Opened 7 years ago

Closed 7 years ago

#4480 closed defect (wontfix)

mailinglists generate DKIM warnings

Reported by: zwiskle@… Owned by: rails-dev@…
Priority: minor Milestone:
Component: admin Version:
Keywords: Cc:

Description

by chance I found messages like the below in my mailserver. I assume, the following happens:

  • a gmail-user sends a message to the list
  • gmail (also a bunch of others) signes the mail using DKMI (1)
  • the mail is processed by openstreetmap/ mailman (?)

-- the mail-headers are manipulated by mailman

  • my mail-server (exim4, debian) trys to validate the dkim and interprete it as a "fail"

a potential solution is to tell mailman to remove dkim-headers. ( better no dkim that a false-negative )

see e.g. https://bugs.launchpad.net/mailman/+bug/557493 for a explenation.
--> REMOVE_DKIM_HEADERS = Yes

from my mailservers logfile:
2012-07-14 11:21:35 1SpyXf-00052O-9o DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification failed - signature did not verify (headers probably modified in transit)]
2012-07-14 11:21:36 1SpyXf-00052O-9o <= dev-bounces@… H=shenron.openstreetmap.org [89.16.179.150] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 S=4884 id=CANQHZrhhF7GnygbK=yZfh6+C_YdgKT61Cyfdw+TeOecPxHCN9Q@…
2012-07-14 11:21:36 1SpyXf-00052O-9o => [someone who is on that list]

R=local_user T=maildir_home

2012-07-14 11:21:36 1SpyXf-00052O-9o Completed

1] dkim: http://en.wikipedia.org/wiki/Dkim

Change History (1)

comment:1 Changed 7 years ago by Grant Slater

Component: websiteadmin
Resolution: wontfix
Status: newclosed

DKIM Header stripping used to be enabled by default in mailman <2.1.10. In mailman 2.1.10 it was decided to not strip these headers by default.

Extensive argument why it is a bad idea to remove these headers: https://bugs.launchpad.net/mailman/+bug/557493

Note: See TracTickets for help on using tickets.