From owner-freebsd-questions@FreeBSD.ORG Thu Dec 18 14:04:12 2008 Return-Path: Delivered-To: FreeBSD-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A8141065675 for ; Thu, 18 Dec 2008 14:04:12 +0000 (UTC) (envelope-from nikola.lecic@anthesphoria.net) Received: from anthesphoria.net (anthesphoria.net [200.46.204.219]) by mx1.freebsd.org (Postfix) with ESMTP id E4CC68FC28 for ; Thu, 18 Dec 2008 14:04:11 +0000 (UTC) (envelope-from nikola.lecic@anthesphoria.net) X-Bogosity: No, tests=bogofilter X-DKIM: Sendmail DKIM Filter v2.4.1 anthesphoria.net mBIE46W0078676 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anthesphoria.net; s=phero; t=1229609051; bh=pnF+6ajDKdl/0M3YThSNmDqx1vz/2FgUFvr1IL9oo 0E=; l=2193; h=X-Bogosity:Date:From:To:Cc:Subject:Message-ID: In-Reply-To:References:X-Mailer:X-Face:X-Operating-System: X-OpenPGP-Fingerprint:X-OpenPGP-Preferred-Keyserver:Mime-Version: Content-Type:Content-Transfer-Encoding; b=hZffYLWQcPdFRDMdlHC4VpCJ JHaiqqMKqLwFXAdxDm36saoA/USz0LsHslljO61ORFbX+B8a5bMW6azo2NLR2T+Lra+ Ox5I+vjtsX9zIA2P5f4JIg7DjbQXZWuAwofekJk1HVwLBER4nLIFtoS7iCQsqZrG4Et nLxhDSoU5fV80= Received: from anthesphoria.net (adsl-200-199.eunet.yu [213.198.200.199]) (authenticated bits=0) by anthesphoria.net (8.14.2/8.14.2) with ESMTP id mBIE46W0078676 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Dec 2008 15:04:09 +0100 (CET) (envelope-from nikola.lecic@anthesphoria.net) Date: Thu, 18 Dec 2008 14:59:59 +0100 From: Nikola =?UTF-8?B?TGXEjWnEhw==?= To: Michael Scheidell Message-ID: <20081218145959.2d428ec8@anthesphoria.net> In-Reply-To: <494A3835.30302@secnap.net> References: <494A3835.30302@secnap.net> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.1) X-Face: pbl6-.[$G'Fi(Ogs2xlXP-V6{3||$Y[LOYs&~GJoikj'cVjcFC[V7du;;0~6nO= [Vi2?uU1Pq~,=Adj@,T:|"`$AF~il]J.Nz#2pU',Y7.{B;m/?{#sO^Dvo$rnmY6] X-Operating-System: FreeBSD 7.0-RELEASE/i386 X-OpenPGP-Fingerprint: FEF3 66AF C90E EDC3 D878 7CDC 956D F4AB A377 1C9B X-OpenPGP-Preferred-Keyserver: x-hkp://pgpkeys.pca.dfn.de Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD-questions@FreeBSD.org Subject: Re: listserver problems? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2008 14:04:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On Thu, 18 Dec 2008 06:47:01 -0500 Michael Scheidell wrote: =20 > might be generic listserver issues, but I noticed that at least on=20 > freebsd-jail list, it does NOT strip out dkim/domainkeys signatures. >=20 > that might not be to bad, but it does 'mung' the headers, so dkim > signed email passed through freebsd mailing list server comes back as > a forged signature. Three objections to your DKIM signature: (1) Your canonicalization is "relaxed/simple", i.e. the mail is signed with "simple" bodycanon: DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/simple; d=3Dsecnap.net= ; h=3D That's why you have Authentication-Results: [...] dkim=3Dneutral (body hash did not verify) header.i=3D@secnap.net - -- the list software appends some lines at the end of mail. You should use=20 Canonicalization relaxed/relaxed in dkim-filter.conf or milterdkim_flags=3D"-c relaxed/relaxed" in rc.conf if you use Sendmail. (See headers of my mail.) (2) You have "Received" header field included in the signature, while RFC4871 states that it SHOULD NOT be the case: http://tools.ietf.org/html/rfc4871#section-5.5 (3) You do not specify body length (l=3D in DKIM header). According to http://tools.ietf.org/html/rfc4871#section-3.4.5 it could be a good idea to use it, especially when mailing lists are in question. In total, mailing list owners don't have an obligation to strip DKIM signatures. Instead, other methods can be used on both sides, see section 4.1. HTH - --=20 Nikola Le=C4=8Di=C4=87 =3D =D0=9D=D0=B8=D0=BA=D0=BE=D0=BB=D0=B0 =D0=9B=D0= =B5=D1=87=D0=B8=D1=9B fingerprint : FEF3 66AF C90E EDC3 D878 7CDC 956D F4AB A377 1C9B ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iJwEAQEDAAYFAklKV2MACgkQ/MM/0rYIoZhsnwQAowQy2nwd3IVYMtv9p7PVaoGZ FQPpZZse/6PFi3KeegZcbOBFhOcNV3DzATt3z+VXdVYybajRXArj7WJtyEI2shGn ssBmBdkD1bpoRzgf7jNYj6a9w8cVS/BC7gl07GBIhILEGLnpG8bjj7MtWhynj9SB vn8jT/XF4QEKmDJSUwk=3D =3D1fpm -----END PGP SIGNATURE-----