[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Ian Z via Exim-users
On Mon, Oct 23, 2023 at 07:23:23PM +0200, Markus Reschke via Exim-users wrote: > When you check out the h tag of the DKIM signature header of the > large email services you'll see that they usually have only a few > signed headers (less processing load) and some oversign specific > headers. E.g. g

[exim] Re: Server side PLAIN and LOGIN Auth against PAM

2023-10-23 Thread Mihamina RKTMB via Exim-users
On 10/21/23 15:14, * Neustradamus * via Exim-users wrote: Hello Mihamina and others, Please note that LOGIN and PLAIN are not the better choice for security. It is really better to use SCRAM-SHA-*(-PLUS) which are supported by Exim. Regards, Neustradamus Neustradamus, I do want to make this

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Markus Reschke via Exim-users
Hi! On Mon, 23 Oct 2023, Ian Z via Exim-users wrote: On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote: Kind of. The RFC has big fat disclaimer that it only provides very rough guidance ("The choice of which header fields to sign is non-obvious.") and is very ve

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Ian Z via Exim-users
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote: > > It's also as per RFC 6376 Section 5.4.1. "Recommended Signature > > Content" (at least wrt. the List- headers; I didn't check them > > all). So Exim takes the opinion of the working group that defined > > DKIM, he

[exim] Re: List headers

2023-10-23 Thread Slavko via Exim-users
Dňa 23. októbra 2023 12:28:50 UTC používateľ Markus Reschke via Exim-users napísal: >I'm also looking into optimizing my DKIM configuration, especially which >headers to sign. I use this macro: DKIM_SIGN_HEADERS = +From:+Reply-To:+Sender:+Subject:+To:+Cc:+Date:+MIME-Version\ ${if def:h_Messa

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Markus Reschke via Exim-users
Hi! On Mon, 23 Oct 2023, Andrew C Aitchison via Exim-users wrote: I believe that the default for dkim_sign_headers should have '=' at least for each of the List-* headers, as Andreas has done. Yes, that would be reasonable. BTW, RFC6376 comes with inconsistencies about the headers to sign.

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Andrew C Aitchison via Exim-users
On Mon, 23 Oct 2023, Markus Reschke via Exim-users wrote: I'm also looking into optimizing my DKIM configuration, especially which headers to sign. Unfortunately, DMARC reports tell you only that the DKIM verification failed but not why. The default for dkim_sign_headers doesn't work well for

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Markus Reschke via Exim-users
Hi! I'm also looking into optimizing my DKIM configuration, especially which headers to sign. Unfortunately, DMARC reports tell you only that the DKIM verification failed but not why. The default for dkim_sign_headers doesn't work well for me. On Mon, 23 Oct 2023, Andreas Metzler via Exim-us

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Andreas Metzler via Exim-users
On 2023-10-23 Jeremy Harris via Exim-users wrote: > On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote: > > Exim's default setting for dkim_sign_headers is > > extremely conservative and imho does not make sense. > It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content" >

[exim] Re: List headers [Was: DKIM does not work]

2023-10-23 Thread Jeremy Harris via Exim-users
On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote: Exim's default setting for dkim_sign_headers is extremely conservative and imho does not make sense. It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content" (at least wrt. the List- headers; I didn't check them all). So