Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.

Sat, 27 Apr 2019 22:25:11 -0700 

On 27 Apr 2019, at 19:00, Brielle wrote:


I guess I’m a bit confused at what you mean.


Your signature:


DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; 
d=2mbit.com;

 s=default;
 h=To:In-Reply-To:References:Message-Id:Subject:Date:Mime-Version:
 Content-Transfer-Encoding:Content-Type:From:Sender:Reply-To:Cc:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;

 bh=wP2Xtnc8LbQkAHu0TnXjzgMuqlCHpbu9L1jSnlo7wEw=; 
b=BHo0F/RAYzlGzCWeaiivU50uW0

 AfOyoF64/eS5Cs11NCbHVAIDpCg5eIj9if07Et+2o0UKV9rano9xRIWw4vyd2ZvVz1YVIXB10rwiX
 DQkQOahzEzirzKrmArSwdVmAL9MF9kzjdBaEd+eCegJVQfMDbdkg0wZ1YClopKymWhhg=;


See the list of headers after the 'h='? Those are the headers that are 
included (along with the body hash in the 'bh=' section) in the data 
which your DKIM signer has signed. DKIM supports the inclusion of 
headers which do not exist in the original message as a mechanism to 
make the addition of those headers invalidate the signature.



So your signature signs many null-value headers, some of which (Sender 
and the List-* collection) mailing lists typically add *because they are 
supposed to add them*.



 I’ll note I run my own mail server, DNS, etc.



Then you can fix this if you stop signing headers on messages that you 
send to mailing lists which mailing lists typically (and properly) add 
to messages. It seems pointless to sign many of the headers that you are 
signing, unless you want to cause signatures to break if anyone forwards 
your mail.



Basically DKIM on my EXIM server is configured in the default way 
which Debian’s config file sets it up once you provide it with the 
necessary keys for signing.  If it’s got something that they need to 
fix to make it behave better, I’m all for getting that together.



I guess that means that Exim on Debian has matched one of the most 
famous "features" long touted for Exchange...



You should be able to modify the header selection for signing in the 
Exim config and you should do so with thoughtfulness, rather than simply 
accepting a packager's defaults.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop






















					Reply via email to