* Bill Cole via Postfix-users:
Some systems are configured to "oversign" headers, essentially signing
the non-existence.
On 24.07.24 02:11, Ralph Seichter via Postfix-users wrote:
Shhh! We don't want to advertise that in this scenario, do we? ;-)
Still, you are correct to point out that the DKIM spec allows for these
kinds of shenanigans.
in Debian/opendkim, only From: is oversigned, which is to prevent adding fake
From: header which could confuse recipient and/or its MUA.
Any addition of headers that are oversigned will break a DKIM
signature. Some ill-advised systems oversign List-* headers on every
message.
Ill-advised is putting it mildly. If one is messing with the headers
which make mailing lists work, but allows their users to subscribe to
mailing lists, one is more than a little cookoo.
looking at RFC 6376 secion 5.4.1, it recommends signing these headers.
However, together with comment above, it should be safe if you don't
oversign them - I don't expect List-* header to appears in any mail sent to
the list, and their appearance can indicate error.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
