Re: [chrony-users] DNS/DKIM issue with tuxfamily.org? |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]
Hi Joe
Your admin should be more precise: The mailing list or the servers that send
the mail for the list do not add a DKIM header, only some of the member mail
server do add a DKIM header.
Because a mailing list software alters some headers, like the subject, such
headers should not be used in DKIM, it leads to a failed verification. Mails,
which fail a DKIM verification can only be discarded safely, when the _adsp
record of the sender says dkim=discardable in all other cases, the mail should
get delivered, see under [1].
This DKIM issue can only be addressed from your admin to take into account,
that mailing list software do exist, are used and aren't 100% compatible with
DKIM, and as well that some admins configure DKIM in a bad way for mailing
lists.
That means upon receiving a mail: Do not decide to never discard mails having
a failed DKIM verification, give them a higher SPAM score instead. Decrease
the SPAM score for mails having a List-... header (resp. use the corresponding
test from spamassassin, if applicable).
Furthermore your admin should change your DKIM record not to contain the
subject, content-type and mime-version, which helps to verify a DKIM
successfully even if the mail was altered by a mailing list software.
Regards, Adrian.
[1] https://dkim.org/specs/draft-ietf-dkim-ssp-04.html
In der Nachricht vom Tuesday, 12 December 2023 14:50:17 CET steht:
> Emails that I receive from tuxfamily.org for this group are being blocked by
> my organization, reportedly for security because of a failed DKIM lookup.
> My sysadmin indicated that the DKIM in DNS would need to be fixed. I tried
> sending an email to the tuxfamily.org admin a while back but got no
> response. I probably won't receive the responses to this if you respond to
> the group. Perhaps you can reply to me directly. I do apologize for this
> being off topic. I'd like to continue receiving these emails but can't if
> this DKIM issue isn't addressed. If any of you are able to look into this,
> it would be greatly appreciated. Thanks. Happy Holidays!
>
> Joe Smith
>
> Senior Software Engineer
>
> Phoenix Defense
>
> 200 East Palm Valley Drive | Suite 2000 | Oviedo, Florida 32765
> 800-RIPTIDE
>
> joe.smith@xxxxxxxxxxxxxxx
>
>
> This email and any attachments to it are intended only for the identified
> recipients. It may contain proprietary or otherwise legally protected
> information of Phoenix Defense.
> Any unauthorized use or disclosure of this communication is strictly
> prohibited. If you have received this communication in error, please notify
> the sender and delete or otherwise destroy the email and all attachments
> immediately.
> [cid:4d3eb688-9459-4092-9b00-510a3454416b]
> [cid:cefb756f-b8c3-47f6-8ceb-65f9b1e2c569]
--
-°)
~~~~~~~~~~~~(_^/~~~~
Adrian Zaugg
Zweierstrasse 56
CH-8004 Zürich
044 291 02 38
____________________
(This eMail gets best displayed
using a monospace font.)
# Retrieve my public GPG key:
gpg --locate-external-keys adi@xxxxxxxxxxxxxx
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |