Am 21.10.2024 um 18:40 schrieb Florian Effenberger via mailop:
What puzles me a lot is where the problem comes from. I consider my setup pretty much standard here - I connect to my MX, which sends out the message that it routes through rspamd, which takes care of DKIM signing. No other modification of the mail takes place, no other filter, milter or proxy is in between, no other smarthost, I directly send the mail.
I ran into this same problem with my private MTA as well. The root cause seems to be that Postfix itself doesn't perform the signing, but delegates it to a milter. Wenn it delivers the message, it's already signed, so when it encounters an SMTP server that doesn't annouce 8BITMIME, you have to choose between breaking the signature and not delivering at all. If it signed the message while delivering it, this wouldn't happen. Disabling 8BITMIME at some earlier point in the pipeline (say, on the MSA) fixes this, but at the expense of breaking SMTPUTF8. `force_mime_input_conversion` on the MSA seems to be exactly the fix for this (although I'm still waiting for Postfix 3.9 to show up in the Debian repo...). I'm guessing this fix is so late because this seems to be a fairly marginal problem, considering the wide-spread support for 8BITMIME. I'm sure many installations are broken in this exact way, but the operators never notice, because even in the rare case where the signature is broken, the message will still be accepted most of the time thanks to SPF. I only noticed when I sent a message countaining an Eszett to aboutmy.email.
-- Alexander Robohm _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
