jeremy
>>>
>>>
>>> --
>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>> ## Exim details at http://www.exim.org/
>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>
>>
>>
>> --
>> John Adams
>> Senior Linux/Middleware Administrator | Information Technology Services
>> +1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
>> *UA Little Rock*
>>
>> Reminder: IT Services will never ask for your password over the phone or
>> in an email. Always be suspicious of requests for personal information that
>> come via email, even from known contacts. For more information or to
>> report suspicious email, visit IT Security
>> <http://ualr.edu/itservices/security/>.
>>
>
>
> --
> John Adams
> Senior Linux/Middleware Administrator | Information Technology Services
> +1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
> *UA Little Rock*
>
> Reminder: IT Services will never ask for your password over the phone or
> in an email. Always be suspicious of requests for personal information that
> come via email, even from known contacts. For more information or to
> report suspicious email, visit IT Security
> <http://ualr.edu/itservices/security/>.
>
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? |
http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<
http://ualr.edu/itservices/security/>.