On 2022-09-13 13:10, Benny Pedersen wrote:
hi@zakaria.website skrev den 2022-09-13 14:03:
least to must pass Signature Verification. Have anyone managed to configure EXIM to verify more than one DKIM Signature header?
postfix smtpd_milter_maps with a list of ips that is known maillists ips is best for software that are brokken, use DISABLE as results pr ip that is maillist ips, that will disabled opendmarc and other milters when client ip is a maillist, postfix be happy until trusted domain have updated and stable milters
use rspamd if possible, with is imho the only stable milters with solve it all, i hate to write that but it might be right for time being, while spamassassin v4 is on the way
Another update yet with a solution.
I found the causing issue with DKIM and DMARC failure when a signed email pass through mailing list such as dovecot as I expected, it has nothing to do with the mailing list but it's to do with DKIM signing headers set. It's due to one of or several headers in the DKIM signing set, getting added or modified after signing at dovecot end.
Anyhow, here is the DKIM signing headers set in this mailing list, that it should work and it will prevent the batch of DMARC emails and bad signature from happening again.
from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references
Thanks to my friend who didnt need a credit, and helped me out in reaching this solution.
Zakaria.