One more test -- sorry for the noise
Benny Pedersen
me at junc.eu
Tue Jan 25 21:28:48 UTC 2022
On 2022-01-25 20:26, Dan Mahoney wrote:
> Sorry for the noise, attempting to validate a DKIM issue
Authentication-Results: lists.isc.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=isc.org header.i=@isc.org header.b=E7VfrLLS
unprotected means opendkim would like to see dnssec in verify :=)
basicly its possible forged dns here
i noted i get spf-helo-pass, spf-pass, dkim-pass, dmarc-pass before
mailman screwed it all up in return, when dmarc policy is not reject,
why is chaning from: header still done ?
mailman is worst case of fixing break of dkim ever writed, route to
solve is
before mailman see any massage, make the ARC-seal, and ARC-sign, later
when mailman comes to breaking dkim it does not matter becourse dkim
from the origin poster can still be untrusted or trusted in opendmarc
when opendmarc verify arc chains, still have to see spamassassin 4 here,
so far only rspamd verifi it all, but there is perl software that does
aswell
hope this can close this maillist breaks dkim, its not correct, i bet
postfix maillist and dovecot does not
More information about the bind-users
mailing list