[openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM
Quanah Gibson-Mount
quanah at zimbra.com
Tue Aug 18 17:56:27 UTC 2015
--On Tuesday, August 18, 2015 11:30 AM +0200 Kurt Roeckx <kurt at roeckx.be>
wrote:
> On Mon, Aug 17, 2015 at 10:55:53AM -0700, Quanah Gibson-Mount wrote:
>> However, there are two solutions to that allow adding a footer when list
>> subscribers may have DKIM signed email:
>>
>> a) As noted in the OpenDKIM README, in the "Mailing Lists" section, if
>> the list traffic is itself has DKIM signing in place, it will override
>> the DKIM signing done by the sender. This allows the footer
>> modification to the message to no longer be an issue.
>
> This fixed the DKIM problem, not the DMARC issue. For DMARC the
> signature should come from the same as the From address. Since
> SPF is going to fail with your From, the receiver will need to see
> DKIM that matches the From. For DMARC either SPF or DKIM should
> be valid and match the From field, while for SPF and DKIM itself
> the From doesn't matter.
>
> So really the only options for DMARC are:
> - Do not touch either the signed headers or body at all, leave From
> intact, keep the DKIM signatures. But even then it might break.
> - Change the From. You can leave the DKIM signature in tact or
> remove it, it doesn't change anything.
I think option #3 here:
<https://dmarc.org/wiki/FAQ#I_operate_a_mailing_list_and_I_want_to_interoperate_with_DMARC.2C_what_should_I_do.3F>
would be the solution?
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the openssl-dev
mailing list