On 4/29/2019 5:00 PM, Jeremy Harris via Exim-dev wrote:
You'll get the default headers signed, then. That includes signing
the lack-of-presence of a header in the set.
However: it's irrelevant. The ML adding a header making the signature
bad does not matter. The ML also appends to the body... making your
signature bad. That's what signatures are for (I'm sure you know this,
just wanting to be clear in case...)
So. DKIM signatures do not survive transmission through a ML.
(Sometime phrased as "DKIM breaks mailinglists").
The DKIM RFCs say "do not treat a lack of verifiable DKIM signature as
cause for rejecting a message". Google is ignoring that, and the
brou-ha-ha is not really, IMHO, Exim's problem. It's a 800Kg gorilla
problem.
Thank you for confirming. I suspected that was the case - there was a
lot of conflicting feedback, and I didn't think there was technically
anything wrong with my setup.
Just a quick thanks to all the Exim devs for their work over the years!
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
