On Mon, Oct 23, 2023 at 07:23:23PM +0200, Markus Reschke via Exim-users wrote:
> When you check out the h tag of the DKIM signature header of the
> large email services you'll see that they usually have only a few
> signed headers (less processing load) and some oversign specific
> headers. E.g. g
On 10/21/23 15:14, * Neustradamus * via Exim-users wrote:
Hello Mihamina and others,
Please note that LOGIN and PLAIN are not the better choice for security.
It is really better to use SCRAM-SHA-*(-PLUS) which are supported by Exim.
Regards,
Neustradamus
Neustradamus,
I do want to make this
Hi!
On Mon, 23 Oct 2023, Ian Z via Exim-users wrote:
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
Kind of. The RFC has big fat disclaimer that it only provides very
rough guidance ("The choice of which header fields to sign is
non-obvious.") and is very ve
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
> > It's also as per RFC 6376 Section 5.4.1. "Recommended Signature
> > Content" (at least wrt. the List- headers; I didn't check them
> > all). So Exim takes the opinion of the working group that defined
> > DKIM, he
Dňa 23. októbra 2023 12:28:50 UTC používateľ Markus Reschke via Exim-users
napísal:
>I'm also looking into optimizing my DKIM configuration, especially which
>headers to sign.
I use this macro:
DKIM_SIGN_HEADERS =
+From:+Reply-To:+Sender:+Subject:+To:+Cc:+Date:+MIME-Version\
${if def:h_Messa
Hi!
On Mon, 23 Oct 2023, Andrew C Aitchison via Exim-users wrote:
I believe that the default for dkim_sign_headers should have '=' at least for
each of the List-* headers,
as Andreas has done.
Yes, that would be reasonable.
BTW, RFC6376 comes with inconsistencies about the headers to sign.
On Mon, 23 Oct 2023, Markus Reschke via Exim-users wrote:
I'm also looking into optimizing my DKIM configuration, especially which
headers to sign. Unfortunately, DMARC reports tell you only that the DKIM
verification failed but not why. The default for dkim_sign_headers doesn't
work well for
Hi!
I'm also looking into optimizing my DKIM configuration, especially which
headers to sign. Unfortunately, DMARC reports tell you only that the DKIM
verification failed but not why. The default for dkim_sign_headers doesn't
work well for me.
On Mon, 23 Oct 2023, Andreas Metzler via Exim-us
On 2023-10-23 Jeremy Harris via Exim-users wrote:
> On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote:
> > Exim's default setting for dkim_sign_headers is
> > extremely conservative and imho does not make sense.
> It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content"
>
On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote:
Exim's default setting for dkim_sign_headers is
extremely conservative and imho does not make sense.
It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content"
(at least wrt. the List- headers; I didn't check them all).
So
10 matches
Mail list logo