On Monday, October 06, 2014 12:11:33 Ricardo Signes wrote: > I've seen a number of messages about Yahoo! and DMARC failures, but none > seem to touch on what I think is the big problem right now. If I missed > this happening, I apologize. > > For some completely inexplicable reason, their DKIM signatures now (often, > but not always) look like this: > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; > s=s2048; t=1412607024; bh=ZJ8Kpz6ZlqWM7sz40HW3fMAm5i4O9s27k2poen3h01U=; > h=Received:Received:Received:X-Yahoo-Newman-Property:X-Yahoo-Newman-Id:X-YM > ail-OSG:Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:C > ontent-Length:From:Subject; ... > > Putting everything else aside, THEY SIGNED CONTENT-LENGTH. > > Unless I am mistaken, cleanup(8) quite reasonably *deletes* Content-Length. > This means that any message that Yahoo! has sent with a DKIM signature > involving Content-Length is then broken. > > This means that if Postfix forward mail from Yahoo! to (say) GMail, it will > be undeliverable due to DMARC. > > I assume that I can regenerate Content-Length, if it's correct, but it would > be simpler if I could somehow: > > a) convince Yahoo! to get a grip > b) convince cleanup to leave the header be > > Is one of these possible? Am I mistaken about something significant? > > Thank you for your time, in advance.
FYI, On the DMARC users list a Yahoo rep indicated they plan to drop signing Content-Length. Scott K
