On 10/11/22 07:42, hi@zakaria.website wrote:
Another update yet with a solution.
I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end.
Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again.
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references Please forgive me for jumping in, but I just noticed this. I (like many others) have issues with mailing lists and the flurry of DMARC emails after posting. I'm using OpenDKIM. There's a lot of material out there about proper configuration of DKIM, but nothing really definitive, with lots of "it depends on your requirements" type of noncommittal crap. Email use cases don't differ THAT much.
So does what you said above mean that you've come up with a working configuration to address the issue of mailing lists causing DKIM to barf due to header modifications? If so, can you tell me more about specifically what you're doing, like which headers you're signing and how? I've been at my wits' end with this for some time; DKIM (and SPF etc etc) seem to be really quite awful overall.
Thanks,
-Dave
-- Dave McGuire, AK4HZ New Kensington, PA