Re: BUG #18822: mailing lists reject mails due to DKIM-signature

Hi Matthias!


On 24.02.25 07:55, Matthias Apitz wrote:
> I'm subscribed to some hundred technical mailing lists and do not face 
> this problem with any other list, only with the PostgreSQL lists. For 
> example, when I write to the list mutt-users@mutt.org <mailto:mutt- 
> users@mutt.org> and my ISP 1blu.de <http://1blu.de> sends the same DKIM- 
> Signature containing these List-* entries (which might be there or not, 
> what I count a religious war depending of how one reads the RFC in 
> question), what gets delivered by the mutt-users@mutt.org <mailto:mutt- 
> users@mutt.org> list server to the subscribers, like me, DKIM related is 
> only:



I think it has been explained a few times now that out options are 
either to reject mails with signed List-* headers before distribution or 
distribute them with a broken signature.
We will not distribute mails with broken signatures because that would 
immediately cause us to get into serious blacklisting troubles with all 
large mail providers worldwide - we have been there and we will not go back.

We _NEED_ our own List-* headers on our mails to comply with say gmail 
policies for large senders (5k mails/24h for google and we are way above 
that) and to provide easy features for our users (say one-click 
unsubscribe in most popular webmail interfaces), so there is nothing we 
can do here unfortunately.


> 
> grep ^DKIM mutt.mail
> DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org <http:// 
> smtp1.osuosl.org> C3A51819CC
> DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org <http:// 
> smtp3.osuosl.org> 5EB3A605E8
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;


not sure what you are try to tell us here - what is relevant is whether 
the signature (if there is one) still validates and whether those lists 
actually maintain List-* headers.


Stefan