On Mon, 2007-12-10 at 11:42 +0100, Luca Bertoncello wrote: > Sure, but it signs always the "Received", too... And this IS altered, of > course, by every MTA...
So that's a daft header to use for signing, then! > Has someone a solution for this problem? Otherwise it has the same problem of > SPF, but without a solutions... :( Don't use "Received:" headers for the signing process, perhaps? Otherwise, the signature could be invalidated by any number of completely non-interactive (ie. not involving a human, like forwarding which has to be chosen) means, like (for example) traversing a backup MX. Or a transparent SMTP proxy, which some ISPs still use for outbound mail. Or... or... well, any number of things. Interestingly, the DKIM specification RFC4871 states: The following header fields SHOULD NOT be included in the signature: o Return-Path o Received o Comments, Keywords OK, I know that DKIM isn't DomainKeys, but it does obsolete it (4871 obsoletes 4870) but that statement alone is worth many thousands of other words. Graeme -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
