From owner-freebsd-questions@freebsd.org Tue Nov 27 01:58:59 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 228121150E15 for ; Tue, 27 Nov 2018 01:58:59 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2C824796B9 for ; Tue, 27 Nov 2018 01:58:58 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=oW8t4RHyHgIeCnOpMnsCkx9RZxGV6UW37ETJ+Hjyi+w=; b=MjYSakp2XFMMEqM1aj5WFyygKB 3PpbYX5QeXRp+ire8PfAPBycIl2UJ7SZY/jFGwTMqrf5VT132Dl0cX/02BrprLxq4M6Bflr72l/cD tXiULDQ/xxm27HdL4lPHMTeO2ZTx9L/R+CtTBggzbeus3k85dKweyG6nzpYB3Dfjfumc=; Received: from vas by admin.sibptus.ru with local (Exim 4.91 (FreeBSD)) (envelope-from ) id 1gRSeO-000LKD-5K; Tue, 27 Nov 2018 08:58:56 +0700 Date: Tue, 27 Nov 2018 08:58:56 +0700 From: Victor Sudakov To: John Levine Cc: freebsd-questions@freebsd.org Subject: Re: Invalid DKIM signatures in this list Message-ID: <20181127015856.GA79319@admin.sibptus.ru> References: <20181126125259.GB86999@admin.sibptus.ru> <20181126172133.CDCDB2008E6098@ary.qy> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20181126172133.CDCDB2008E6098@ary.qy> X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: Victor Sudakov X-Rspamd-Queue-Id: 2C824796B9 X-Spamd-Result: default: False [-1.81 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.88)[-0.883,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-0.94)[-0.935,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[tomsk.su]; NEURAL_SPAM_SHORT(0.40)[0.398,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; RCPT_COUNT_TWO(0.00)[2]; MX_GOOD(-0.01)[admin.sibptus.ru]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(0.13)[asn: 20473(0.72), country: US(-0.09)]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2018 01:58:59 -0000 John Levine wrote: >> >>I have noticed that the Mailman which manages this list keeps the >>sender's "DKIM-Signature:" header intact but modifies the body of the >>message by adding a footer. >> >>This behavior invalidates the sender's digital signature with >>"dkim=fail (body hash mismatch; body probably modified in transit)". > >Quite right. That's how DKIM works. The problem I'm talking about is not in DKIM. DKIM works as expected. The problem is in FreeBSD's mailing list manager which is broken IMHO. > >>Whom do I contact about it? > >Nobody. See RFC 6376, section 6.3. See RFC 6377 "The best general recommendation for dealing with MLMs is that the MLM or an MTA in the MLM's domain apply its own DKIM signature to each message it forwards and that assessors on the receiving end consider the MLM's domain signature in making their assessments. (See Section 5, especially Section 5.2.)" -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/