Benny Pedersen
2022-Oct-11 13:05 UTC
dovecot mailing list (this mailing list), DKIM, SPF and DMARC
hi at zakaria.website skrev den 2022-10-11 13:42:> On 2022-09-13 13:10, Benny Pedersen wrote: >> hi at zakaria.website skrev den 2022-09-13 14:03:> from:from:reply-to:date:date:message-id:message-id:to:to:cc: > mime-version:mime-version:content-type:content-type: > in-reply-to:in-reply-to:references:references > > Thanks to my friend who didnt need a credit, and helped me out in > reaching this solution.i have no frinds, but it might be related https://gitlab.com/fumail/fuglu/-/issues/262 with my conservative list of signed headers it pass
hi at zakaria.website
2022-Oct-21 21:50 UTC
dovecot mailing list (this mailing list), DKIM, SPF and DMARC
On 2022-10-11 14:05, Benny Pedersen wrote:> hi at zakaria.website skrev den 2022-10-11 13:42: >> On 2022-09-13 13:10, Benny Pedersen wrote: >>> hi at zakaria.website skrev den 2022-09-13 14:03: > >> from:from:reply-to:date:date:message-id:message-id:to:to:cc: >> mime-version:mime-version:content-type:content-type: >> in-reply-to:in-reply-to:references:references >> >> Thanks to my friend who didnt need a credit, and helped me out in >> reaching this solution. > > i have no frinds, but it might be related > https://gitlab.com/fumail/fuglu/-/issues/262 > > with my conservative list of signed headers it passIndeed, it's because you set the following headers in dkim signing headers:- from : subject : date : to : message-id Although not sure why you've added some space, as per standards I think only colon separated list its the compliant format like the following:- from:subject:date:to:message-id Anyhow this is my final update, the previous headers set which I included wasnt perfect as cc header was causing a trouble, given it can fail at some point e.g. when replying more than one time to the same recipient through a mailing list, and mind me OX and iRedMail, I had to check your signing headers set, hopefully you are ok for me to present it here as the optimal one to avoid DKIM failures:- OX:- Date:From:To:In-Reply-To:References:Subject:From IRM:- x-mailer:message-id:in-reply-to:to:references:date:subject :mime-version:content-transfer-encoding:content-type:from iRedMail seems to be the best headers set given it includes X-Mailer header, which enhances signature validity, when client uses specific mail client app, although it can be faked yet one must know which client app the sender would use and if was able to have information to this length I guess signature validity would be an easy task to break it further. Also, I was advised by a friend to duplicate the signing headers in order to disallow spoofing signature further, while I couldnt see how nor populate a proof of concept, I removed it but if someone understand it, I would appreciate their elaboration, surely with thanks :) Good luck. Zakaria.