Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC

hi at zakaria.website hi at zakaria.website
Tue Sep 13 12:03:13 UTC 2022


On 2022-02-12 11:05, Lev Serebryakov wrote:
> On 11.02.2022 16:31, Marc wrote:
> 
>>>    Problem is, I need to unpack each of them to be sure, that these 
>>> are
>>> false positives and I'm afraid, that it could lower reputation of my 
>>> mail
>>> server IP address with major providers (like Google Mail).
>>> 
>> 
>> How can you get a lower reputation? Afaik dmarc is just signing your 
>> outgoing messages.
>  DKIM is signing of headers. DMARC is policy (like "This domain must 
> sign all messages with DKIM, no exceptions, and has strict SFP") and 
> reporting mechanism for other hosts ("We get mail from you and this 
> message violates declared policy of your domain").
> 
>  As I get these reports, it means that messages from "my domain" 
> (really, forwarded by mailing list software) violate policies set by my 
> domain. It means, my domain is compromised somehow.

An update.

I tried to implement a workaround for mailing lists transporting of 
emails which breaks DKIM yet found way to an avail. I checked headers in 
mailing like the List-Id and I tried to ignore signing if any email 
contains such header and didn't make difference, given the issue its 
with verifying DKIM. I noticed all failing DKIM verification emails sent 
by me and coming back from dovecot, contains two DKIM-Signature header, 
one from me and one from dovecot and it seems if we can set the MTA to 
verify all DKIM-Signature headers present in emails that contains 
List-Id header i.e. from Mailing List, and requires perhaps the 
signature placed in the order of headers, before the recent at least to 
must pass Signature Verification. Have anyone managed to configure EXIM 
to verify more than one DKIM Signature header?


More information about the dovecot mailing list