On 2022-02-09 17:25, Julien Salort wrote:
Le 09/02/2022 à 16:55, Benny Pedersen a écrit :
hope maillist users turn there dkim signers into sign only, not verify
aswell, verify must only happen in dmarc
I am a little bit confused.
- why not verify dkim ? It seems fine for your message. I get:
when dkim pass there is no breakage, but dkim fail can lead to in some
setups to make reject, even for maillists :/
that is a design fail on dkim
hence why i say sign only in dkim
Received-SPF: Pass (mailfrom) identity=mailfrom;
client-ip=94.237.105.223; helo=talvi.dovecot.org;
envelope-from=dovecot-boun...@dovecot.org; receiver=<UNKNOWN>
Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none)
header.from=junc.eu
Authentication-Results: vps2.salort.eu;
dkim=pass (2048-bit key; secure) header.d=junc.eu header.i=@junc.eu
header.a=rsa-sha256 header.s=default header.b=CC9G/2tV;
dkim-atps=neutral
perfectly good no problem
- Is it useful to install something besides OpenDMARC (OpenARC ?), or
some dedicated OpenDMARC configurations, for the ARC-Seal to be useful
?
we are all waiting for spamassassin 4, and maybe ietf stable rfc on
openspf, opendkim, openarc, opendmarc, currently none of it is
production stable
I suppose SPF works because the Envelope is correctly set to
dovecot.org address, so I don't understand the problem the OP was
mentionning.
postfix maillist have no spf helo pass, no spf pass, i think its to
force pass only on dkim in dmarc :=)
i dont control dovecot.org spf, so if it recieved in arc test pass i am
happy, note arc miss spf helo fail/pass
its not production stable
