dovecot mailing list (this mailing list), DKIM, SPF and DMARC

justina colmena ~biz justina at colmena.biz
Fri Oct 21 22:01:11 UTC 2022 

Trojitá, a fast Qt IMAP e-mail client
http://www.trojita.flaska.net/

I also use

http://opendkim.org/ 
http://www.trusteddomain.org/opendmarc/

as milters on Postfix

Active development, I'm sure they could all use some help, or forks for 
alternatives, I don't know, I'm not involved in development per se, just a 
user, and I have to get off the property of any of these places with my 
code before anything happens. All that Finnish osalliyhdistys and by the 
time a Swede gets online all hell breaks loose./

On Friday, October 21, 2022 1:50:43 PM AKDT, hi at zakaria.website wrote:
> On 2022-10-11 14:05, Benny Pedersen wrote:
>> hi at zakaria.website skrev den 2022-10-11 13:42: ...
>
> Indeed, it's because you set the following headers in dkim signing headers:-
>
> from : subject :
>     date : to : message-id
>
> Although not sure why you've added some space, as per standards 
> I think only colon separated list its the compliant format like 
> the following:-
>
> from:subject:date:to:message-id
>
> Anyhow this is my final update, the previous headers set which 
> I included wasnt perfect as cc header was causing a trouble, 
> given it can fail at some point e.g. when replying more than one 
> time to the same recipient through a mailing list, and mind me 
> OX and iRedMail, I had to check your signing headers set, 
> hopefully you are ok for me to present it here as the optimal 
> one to avoid DKIM failures:-
>
> OX:-
> Date:From:To:In-Reply-To:References:Subject:From
>
> IRM:-
> x-mailer:message-id:in-reply-to:to:references:date:subject
>     :mime-version:content-transfer-encoding:content-type:from
>
> iRedMail seems to be the best headers set given it includes 
> X-Mailer header, which enhances signature validity, when client 
> uses specific mail client app, although it can be faked yet one 
> must know which client app the sender would use and if was able 
> to have information to this length I guess signature validity 
> would be an easy task to break it further.
>
> Also, I was advised by a friend to duplicate the signing 
> headers in order to disallow spoofing signature further, while I 
> couldnt see how nor populate a proof of concept, I removed it 
> but if someone understand it, I would appreciate their 
> elaboration, surely with thanks :)
>
> Good luck.
>
> Zakaria.
>
>

More information about the dovecot mailing list