Mailing List Archive

dkim fail on forwarded messages
i'm having trouble with dkim on mail sent to a mailing list that gets
forwarded.

i've posted a description here
https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/readme.org

if i send an email from an account on my exim server to my gmail, it passes
spf, dkim, dmarc.
https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/gmail-spf-dkim-dmarc-pass-direct-email.txt

if i send an email to linux-kernel@vger.kernel.org that email gets
forwarded and fails spf and dkim.
https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/forwarded-email-fails-spf-dkim-google.com%21challenge-bot.com%211654905600%211654991999.xml

i validated my dkim using dkimvalidator.com and the results are here:
https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/dkimvalidator.com-results.txt

any help would be greatly appreciated. this is for a personal server that
i'm setting up on my own with no prior email server experience.

thanks!
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: dkim fail on forwarded messages [ In reply to ]
DKIM breaks mailinglists.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: dkim fail on forwarded messages [ In reply to ]
On 2022-06-26 ozzloy via Exim-users <exim-users@exim.org> wrote:
> i'm having trouble with dkim on mail sent to a mailing list that gets
> forwarded.
[...]
> if i send an email to linux-kernel@vger.kernel.org that email gets
> forwarded and fails spf and dkim.
> https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/forwarded-email-fails-spf-dkim-google.com%21challenge-bot.com%211654905600%211654991999.xml
[...]

Hello,

I think you are signing using exim's default value of dkim_sign_headers
which guarantees that dkim signatures break when they pass a mailing
list. This includes e.g. "List-Id" i.e. it signs the last List-Id-header
present or for your mail (with no List-Id header) signs the absence of a
List-Id header. The mailing list headers adds one, et voila signature
broken.

You will need use a different value for dkim_sign_headers to have a
/chance/ of verifyable DKIM after a message passed through a mailing-list.
e.g. I would use "=List-Id" instead of "List-Id".

cu Andreas

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: dkim fail on forwarded messages [ In reply to ]
Or is it "Mailing lists break DKIM?" ;-)

On 29/06/2022 10:37, Jeremy Harris via Exim-users wrote:
> DKIM breaks mailinglists.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: dkim fail on forwarded messages [ In reply to ]
thanks!

with your help, and a lot of reading, i've updated my config to prefix = in
front of all List* headers
https://git.sr.ht/~ozzloy/exim-configuration/tree/master/item/30_exim4-config_remote_smtp#L47

i sent myself emails and did not see "List*" as part of the DKIM
signature's headers!

is there anything else i can test out before sending another email to the
linux kernel mailing list?

is it all right if i send a message to exim-users from that server?

is there a way to change the dkim signature based on whether it's being
sent to linux-kernel@vger.kernel.org ? or more generically, query the
recipient and see what headers it will add/modify?

is there a good tutorial for the exim configuration file language?


footnote for future reference, this was helpful
https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html

i found a lot more information when i started searching for dmarc and
dkim_sign_headers. thanks again!


On Fri, Jul 15, 2022 at 3:02 PM Mike Tubby via Exim-users <
exim-users@exim.org> wrote:

> Or is it "Mailing lists break DKIM?" ;-)
>
> On 29/06/2022 10:37, Jeremy Harris via Exim-users wrote:
> > DKIM breaks mailinglists.
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: dkim fail on forwarded messages [ In reply to ]
On 23/07/2022 07:21, ozzloy via Exim-users wrote:
> is there a good tutorial for the exim configuration file language?

http://exim.org/exim-html-current/doc/html/spec_html/

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/