On 14.08.25 11:20, Andreas Metzler via Exim-dev wrote:
On 2025-08-13 Andreas Metzler via Exim-dev <exim-dev@lists.exim.org> wrote:
[...]
Further thoughts:
Is it actually a good idea to blindly sign all List-* headers? Shouldn't
this only happen on the mailing-list's outgoing mailserver? (after
removing pre-existing, wrong List-* headers) This is especially true for
List-Unsubscribe-Post: I would not want add any kind of positive
attestation to a "Please klick here" field I am not personally
responsible for (or have checked).
speaking as one of the people behind the postgresql.org mailing lists,
the exim default of signing List-* headers is a massive operational pain
- what we have to do here is catching these mails in moderation and
rejecting with a explaination that we wont accept mails with those headers.
The "only" MTA that we have seen this issue with is actually exim -
there have been extensive discussions on this for example on:
https://www.postgresql.org/message-id/flat/82011.1740245157%40sss.pgh.pa.us#32780416f93a1b3627ceb23c04ff7ba0
as well as external resources like:
https://wiki.debian.org/Exim#For_running_a_mailing_list_and_ensuring_all_sent_mail_is_DMARC_compliant
(I have not been able to test this on the big providers, except for GMX:
They sign a pre-existing List-ID header, remove List-Post, do not sign
List-URL and List-Unsubscribe-Post)
depending on the origin and the (final) destination manipulating the
headers that way can cause other issues.
regards
Stefan
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
