I've seen a number of messages about Yahoo! and DMARC failures, but none seem to touch on what I think is the big problem right now. If I missed this happening, I apologize.
For some completely inexplicable reason, their DKIM signatures now (often, but
not always) look like this:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1412607024; bh=ZJ8Kpz6ZlqWM7sz40HW3fMAm5i4O9s27k2poen3h01U=;
h=Received:Received:Received:X-Yahoo-Newman-Property:X-Yahoo-Newman-Id:X-YMail-OSG:Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Length:From:Subject;
...
Putting everything else aside, THEY SIGNED CONTENT-LENGTH.
Unless I am mistaken, cleanup(8) quite reasonably *deletes* Content-Length.
This means that any message that Yahoo! has sent with a DKIM signature
involving Content-Length is then broken.
This means that if Postfix forward mail from Yahoo! to (say) GMail, it will be
undeliverable due to DMARC.
I assume that I can regenerate Content-Length, if it's correct, but it would be
simpler if I could somehow:
a) convince Yahoo! to get a grip
b) convince cleanup to leave the header be
Is one of these possible? Am I mistaken about something significant?
Thank you for your time, in advance.
--
rjbs
signature.asc
Description: Digital signature
