Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
excess dkim header?
exim-users at lists
Jan 5, 2024, 1:02 PM
Post #1 of 4 (119 views)
Permalink
iphone -> mail.rg.net:465
mail.rg.net -> psg.com:25+tls
psg.com -> ran.opsg.com:25+tls
ran.psg.com -> laptop:imap

From: Randy Bush <randy@psg.com>
Subject: Test
To: Randy Bush <randy@psg.com>
Date: Fri, 5 Jan 2024 08:58:45 -0800
Return-path: <randy@psg.com>
Received: from psg.com ([2001:418:1::62])
by ran.psg.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95)
(envelope-from <randy@psg.com>)
id 1rLnX7-001N1m-Ng
for randy@ran.psg.com;
Fri, 05 Jan 2024 16:58:58 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=psg.com; s=rgnet-mail; h=To:Message-Id:Subject:Date:Mime-Version:From: Content-Transfer-Encoding:Content-Type:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fSnKOmqIZVeDVUt1kuCVcfJg6W3wEvvZHGwavjuKhd0=; b=RpsFSUakrJcTcebn/Ro3CKZ4Cj q3Bykk13gWO/EqRG4wu26CXQRlniMMk8GYlBJUNHDoKR19m1KHw24IPRMRChS24+g3DzxpP5Kkg52 Yp0zStfgfZ7ueM3po5JgwOlmlFsCGUrL9zWrELXXXJy4IsJgqEHk7DBN2z1xVLA6Ax9xLLvRS2PWI fvu2CUZkLcQQRqZlG3CTGW+xYWrCwpEkFdBw/wilZaAe9hB/600mq0mCoRKDlQ+66md3DHSTMHGTY oj5112piV54AxA8IbNpvzjLJ0wubgypTvZRtYZ0MT5KdtNj/TfBdi4Q5wPdRjC4h2nlVoeKB/4Jv2 nCl5Iu8A==;
Received: from [198.180.152.13] (helo=mail.rg.net)
by psg.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97 (FreeBSD))
(envelope-from <randy@psg.com>)
id 1rLnX7-000000008lW-0DIi
for randy@psg.com;
Fri, 05 Jan 2024 16:58:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=psg.com; s=rgnet-mail; h=To:Message-Id:Subject:Date:Mime-Version:From: Content-Transfer-Encoding:Content-Type:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fSnKOmqIZVeDVUt1kuCVcfJg6W3wEvvZHGwavjuKhd0=; b=RpsFSUakrJcTcebn/Ro3CKZ4Cj q3Bykk13gWO/EqRG4wu26CXQRlniMMk8GYlBJUNHDoKR19m1KHw24IPRMRChS24+g3DzxpP5Kkg52 Yp0zStfgfZ7ueM3po5JgwOlmlFsCGUrL9zWrELXXXJy4IsJgqEHk7DBN2z1xVLA6Ax9xLLvRS2PWI fvu2CUZkLcQQRqZlG3CTGW+xYWrCwpEkFdBw/wilZaAe9hB/600mq0mCoRKDlQ+66md3DHSTMHGTY oj5112piV54AxA8IbNpvzjLJ0wubgypTvZRtYZ0MT5KdtNj/TfBdi4Q5wPdRjC4h2nlVoeKB/4Jv2 nCl5Iu8A==;
Received: from c-73-25-227-89.hsd1.or.comcast.net ([73.25.227.89] helo=smtpclient.apple)
by mail.rg.net with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from <randy@psg.com>)
id 1rLnX6-000FRw-1S
for randy@psg.com;
Fri, 05 Jan 2024 16:58:56 +0000
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <9BE60988-9ECA-48D7-BD20-BAB969FC046B@psg.com>
X-Mailer: iPhone Mail (21C66)
X-Spam-Score: 7.0 (+++++++)
X-Spam-Flag: YES

should psg.com have recognized that it was already properly DKIMmed and
not added the second?

randy

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: excess dkim header? [ In reply to ]
exim-users at lists
Jan 5, 2024, 1:22 PM
Post #2 of 4 (119 views)
Permalink
On 1/5/24 21:02, Randy Bush via Exim-users wrote:
> should psg.com have recognized that it was already properly DKIMmed and
> not added the second?

AFAICS RFC 6376 places no restriction on a second signature,
even if it is done by the same organisation. The section
on verification mentions handling multiple signatures
(but, again, with no mention of who the signatures are from).

One good reason might be for known changes to the message.
Otherwise... pointless but not really a problem?
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: excess dkim header? [ In reply to ]
exim-users at lists
Jan 5, 2024, 1:43 PM
Post #3 of 4 (119 views)
Permalink
On 2024-01-05 at 16:02:45 UTC-0500 (Fri, 05 Jan 2024 13:02:45 -0800)
Randy Bush via Exim-users <randy@psg.com>
is rumored to have said:

> should psg.com have recognized that it was already properly DKIMmed
> and
> not added the second?

Thought experiment: what would you do in response to seeing an
unfamiliar document with your seemingly valid signature on it?

It seems to me that such an event should be alarming unless specifically
expected. Or perhaps that it is so unlikely as to be not worth looking
for. I'm not sure that looking for it in order to avoid signing it again
would fit many use cases.

It is worth noting that there are entirely valid reasons to re-sign a
message that has already been signed by a prior MTA. Mailing lists
sometimes are configured to do that.


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: excess dkim header? [ In reply to ]
exim-users at lists
Jan 5, 2024, 2:40 PM
Post #4 of 4 (119 views)
Permalink
On Fri, 5 Jan 2024, Randy Bush via Exim-users wrote:

> iphone -> mail.rg.net:465
> mail.rg.net -> psg.com:25+tls
> psg.com -> ran.opsg.com:25+tls
> ran.psg.com -> laptop:imap

> should psg.com have recognized that it was already properly DKIMmed and
> not added the second?

Not strictly relevant for DKIM, but for ARC
if ran.[o]psg.com trusts psg.com but not mail.rg.net,
then it would definitely make a difference.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal