Dňa 14. októbra 2021 22:22:34 UTC používateľ Andy Bennett via Exim-users
<[email protected]> napísal:
>Is there any reason why the default settings are not optimal?
>
>...and how to choose between relaxed and strict modes?
I mean not optimal for me, of course.
By derault "the header names listed in RFC4871 will be used, whether or not
each header is present in the message" (from docs). This is not always what one
want, while still good choice as default. Some headers have to be oversigned,
to cannot be added later (without invalidating signature), same will be
oversigned, but only when they present in message and some will be signed, but
allow to be added later (again without invalidating signature). The exim
default nor provided macros fulfill this, thus i chose rspamd's way...
One mostly want relaxed, as simple (beware, not strict) can leads to unexpected
results if message is "fixed" on the path, or to cite someone other:
The really simple takeaway is “use relaxed canonicalization”.
As relaxed is default, not need to care ;-)
The strict (aka dkim_strict) is not about signing, but about exim behavior,
when signing fails. But it is about internal fail, not about not signing due
empty domain, selector or key value. As my service is not mission critical, i
leave default. If something goes bad, i will see it in DMARC reports.
Your needs/requirements can be different...
regards
--
Slavko
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
