Re: BUG #18822: mailing lists reject mails due to DKIM-signature

Поиск
Список
Период
Сортировка
От Stefan Kaltenbrunner
Тема Re: BUG #18822: mailing lists reject mails due to DKIM-signature
Дата
Msg-id 5a97e020-1008-4c2d-bf29-3ba590296d6a@kaltenbrunner.cc
обсуждение исходный текст
Ответ на Re: BUG #18822: mailing lists reject mails due to DKIM-signature  (Matthias Apitz <gurucubano@googlemail.com>)
Ответы Re: BUG #18822: mailing lists reject mails due to DKIM-signature
Список pgsql-bugs
Дерево обсуждения 
On 24.02.25 10:45, Matthias Apitz wrote:
> 
> Hi Stefan,
> 
>      >
>      > grep ^DKIM mutt.mail
>      > DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org <http://
>     smtp1.osuosl.org> <http://
>      > smtp1.osuosl.org <http://smtp1.osuosl.org>> C3A51819CC
>      > DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org <http://
>     smtp3.osuosl.org> <http://
>      > smtp3.osuosl.org <http://smtp3.osuosl.org>> 5EB3A605E8
>      > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> 
> 
>     not sure what you are try to tell us here - what is relevant is whether
>     the signature (if there is one) still validates and whether those lists
>     actually maintain List-* headers.
> 
> 
> The mail I sent to the mutt-users mailing list contains what my provider 
> adds as DKIM-signature:
> 


[...headers showing mailman forcibly removing dkim signatures...]

> ...
> 
> Why postgresql.org <http://postgresql.org> can not do the same?


sorry to be blunt but that behaviour is completely broken in a modern 
mail world (though it might have worked like 10+ years ago) - it looks 
like that list is simply removing dkim signatures, per the standard that 
means the signature is invalid (because an invalid signature is treated 
the same as an unsigned).

Unsigned mails(these days SPF, DKIM and DMARFC are not optional any 
more) are basically undeliverable at scale to all large mail providers 
other than if you are a super low volume sender - so that is a complete 
non-starter for us.

Also note that that particular mailinglist setup seems to be unsuitable 
for large volumen lists to say google anyway because afaiks it does not 
support RFC8058 which is a google requirement for large senders.

It might work for (no offense intended) for a super tiny mailinglist 
like mutt-users@ with a 2 figure number of mails per month (and probaly 
a very small amount of subscribers) but not for us where we have easily 
100x if not more that volume.



Stefan

В списке pgsql-bugs по дате отправления: