Invalid DKIM signatures in this list
Victor Sudakov
vas at mpeks.tomsk.su
Tue Nov 27 01:58:59 UTC 2018
John Levine wrote:
>>
>>I have noticed that the Mailman which manages this list keeps the
>>sender's "DKIM-Signature:" header intact but modifies the body of the
>>message by adding a footer.
>>
>>This behavior invalidates the sender's digital signature with
>>"dkim=fail (body hash mismatch; body probably modified in transit)".
>
>Quite right. That's how DKIM works.
The problem I'm talking about is not in DKIM. DKIM works as expected.
The problem is in FreeBSD's mailing list manager which is broken IMHO.
>
>>Whom do I contact about it?
>
>Nobody. See RFC 6376, section 6.3.
See RFC 6377
"The best general recommendation for dealing with MLMs is that the MLM
or an MTA in the MLM's domain apply its own DKIM signature to each
message it forwards and that assessors on the receiving end consider
the MLM's domain signature in making their assessments. (See
Section 5, especially Section 5.2.)"
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
More information about the freebsd-questions
mailing list