DKIM-Signature

Discussion in 'Installation/Configuration' started by BenM, Jan 29, 2020.

  1. BenM

    BenM Member

    A costomer has a problem with the dkim Signature when forwarding the mail by a mailing list.
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xxxxx.org; s=default;
    t=1579788686;
    h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
    to:to:cc:mime-version:mime-version:content-type:content-type;

    it needs to become

    h=mime-version:from:date:message-id:subject:to;
    so i try to
    opendkim.conf by OmhitHeaders Reply-to

    but that wil not work.

    Help is welcome.

    Regards, Ben
     
  2. Steini86

    Steini86 Active Member

    Sorry, what exactly do you want to achieve? The mails sent to the mailinglist should not be signed by dkim? Or the mails received from the mailing list should not be tested?
    Best thing would be to configure the mailinglist properly.

    You could have a look at the ExemptDomains option in opendkim.conf: http://opendkim.org/opendkim.conf.5.html
     
  3. BenM

    BenM Member

    Hi, i want to remove the Reply-to in h=
    That can be done with OmhitHeaders Reply-to but this is not working.
     
  4. Steini86

    Steini86 Active Member

    For sending or receiving messages?
    Have not done it, but from the documentation it should work. Have you restarted it after the change?

    You could try is OmhitHeaders *,+reply-to
    * is for omitting default headers
    + adds the reply-to header to omitting list
    Or the complete list with things you don't want to sign, like:
    OmitHeaders Reply-to, Message-ID, Date, Return-Path, Bounces-To, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature

    Have you set other options, that overwrite this? Like "OversignHeaders" or "SignHeaders"

    Opendkim is hard to debug but has some options:
    KeepTemporaryFiles keeps files in folder TemporaryDirectory
    You can also set logging to syslog and increase loglevel.
    Is not an error message we can help you with. In principle your attempt should work. If it does not work it could also be an error in the conffile (which you don't show)
     
  5. BenM

    BenM Member

    thanks, but no error and no effect on OmitHeaders *,+reply-to
    looks like a command problem i am stuk.

    try this on a other machine and it gave the same effect.

    Can you try it on yours?
     
  6. Steini86

    Steini86 Active Member

    Sorry, I switched to rspamd which also does the dkim signing now.
    Maybe you can ask the experts on the opendkim mailinglist: http://lists.opendkim.org/
     
  7. BenM

    BenM Member

    Yes, thats it. rspamd is using an other file then opendkim.conf
    now find out how to config rspamd regarding dkim

    thanks
     

Share This Page