On 2024-08-09 15:11:45, Brotman, Alex via mailop wrote: > Yes, it should be updated. > > It might also be worth trying to get a bug filed against opendkim to update > docs or comments in the sample configuration file that is provided in the > package to illustrate suggested practices. > > (FWIW, lists.debian.org still doesn't sign anything they send)
The OpenDKIM project is dead, but the sample configuration file does already mention this. The "full" sample config file says, > This has security implications; see opendkim.conf(5) for details. and then that man page says, > This feature of the protocol exists to improve the likelihood that a > signature will survive transit through a mailing list server, as > they commonly append footers to messages. Note, however, that this > creates a potential security issue since someone could add arbitrary > text to the signed message and the signature would still validate. > See the DKIM specification for details. (the other, simpler sample config files don't mention the body length option at all). _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
