Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not remove (possibly invalid) DKIM-Signature headers from outgoing messages #1852

Open
ykasap opened this issue Jun 11, 2024 · 0 comments · May be fixed by #1898
Open

Do not remove (possibly invalid) DKIM-Signature headers from outgoing messages #1852

ykasap opened this issue Jun 11, 2024 · 0 comments · May be fixed by #1898
Labels
enhancement

Comments

@ykasap
Copy link

ykasap commented Jun 11, 2024

Sympa removes invalid DKIM-Signature headers from outgoing messages when ARC or DKIM is enabled. Could you please make this behavior optional?

According to section 4.2 of RFC6376,

Signers SHOULD NOT remove any DKIM-Signature header fields from
messages they are signing, even if they know that the signatures
cannot be verified.

A relevant bug report of mailman2:
https://bugs.launchpad.net/mailman/+bug/557493

Expected Behavior

Sympa should not remove existing DKIM-Signature headers from outgoing messages.

Current Behavior

Sympa removes invalid DKIM-Signature headers in Spindle/ProcessOutgoing.pm.

Possible Solution

Do not remove invalid DKIM-Signature headers by default. However, since such a removal might be needed in some circumstances, it can be provided as a configuration option.

Context

I'm a mail system administrator at a university. I need to know which domains are intended to authenticate the message to better understand the DKIM/ARC/DMARC situations of these domains.
@ykasap ykasap mentioned this issue Jun 18, 2024
Closed
ikedas added a commit to ikedas/sympa that referenced this issue Sep 29, 2024
@ikedas
DKIM-Signature header fields should not be removed even if invalid (s…
186a962 
…ympa-community#1852)

A new parameter remove_dkim_headers may allow removing DKIM-related
fields Authentication-Results:, DKIM-Signature: and Domainkey-Signature:.
@ikedas ikedas linked a pull request Sep 29, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

DKIM-Signature header fields should not be removed even if invalid (#1852) ikedas/sympa
1 participant
@ykasap