Hi, I am using Exim (4.92.1, as part of Ubuntu 19.10) together with DKIM. I use a fairly vanilla DKIM configuration, providing and selectors based on the domain part of selected outgoing mails (using dkim_domain, dkim_selector, dkim_private_key). Everything works as expected, however in case of mailing list posts, I get DKIM errors as the Exim-generated DKIM signature contains headers, which are not in my original mail (those get inserted by mailing list software afterwards). This Exim behavior is fully compliant with the relevant RFCs but somewhat annoying. Is there any chance to tell Exim only to list existing headers in DKIM signature (would be a feature request) instead of limiting the headers which are DKIM signed in general (I could do this on a rule basis, however that config will be incomplete and would need constant adaption).
Example headers below: --cut headers before signing (from sent folder) Subject: Re: [RCU] Roundcube version To: [email protected] References: <[email protected]> From: [email protected] Message-ID: <[email protected]> Date: Tue, 26 Nov 2019 21:34:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: <[email protected]> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit --cut --cut headers after signing (from mailing list archive) Return-path: <[email protected]> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on deep-thought.ursa-minor-beta.org X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,IPV6_RELAY,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE,RELAYCOUNTRY_GOOD,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Relay-Country: CH ** ** ** ** ** ** ** DE DE Envelope-to: [email protected] Delivery-date: Tue, 26 Nov 2019 21:38:08 +0100 Received: from mx.kolabsys.com ([95.128.36.21]:25832) by deep-thought.ursa-minor-beta.org with esmtps (TLS1.2:ECDHE_SECP256R1__RSA_SHA512__AES_256_GCM:256) (Exim 4.92.1) (envelope-from <[email protected]>) id 1iZhb2-0007ld-Dk for [email protected]; Tue, 26 Nov 2019 21:38:08 +0100 Received: from localhost (unknown [127.0.0.1]) by ext-mx-out001.kolabsys.com (Postfix) with ESMTP id 46D794BEE; Tue, 26 Nov 2019 21:38:03 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kolabsys.com; h= content-transfer-encoding:content-type:content-type :list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:reply-to:precedence:subject:subject :content-language:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:received:received:received :received:received:received:received:received; s=dkim20160901; t=1574800682; x=1576615083; bh=Fqo2f7ZH0MBZT9ggUmwI2EhncLbZsRER 3qgdNLwpGAc=; b=OvnGc9vl/pwRxSqp6Ym1/OMXqya6J/j8Hpw/2TRMnxh+9p9q aVRpahoXpgVSexesqtMnd+tkxkHuIPG8Uw624KhHuifZ5Y+Tpof+DRhEx6dFSsbG qB/JazE1OFUwKFFkbGY+UrYeK4bMUhU/pWnYO4sRoB6JZzKFYFeIQnyFEsr9SLs2 SHUAI0Eowo00E0VVP3y0JNFjBbPZbMit357iwtX2RXJUg1AXzDrXBvdoqTZ9cKVp 0IWSJSKhtiqWGn6hHGCR/gh2u8KC6TL7AmLncBV9fTRIpF4FK9SH+mjOAHKaasUH BGbxCcJ+Ws5Im7ZjEbOQGss/fwbpUKl1HI0s4ngwmL/V0ISvpgBKKCIKpBob4MsX SOkxE4e8FlVBWndLp4uhCQZtFuhbGRuDbGwBk0DQnUNYjZT+v/xO2D6ozDQTWpYi rvayamDa5ravFpdQTnk/NlCfXfPnk0nsYVnkgv5hJN8etWdoSIEVD33Z6mG7ZPXg B7NDPOj591NotuIIJ/qdH0BloG8nutm0HAGy+MyAMGjQ1i2ZYSh16bds8HwGz8MN XOuyfiJYxrMJh2uWbOZtQJGC1sGyPQsrSd7AZ0mPitrr+h7/Ix4P6Gm07gtiXj1V BY4flddPDoykZObt8BPmp2BqNxPoWzn1eDsv1zunKKUXdCfJxnQ4AJ20Blo= X-Virus-Scanned: amavisd-new at kolabsys.com Received: from mx.kolabsys.com ([127.0.0.1]) by localhost (ext-mx-out001.kolabsys.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-6FT4uVXiHd; Tue, 26 Nov 2019 21:38:02 +0100 (CET) Received: from int-mx001.kolabsys.com (unknown [10.5.9.1]) by ext-mx-out001.kolabsys.com (Postfix) with ESMTPS id 8D80F3BF9; Tue, 26 Nov 2019 21:38:02 +0100 (CET) Received: from mx.kolabsys.com (unknown [10.5.3.2]) by int-mx001.kolabsys.com (Postfix) with ESMTPS id AE004C24653B; Tue, 26 Nov 2019 21:37:59 +0100 (CET) X-Virus-Scanned: amavisd-new at kolabsys.com Authentication-Results: ext-mx-in002.kolabsys.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=thomas.freit.ag Received: from lists02.kolabsys.com (unknown [10.10.20.114]) by ext-mx-in002.kolabsys.com (Postfix) with ESMTP id 9B9853B30; Tue, 26 Nov 2019 21:37:10 +0100 (CET) X-Original-To: [email protected] Delivered-To: [email protected] Received: from int-mx001.kolabsys.com (unknown [10.5.9.1]) by lists02.kolabsys.com (Postfix) with ESMTP id 026DC616F3 for <[email protected]>; Tue, 26 Nov 2019 21:37:08 +0100 (CET) Received: from mx.kolabsys.com (unknown [10.5.3.2]) by int-mx001.kolabsys.com (Postfix) with ESMTPS id D67E9C245B3C for <[email protected]>; Tue, 26 Nov 2019 21:37:07 +0100 (CET) X-Orig-Spam-Flag: NO X-Orig-Spam-Score: -4.3 X-Orig-Spam-Level: X-Orig-Spam-Status: No, score=-4.3 tagged_above=-999 required=4.5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DMARC-Filter: OpenDMARC Filter v1.3.2 ext-mx-in002.kolabsys.com E05B9FB9 Received: from slartibartfass.ursa-minor-beta.org (slartibartfass.ursa-minor-beta.org [176.9.140.174]) by ext-mx-in002.kolabsys.com (Postfix) with ESMTPS id E05B9FB9 for <[email protected]>; Tue, 26 Nov 2019 21:36:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thomas.freit.ag; s=dkim; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Vj2ES2vlG9vPsu+tIYpru3iM6RHPwMucoC/QOTSvZ1Q=; b=jl/uTqyBHhvGbggtG1n9xHBF11 X5DjD3Eeqb2V+b/cWNpeNPYq0FIHxtZ7XU5kcYJxuj+5qZuzXH+ohhQ06UNsYSw3d9SrRqiLwL7Sm EhEMNrEQVnd3trkrElAK/insFpRbGicpe6MYuaPZxWoEM4Bq8V+vmzWjIx2VGJHX0FyVIA9emS6+D 2xpM1IfZmAGqUDn1FuUINGdvTeiqW5qUKbv4bnrUwB+QtZBDiQUoBrUOfdrSL0YHBkczejEL1YeSg VPCBpqD5VwuVZunh4eX/rkpWD8Ahznxflp5Nhja9gia727zbPW2Aj5OUL7wfKwsg94c1cuw0t4svT 9VwFaoBg==; Received: from [2001:4dd4:dadf:f0:ac92:77e5:8ae4:1f53] (port=47856) by deep-thought.ursa-minor-beta.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.92.1) (envelope-from <[email protected]>) id 1iZhXm-00077L-9J for [email protected]; Tue, 26 Nov 2019 21:34:42 +0100 To: [email protected] References: <[email protected]> From: [email protected] Message-ID: <[email protected]> Date: Tue, 26 Nov 2019 21:34:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.2 MIME-Version: 1.0 In-Reply-To: <[email protected]> Content-Language: en-US X-BeenThere: [email protected] X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Roundcube Users mailing list <[email protected]> List-Id: Roundcube Users mailing list <users.lists.roundcube.net> List-Unsubscribe: <http://lists.roundcube.net/mailman/options/users>, <mailto:[email protected]?subject=unsubscribe> List-Archive: <http://lists.roundcube.net/pipermail/users/> List-Post: <mailto:[email protected]> List-Help: <mailto:[email protected]?subject=help> List-Subscribe: <http://lists.roundcube.net/mailman/listinfo/users>, <mailto:[email protected]?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: [email protected] Sender: [email protected] Received-SPF: none client-ip=95.128.36.21; [email protected]; helo=mx.kolabsys.com --cut Best regards, Thomas -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
