From c7ec57a8c280e1ad8280b87de3548373b35b9cec Mon Sep 17 00:00:00 2001 From: System administrator Date: Wed, 25 Sep 2019 18:17:16 +0200 Subject: transports: tweak dkim-signed headers for mailing lists --- conf.d/040_transports.conf | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'conf.d') diff --git a/conf.d/040_transports.conf b/conf.d/040_transports.conf index 543671f..01de429 100644 --- a/conf.d/040_transports.conf +++ b/conf.d/040_transports.conf @@ -22,16 +22,17 @@ remote_smtp: # Sign outgoing mail with DKIM. -# Only mail sent by authenticated users is signed, leaving forwarded mail untouched. -# The "Sender" header is excluded from the signature process, allowing mailing list -# servers to forward messages without invalidating the signature. +# Only mail sent by authenticated users is signed, leaving forwarded mail +# untouched. +# The "Sender" and "List-*" headers are excluded from the signature process +# if they are not already present, allowing mailing list servers to forward +# messages without invalidating the signature. +# Default _DKIM_SIGN_HEADERS: +# https://github.com/Exim/exim/blob/042e558/src/src/pdkim/pdkim.h#L29-L36 # ref: https://www.spinics.net/lists/linux-media/msg138870.html +# ref: https://lists.gt.net/exim/users/110610#110610 -.ifdef _DKIM_SIGN_HEADERS -DKIM_SIGN_HEADERS = _DKIM_SIGN_HEADERS -.else -DKIM_SIGN_HEADERS = In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive -.endif +DKIM_SIGN_HEADERS = From:=Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive DKIM_PRIVATE_KEY_FILE = DKIMDIR/$dkim_selector._domainkey.$dkim_domain.pem @@ -43,7 +44,7 @@ signed_smtp: dkim_private_key = ${if exists{DKIM_PRIVATE_KEY_FILE}{DKIM_PRIVATE_KEY_FILE}{0}} dkim_canon = relaxed dkim_strict = yes - dkim_sign_headers = ${filter{DKIM_SIGN_HEADERS}{!eq{$item}{Sender}}} + dkim_sign_headers = DKIM_SIGN_HEADERS # This transport is used for local delivery to user mailboxes in traditional -- cgit v1.2.3