On Thu, Aug 12, 2021 at 10:55:37AM +0200, Simon Josefsson via Exim-users wrote: > Hi! I think I have ran into this problem: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939808 > > My outgoing e-mails (like this one) is DKIM signed by Exim, and the > signature covers (on sending, the non-existing) List-Id header, which a > mailing list software inserts, breaking the DKIM signature for > recipients. I'm getting some DMARC reports about failures due to > invalid signatures, and these usually comes when I post something to a > mailing list. Is my analysis correct?
It's a realistic scenario. But is it your case or not - depends on details. > What do you think about the patch posted in the link above? See below. Seems good for me. The built-in value could be changed with dkim_sign_headers, but this patch gives much more reasonable default, IMHO. However, a wish to keep original DKIM signature is almost pointless, because there are too many places where it may be broken. Forwarder (in general) should change contents of the "From:" header if sender's domain has DMARC policy. Many mail lists do not perform such manipulations, because DMARC is a relatively new technology. -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
