On Fri, 3 Nov 2023, Chris Siebenmann via Exim-users wrote:
> > I think the PostgreSQL recommendation seems reasonable, but the doc leaves
> > me with some questions/ambiguities.
> >
> > Mainly, that I'm having trouble parsing the documentation's explanation of
> > dkim_sign_headers entries [0].
Dňa 3. novembra 2023 16:18:05 UTC používateľ Chris Siebenmann via Exim-users
napísal:
>(In practice it's very rare and generally alarming to see multiple
>instances of most headers.)
AFAIK it was way to trick MUAs to show different value in eg.
From: or Subject: fields. Without oversign, some M
On Fri, Nov 03, 2023 at 12:18:05PM -0400, Chris Siebenmann wrote:
> > The modification to List-Id also leaves me wondering about
> > "Sender". I was previously under the impression mailing lists
> > used/modified this, but apparently not.
> My impression is that Sender is relatively obscure now.
> I think the PostgreSQL recommendation seems reasonable, but the doc leaves
> me with some questions/ambiguities.
>
> Mainly, that I'm having trouble parsing the documentation's explanation of
> dkim_sign_headers entries [0]. I can see 4 cases:
>
> * no prefix: sign the first instance of the na
On Sun, 22 Oct 2023, Ian Z via Exim-users wrote:
> On Sun, Oct 22, 2023 at 07:03:19PM +0200, brunoc68 via Exim-users wrote:
>
> > h=Content-Type:Message-ID:Subject:Date:MIME-Version:To:From:Sender:\
> > Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:\
> > Resent-Date:Resent-
On Mon, Oct 23, 2023 at 07:23:23PM +0200, Markus Reschke via Exim-users wrote:
> When you check out the h tag of the DKIM signature header of the
> large email services you'll see that they usually have only a few
> signed headers (less processing load) and some oversign specific
> headers. E.g. g
Hi!
On Mon, 23 Oct 2023, Ian Z via Exim-users wrote:
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
Kind of. The RFC has big fat disclaimer that it only provides very
rough guidance ("The choice of which header fields to sign is
non-obvious.") and is very ve
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
> > It's also as per RFC 6376 Section 5.4.1. "Recommended Signature
> > Content" (at least wrt. the List- headers; I didn't check them
> > all). So Exim takes the opinion of the working group that defined
> > DKIM, he
Dňa 23. októbra 2023 12:28:50 UTC používateľ Markus Reschke via Exim-users
napísal:
>I'm also looking into optimizing my DKIM configuration, especially which
>headers to sign.
I use this macro:
DKIM_SIGN_HEADERS =
+From:+Reply-To:+Sender:+Subject:+To:+Cc:+Date:+MIME-Version\
${if def:h_Messa
Hi!
On Mon, 23 Oct 2023, Andrew C Aitchison via Exim-users wrote:
I believe that the default for dkim_sign_headers should have '=' at least for
each of the List-* headers,
as Andreas has done.
Yes, that would be reasonable.
BTW, RFC6376 comes with inconsistencies about the headers to sign.
On Mon, 23 Oct 2023, Markus Reschke via Exim-users wrote:
I'm also looking into optimizing my DKIM configuration, especially which
headers to sign. Unfortunately, DMARC reports tell you only that the DKIM
verification failed but not why. The default for dkim_sign_headers doesn't
work well for
Hi!
I'm also looking into optimizing my DKIM configuration, especially which
headers to sign. Unfortunately, DMARC reports tell you only that the DKIM
verification failed but not why. The default for dkim_sign_headers doesn't
work well for me.
On Mon, 23 Oct 2023, Andreas Metzler via Exim-us
On 2023-10-23 Jeremy Harris via Exim-users wrote:
> On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote:
> > Exim's default setting for dkim_sign_headers is
> > extremely conservative and imho does not make sense.
> It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content"
>
On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote:
Exim's default setting for dkim_sign_headers is
extremely conservative and imho does not make sense.
It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content"
(at least wrt. the List- headers; I didn't check them all).
So
On 2023-10-23 Ian Z via Exim-users wrote:
[...]
> I wonder what the fabulous debian configuration daoes in this respect.
We have a open bug about it
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939808 but have not
yet overridden exim's default.
cu Andreas
--
`What a good friend you are to
On 2023-10-22 Jeremy Harris via Exim-users wrote:
[...]
> If (and there's the question) you think that a DKIM signature should
> detect when a message has been modified, do you not think that
> adding headers is a modification?
Hello,
I think it depends on which the header would be added. Some a
On Sun, Oct 22, 2023 at 08:51:37PM +0100, Ray O'Donnell via Exim-users wrote:
> On 22/10/2023 20:04, Jeremy Harris via Exim-users wrote:
> > > dkim-signing with the full set of headers as per the exim
> > > default set above is broken
> > I'll take issue with "broken".
> > If (and there's the q
On 22/10/2023 20:04, Jeremy Harris via Exim-users wrote:
On 22/10/2023 19:48, Ian Z via Exim-users wrote:
dkim-signing with the full set of
headers as per the exim default set above is broken
I'll take issue with "broken".
If (and there's the question) you think that a DKIM signature should
d
On 22/10/2023 19:48, Ian Z via Exim-users wrote:
dkim-signing with the full set of
headers as per the exim default set above is broken
I'll take issue with "broken".
If (and there's the question) you think that a DKIM signature should
detect when a message has been modified, do you not think t
19 matches
Mail list logo
