Re: BUG #18822: mailing lists reject mails due to DKIM-signature - Mailing list pgsql-bugs
| From | Matthias Apitz |
|---|---|
| Subject | Re: BUG #18822: mailing lists reject mails due to DKIM-signature |
| Date | |
| Msg-id | CAHzebO-P59kALBVkrH0gUeztmLnqQCbfpavLvsNKPPUgdnyHWQ@mail.gmail.com Whole thread Raw |
| In response to | Re: BUG #18822: mailing lists reject mails due to DKIM-signature (Bruce Momjian <bruce@momjian.us>) |
| Responses |
Re: BUG #18822: mailing lists reject mails due to DKIM-signature
|
| List | pgsql-bugs |
I'm subscribed to some hundred technical mailing lists and do not face this problem with any other list, only with the PostgreSQL lists. For example, when I write to the list mutt-users@mutt.org and my ISP 1blu.de sends the same DKIM-Signature containing these List-* entries (which might be there or not, what I count a religious war depending of how one reads the RFC in question), what gets delivered by the mutt-users@mutt.org list server to the subscribers, like me, DKIM related is only:
grep ^DKIM mutt.mail
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C3A51819CC
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5EB3A605E8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5EB3A605E8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
On Sat, Feb 22, 2025 at 6:47 PM Bruce Momjian <bruce@momjian.us> wrote:
On Sat, Feb 22, 2025 at 12:25:57PM -0500, Tom Lane wrote:
> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> > On 22.02.25 17:56, Matthias Apitz wrote:
> >> Have you read what the RFC 6576 specifies about exactly this case?
>
> > we are a forwarder that (in the case of a List-* header) NEEDS to modify
> > the message so we cannot forward it without breaking.
>
> Yeah. Regardless of what may be written in the RFC, there are only
> these possibilities when the mailing list forwarder receives a
> message like this:
>
> 1. Add the PG list headers, don't touch the DKIM header, forward.
> Most modern recipients will reject the result as spam because it
> fails DKIM checks.
>
> 2. Don't add the PG list headers, don't touch the DKIM header,
> forward. Many list recipients will discard or at least
> misclassify the result for lack of PG list headers.
>
> 3. Add the PG list headers, discard the DKIM header, forward.
> This may well end up marked as spam too, and it's certainly
> not complying with the intent of DKIM.
>
> 4. Reject the message.
>
> To the extent that including List-* in a DKIM signature has any
> real-world use, it is precisely to disavow the message if it's
> forwarded by a mailing list.
>
> The short answer here is that your ISP are fools, or else are
> intentionally preventing their users from participating in
> mailing lists.
I will admit I was shocked to realize I have to modify the default
Debian exim4 DKIM header signing to submit to email lists, and I am
confused why there is a header signing default on Debian that includes
List-* headers.
With the help of Magnus, I was able to use this script:
exim -bP macros | grep '^_DKIM_SIGN_HEADERS=' | sed --regexp-extended 's/:?\<(Resent-|List-)[^:]*//g'
to prevent signing of all Resent and List headers, and use this line in
exim4.conf.localmacros:
DKIM_SIGN_HEADERS=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:In-Reply-To:References
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
pgsql-bugs by date: