[squid-users] This list generates a forward loop ...
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 20 11:05:21 UTC 2017
On 20/07/17 21:43, Matus UHLAR - fantomas wrote:
> On 20.07.17 17:16, Amos Jeffries wrote:
>> Your DKIM signature covers the Subject and To headers. Any normal
>> mailing list will modify those,
>
> I disagree - IMHO sane listservers don't modify those headers.
>
Sadly, sane != normal. I'm referring to the common popular list servers.
We have used several of them over the years.
>> so your server cannot do that on list postings. Content-Type is also
>> changed sometimes by our listserver due to the list policy on binary
>> attachments, I dont know whether that is a common practice too but I
>> suspect it might be. The others should be fine AFAIK.
>
> This is a better example. However, mailserver supporting DKIM should strip
> the DKIM header if it's going to modify anything signed.
> Other solution is to refuse message (when the signer domain SKIM policy is
> signall).
>
<https://wiki.list.org/DEV/DKIM> and the discussions it links to explain
the issues around DKIM in a fair bit of detail, including why even
removal does not work.
(/me reading that page is brining on a greybeard moment. DKIM vs SPF was
the hot topic when I switched from mail to proxy focused work. Heck, 10
years of Squid).
Amos
More information about the squid-users
mailing list