DKIM test
Greg Troxel
gdt at lexort.com
Thu Jul 10 16:47:43 PDT 2025
Sandro Santilli via Sac <sac at lists.osgeo.org> writes:
> Ok it looks like Mailman will ONLY rewrite the From IFF a DMARC
> policy is found for the sender domain. Mine has a policy of "reject":
>
> dig -t TXT _dmarc.kbt.io
>
> Yours doesn't have any:
>
> dig -t TXT _dmarc.pcorp.us
>
> For this reason Mailman does not strip your From and DKIM signature
> while does it for my messages, which are then signed by OSGeo itself.
I say this is a bug in mailman. The proper configuration is not to
munge the subject or the body, and it seems this list is set up that
way. My MTA gave a DKIM pass to Regina's mail as received from the list
(as signed by pcorp.us).
The from munging should only happen when a list is (mis-)configured to
munge bodies. But perhaps it is a separate setting and just needs
adjusting.
> In any case the DKIM signature on your mail was valid when it arrived
> to me. But on an older message it was not, and I cannot see why:
>
> Message-ID: <000401dbef45$14943240$3dbc96c0$@pcorp.us>
> Authentication-Results: hst.kbt.io; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=pcorp.us header.i=@pcorp.us header.a=rsa-sha256 header.s=google header.b=pgllgDSW; dkim-atps=neutral
I see semi-random failures for DKIM sigs to validate from time to time.
More information about the Sac
mailing list