X-Mailman-Original-DKIM-Signature
Hi,
I discovered this just today, after a list I'm subscribed to enabled it.
I have a filter which tries to validate original signatures by removing footers and subject tags. Removing "X-Mailman-Original-" is going to be the next addition.
I guess the purpose of this option is to spare a dkim=fail result in the recipient's header. However, for documentation purposes[*], I'd be comforted by some document, discussion, or even a crispy comment about the intended usefulness of masking existing signatures. Google found nothing. Any pointer?
TIA Ale
[*] I try and document that original signature validation here: https://tools.ietf.org/html/draft-vesely-dmarc-mlm-transform
On Thu, 2021-04-15 at 10:28 +0200, Alessandro Vesely wrote:
Hi,
I discovered this just today, after a list I'm subscribed to enabled it.
I have a filter which tries to validate original signatures by removing footers and subject tags. Removing "X-Mailman-Original-" is going to be the next addition.
I guess the purpose of this option is to spare a dkim=fail result in the recipient's header. However, for documentation purposes[*], I'd be comforted by some document, discussion, or even a crispy comment about the intended usefulness of masking existing signatures. Google found nothing. Any pointer?
Hi Ale,
Here's he commit that was merged into MM 2.1 on 2016-05-26:
https://code.launchpad.net/~jimpop/mailman/preserve_dkim
It grew out of the discussion starting here: (login required):
https://list.mailop.org/private/mailop/2016-May/007692.html
hth,
-Jim P.
Alessandro Vesely writes:
I discovered this just today, after a list I'm subscribed to enabled it.
I have a filter which tries to validate original signatures by removing footers and subject tags. Removing "X-Mailman-Original-" is going to be the next addition.
You mean removing that substring from the field names? Should allow more successful validations, I guess.
I guess the purpose of this option is to spare a dkim=fail result in the recipient's header. However, for documentation purposes[*], I'd be comforted by some document, discussion, or even a crispy comment about the intended usefulness of masking existing signatures. Google found nothing. Any pointer?
The unvalidated and unsigned X-Mailman-Original-OAR field seems like a bad idea to me -- there's a reason why the ARC protocol is so finicky. Anyway, it's superseded by ARC. The others are harmless, I guess, and useful to you.
The purpose of removing signatures that Mailman's decorations will break has been discussed occasionally on these lists. The problem that it tries to solve is admins who think they're smarter than the IETF and rate messages with failed signatures as *more* spammy than messages with no signature, and end up rejecting list traffic for that reason. I guess Jim's patch to move them to X-Mailman-Original-* fields is intended to preserve the signature for your use.
I thought only Guido van Rossum had a time machine!
Footnotes: [1] I can think of a couple possibilities, but they've all been superseded by IETF standardized fields.
participants (3)
-
Alessandro Vesely
-
Jim Popovitch
-
Stephen J. Turnbull