On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote:
Exim's default setting for dkim_sign_headers is
extremely conservative and imho does not make sense.
It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content"
(at least wrt. the List- headers; I didn't check them all).
So
On 2023-10-23 Jeremy Harris via Exim-users wrote:
> On 23/10/2023 06:37, Andreas Metzler via Exim-users wrote:
> > Exim's default setting for dkim_sign_headers is
> > extremely conservative and imho does not make sense.
> It's also as per RFC 6376 Section 5.4.1. "Recommended Signature Content"
>
Hi!
I'm also looking into optimizing my DKIM configuration, especially which
headers to sign. Unfortunately, DMARC reports tell you only that the DKIM
verification failed but not why. The default for dkim_sign_headers doesn't
work well for me.
On Mon, 23 Oct 2023, Andreas Metzler via Exim-us
On Mon, 23 Oct 2023, Markus Reschke via Exim-users wrote:
I'm also looking into optimizing my DKIM configuration, especially which
headers to sign. Unfortunately, DMARC reports tell you only that the DKIM
verification failed but not why. The default for dkim_sign_headers doesn't
work well for
Hi!
On Mon, 23 Oct 2023, Andrew C Aitchison via Exim-users wrote:
I believe that the default for dkim_sign_headers should have '=' at least for
each of the List-* headers,
as Andreas has done.
Yes, that would be reasonable.
BTW, RFC6376 comes with inconsistencies about the headers to sign.
Dňa 23. októbra 2023 12:28:50 UTC používateľ Markus Reschke via Exim-users
napísal:
>I'm also looking into optimizing my DKIM configuration, especially which
>headers to sign.
I use this macro:
DKIM_SIGN_HEADERS =
+From:+Reply-To:+Sender:+Subject:+To:+Cc:+Date:+MIME-Version\
${if def:h_Messa
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
> > It's also as per RFC 6376 Section 5.4.1. "Recommended Signature
> > Content" (at least wrt. the List- headers; I didn't check them
> > all). So Exim takes the opinion of the working group that defined
> > DKIM, he
Hi!
On Mon, 23 Oct 2023, Ian Z via Exim-users wrote:
On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
Kind of. The RFC has big fat disclaimer that it only provides very
rough guidance ("The choice of which header fields to sign is
non-obvious.") and is very ve
On 10/21/23 15:14, * Neustradamus * via Exim-users wrote:
Hello Mihamina and others,
Please note that LOGIN and PLAIN are not the better choice for security.
It is really better to use SCRAM-SHA-*(-PLUS) which are supported by Exim.
Regards,
Neustradamus
Neustradamus,
I do want to make this
On Mon, Oct 23, 2023 at 07:23:23PM +0200, Markus Reschke via Exim-users wrote:
> When you check out the h tag of the DKIM signature header of the
> large email services you'll see that they usually have only a few
> signed headers (less processing load) and some oversign specific
> headers. E.g. g
10 matches
Mail list logo
