On 2022-01-25 20:26, Dan Mahoney wrote:
Sorry for the noise, attempting to validate a DKIM issue
Authentication-Results: lists.isc.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=isc.org header.i=@isc.org header.b=E7VfrLLS
unprotected means opendkim would like to see dnssec in verify :=)
basicly its possible forged dns here
i noted i get spf-helo-pass, spf-pass, dkim-pass, dmarc-pass before
mailman screwed it all up in return, when dmarc policy is not reject,
why is chaning from: header still done ?
mailman is worst case of fixing break of dkim ever writed, route to
solve is
before mailman see any massage, make the ARC-seal, and ARC-sign, later
when mailman comes to breaking dkim it does not matter becourse dkim
from the origin poster can still be untrusted or trusted in opendmarc
when opendmarc verify arc chains, still have to see spamassassin 4 here,
so far only rspamd verifi it all, but there is perl software that does
aswell
hope this can close this maillist breaks dkim, its not correct, i bet
postfix maillist and dovecot does not
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
