From c4c5865bb0c866ca1607d799c43b741614d1db6f Mon Sep 17 00:00:00 2001
From: pacien
Date: Mon, 3 Sep 2018 03:48:13 +0200
Subject: Exclude Sender header from DKIM signing

---
 conf.d/040_transports.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf
index 8d57ecc..94d9b88 100644
--- a/conf.d/040_transports.conf
+++ b/conf.d/040_transports.conf
@@ -21,6 +21,11 @@ remote_smtp:
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
 
 
+# Sign outgoing mail with DKIM.
+# Only mail sent by authenticated users is signed, leaving forwarded mail untouched.
+# The "Sender" header is excluded from the signature process, allowing mailing list
+# servers to forward messages without invalidating the signature.
+# ref: https://www.spinics.net/lists/linux-media/msg138870.html
 signed_smtp:
   driver             = smtp
   message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
@@ -29,6 +34,7 @@ signed_smtp:
   dkim_private_key   = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem
   dkim_canon         = relaxed
   dkim_strict        = yes
+  dkim_sign_headers  = ${filter{_DKIM_SIGN_HEADERS}{!eq{$item}{Sender}}}
 
 
 # This transport is used for local delivery to user mailboxes in traditional
-- 
cgit v1.2.3