https://bugs.exim.org/show_bug.cgi?id=2394
Richard James Salts <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Richard James Salts <[email protected]> --- I do think oversigning all of the headers listed in the RFC is overzealous, and is not what opendkim does (which I believe is reference implementation). I do think that opendkim errs on the side of not oversigning enough as people can replay signed emails and alter the appearance with common MUAs and still validate as described at https://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html. At the moment I have exim configured with dkim_sign_headers = +From:+Sender:+Reply-To:+Subject:+Date:+Message-ID:+To:+Cc:+MIME-Version:+Content-Type:+Content-Transfer-Encoding:+Content-ID:+Content-Description:+Content-Disposition:=Resent-Date:=Resent-From:=Resent-Sender:=Resent-To:=Resent-Cc:=Resent-Message-ID:+In-Reply-To:+References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive I subscribe to the postfix-users mailing list which is unique in that they don't alter the subject or message body, however they do still break my signatures by adding a Sender header, so maybe making =Sender instead might be better as most MUAs don't display the header anyway. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
