[Users] DKIM test...
Slavko
linux at slavino.sk
Fri Feb 9 08:44:38 UTC 2024
Dňa 9. 2. o 0:19 Pierre Fortin via Users napísal(a):
> 2. Get confirmation that CM does _not_ include DKIM header when sending
> mail; it leaves that to the MTA... True?
CM itself has near nothing with DKIM, it is job for MTA to add/verify
DKIM signature(s).
If you mean CM's ML, that is another thing. and yes, you are (partially)
right, except that CM's ML adds it own DKIM signature, thus mails will
have two, one from CM's ML and one from your MTA (i didn't investigate,
if CM's signature is added always or only on some conditions).
Your original signature will fail verification, as CM's ML modifies body
of message. The CM's ML signature will probably pass, but that is mostly
pointless for DMARC, as its DKIM domain (d=) will not be aligned with
From: domain...
Thus, if your domain has strict DMARC policy (p=quarantine/reject),
people can (and often will) have troubles to get your messages.
The only solution for now is to add some WL entry on MTA level (where
DKIM/DMARC is checked), but not all admins/systems are willing to do
that. On my MTA (MX) i maintain list of MLs known to break DKIM/DMARC to
prevent false positives (CM is not only one)...
I tried to point that problem here some months ago, but it was rejected
as off topic, thus discussion about another possibilities didn't happen.
regards
--
Slavko
More information about the Users
mailing list