Re: Big problem with this mailing list and Majordomo regarding DMARC

Ralph Seichter Fri, 19 Apr 2019 08:54:38 -0700

* B. Reino:

> On Fri, 19 Apr 2019, Benny Pedersen wrote:
>
>> B. Reino skrev den 2019-04-19 15:48:
>>
>>> sign_headers = 'from:to:subject:date:message-id:in-reply-to:references';
>>
>> man 5 opendkim.conf
>>
>> dont sign headers that are added or changed remotely
>
> I'm not sure I follow here. AFAIK all of the headers I mentioned above
> are user/MUA generated (.. I know Message-ID can be generated by MTA
> if the MUA sucks and doesn't do it itself).


Your header selection is quite alright, if a bit shorter than my own
preferred list:

  Autocrypt, From, To, Subject, Date, Content-Language, Content-Type,
  In-Reply-To, Message-ID, References, User-Agent, X-Mailer

The message ID should definitely be signed. Even if it is generated
by the MTA, that should happen before the DKIM signature is crated.
Otherwise I'd consider the MTA/DKIM pair misconfigured by the admin.

-Ralph

Re: Big problem with this mailing list and Majordomo regarding DMARC

Reply via email to