[openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM
Kurt Roeckx
kurt at roeckx.be
Wed Aug 5 14:54:25 UTC 2015
On Wed, Aug 05, 2015 at 06:54:33AM -0700, Quanah Gibson-Mount wrote:
> Yesterday, I was alerted by a member of the list that my emails to
> openssl-dev are ending up in their SPAM folder. After examining my emails
> as sent out by OpenSSL's mailman, I saw that it is mucking with the headers,
> causing DKIM failures. This could be because of one of two reasons:
You seems to be running with "p=reject". In my opinion p=reject
is only useful for domains that don't have any users.
> a) The version of mailman used by the OpenSSL project (2.1.18) has a known
> bug around DKIM that was fixed in 2.1.19
That seems to be about wrapped messages in case of moderation?
> b) The mailman configuration is incorrect.
You mean things like:
- We change the subject to include the list name?
- We add a footer about the list?
- We don't rewrite the From address?
> Error is: Authentication-Results: edge01.zimbra.com (amavisd-new);
> dkim=fail (1024-bit key) reason="fail (message has been altered)"
> header.d=zimbra.com
You really should consider moving to at least a 2048 bit key.
Kurt
More information about the openssl-dev
mailing list