I just recently started checking DKIM on a mail server and I've noticed it is rejecting a number of emails including one particular persons posts on the NZNOG mailing list because of DKIM.
In this particular case this is because they are using their domain on gmail and gmail signs its messages with DKIM and the message is going thu the list.
As the NZNOG mailing list changes the subject and other things in the header it invalidates the DKIM signature (and the signature says certain things shouldn't change)
So.. Ideas? Looking on the internet it says the mailing list can strip out the DKIM headers thus it won't be checked when resent and/or better re-sign (if possible) the message at the mailing
list level when resent out.
(from mailman)
# Some list posts and mail to the -owner address may contain DomainKey or
# DomainKeys Identified Mail (DKIM) signature headers <http://www.dkim.org/>.
# Various list transformations to the message such as adding a list header or
# footer or scrubbing attachments or even reply-to munging can break these
# signatures. It is generally felt that these signatures have value, even if
# broken and even if the outgoing message is resigned. However, some sites
# may wish to remove these headers by setting this to Yes.
REMOVE_DKIM_HEADERS = Yes
Ideas? Thoughts?
Craig..