On 2022-10-11 14:05, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-10-11 13:42:
On 2022-09-13 13:10, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-09-13 14:03:
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references
Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.
i have no frinds, but it might be related https://gitlab.com/fumail/fuglu/-/issues/262
with my conservative list of signed headers it pass
Indeed, it's because you set the following headers in dkim signing headers:-
from : subject : date : to : message-id
Although not sure why you've added some space, as per standards I think only colon separated list its the compliant format like the following:-
from:subject:date:to:message-id
Anyhow this is my final update, the previous headers set which I included wasnt perfect as cc header was causing a trouble, given it can fail at some point e.g. when replying more than one time to the same recipient through a mailing list, and mind me OX and iRedMail, I had to check your signing headers set, hopefully you are ok for me to present it here as the optimal one to avoid DKIM failures:-
OX:- Date:From:To:In-Reply-To:References:Subject:From
IRM:- x-mailer:message-id:in-reply-to:to:references:date:subject :mime-version:content-transfer-encoding:content-type:from
iRedMail seems to be the best headers set given it includes X-Mailer header, which enhances signature validity, when client uses specific mail client app, although it can be faked yet one must know which client app the sender would use and if was able to have information to this length I guess signature validity would be an easy task to break it further.
Also, I was advised by a friend to duplicate the signing headers in order to disallow spoofing signature further, while I couldnt see how nor populate a proof of concept, I removed it but if someone understand it, I would appreciate their elaboration, surely with thanks :)
Good luck.
Zakaria.