Am 06.10.2014 um 18:11 schrieb Ricardo Signes: > I've seen a number of messages about Yahoo! and DMARC failures, but none seem > to touch on what I think is the big problem right now. If I missed this > happening, I apologize. > > For some completely inexplicable reason, their DKIM signatures now (often, but > not always) look like this: > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; > t=1412607024; bh=ZJ8Kpz6ZlqWM7sz40HW3fMAm5i4O9s27k2poen3h01U=; > > h=Received:Received:Received:X-Yahoo-Newman-Property:X-Yahoo-Newman-Id:X-YMail-OSG:Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Length:From:Subject; > ... > > Putting everything else aside, THEY SIGNED CONTENT-LENGTH. > > Unless I am mistaken, cleanup(8) quite reasonably *deletes* Content-Length. > This means that any message that Yahoo! has sent with a DKIM signature > involving Content-Length is then broken.
hm where in http://www.postfix.org/cleanup.8.html is a delete action documented ? > > This means that if Postfix forward mail from Yahoo! to (say) GMail, it will be > undeliverable due to DMARC. > > I assume that I can regenerate Content-Length, if it's correct, but it would > be > simpler if I could somehow: > > a) convince Yahoo! to get a grip > b) convince cleanup to leave the header be > > Is one of these possible? Am I mistaken about something significant? > > Thank you for your time, in advance. > gurus may ask this more exactly, but in general it not a good idea to use "traditional smtp forward" these days by tons of variations of dkim/spf/dmarc policies. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
