Sv: dovecot mailing list (this mailing list), DKIM, SPF and DMARC
hi at zakaria.website
hi at zakaria.website
Tue Sep 13 12:03:13 UTC 2022
On 2022-02-12 11:05, Lev Serebryakov wrote:
> On 11.02.2022 16:31, Marc wrote:
>
>>> Problem is, I need to unpack each of them to be sure, that these
>>> are
>>> false positives and I'm afraid, that it could lower reputation of my
>>> mail
>>> server IP address with major providers (like Google Mail).
>>>
>>
>> How can you get a lower reputation? Afaik dmarc is just signing your
>> outgoing messages.
> DKIM is signing of headers. DMARC is policy (like "This domain must
> sign all messages with DKIM, no exceptions, and has strict SFP") and
> reporting mechanism for other hosts ("We get mail from you and this
> message violates declared policy of your domain").
>
> As I get these reports, it means that messages from "my domain"
> (really, forwarded by mailing list software) violate policies set by my
> domain. It means, my domain is compromised somehow.
An update.
I tried to implement a workaround for mailing lists transporting of
emails which breaks DKIM yet found way to an avail. I checked headers in
mailing like the List-Id and I tried to ignore signing if any email
contains such header and didn't make difference, given the issue its
with verifying DKIM. I noticed all failing DKIM verification emails sent
by me and coming back from dovecot, contains two DKIM-Signature header,
one from me and one from dovecot and it seems if we can set the MTA to
verify all DKIM-Signature headers present in emails that contains
List-Id header i.e. from Mailing List, and requires perhaps the
signature placed in the order of headers, before the recent at least to
must pass Signature Verification. Have anyone managed to configure EXIM
to verify more than one DKIM Signature header?
More information about the dovecot
mailing list