Re: [Ietf-dkim] DKIM-Signature: r=y and MLM
Дилян Палаузов <dilyan.palauzov@aegee.org> Wed, 24 October 2018 20:53 UTC
Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E48B8128D68 for <ietf-dkim@ietfa.amsl.com>; Wed, 24 Oct 2018 13:53:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GCxTMsF9ea2o for <ietf-dkim@ietfa.amsl.com>; Wed, 24 Oct 2018 13:53:07 -0700 (PDT)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09D3C128B14 for <ietf-dkim@ietf.org>; Wed, 24 Oct 2018 13:53:06 -0700 (PDT)
Authentication-Results: mail.aegee.org/w9OKr36A029413; auth=pass (LOGIN) smtp.auth=didopalauzov@AEGEE.ORG
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1540414384; i=dkim+MSA-tls@aegee.org; r=y; bh=j5bqECAlyFn0I/Iavd+LKzDxy4irMv4/29M3k9jkuxQ=; h=Subject:From:To:Date:In-Reply-To:References; b=o1+aP6GCfpy4ct2jaiOKXda8KB1dxGkIgULWFpIYtzyLuXdvJv0pjZUdscmOyT8oX VSLmiLdjldWxS0uU2Mo1mooQEqbs1UhBpjpNN3r5z843r2AmcfJgEiXbQEy9xliNDL FMUj6l2i7Oo9bkfCPLapoUK6N2LHxyMd4utYkvcNBk2B/612cV5U++atS+ZWIbltZC AJEVFoscPQhRJajd6NuPujUb2cVsbdNcAO7/qtoo3k23if4khMK6jtC0s+AmGv82FI YpVedMIjIirnqIOSqMiVeuU3wHZHLP5lajdvYN2Mpr2sQ0bUTY+sieJwLu/Xkutpr+ tI7eSEw6syZ/9MrAj2L5SiJddDEscsoG9P/yTxITe2XvC+cgFgy2jQ1hsbB86t70XQ jEqvzx1v3lyhQ9x9mWoqybJ1kA/DqJWXiSiKVUhWzGBa2E3k2BDWRBp7/2lJt1mi7j F+RpD0J7tFsvEGj8/vBG0+rRrEfjTTl5+LVmnfjRbeAz5TIZPLMLCtSwCvMbwh8+ke OXZAGm/gubVUsxz+OhdaQFQdQpdI1nNQPkPvU8JBoL0VOTgFr6XEdT34GcNPehhZmH FpEH1FEDy8+TWam7m5Z9gfRplnjvEVQs5XXU1YNiom9RfG2hfLijnHURNdFPTO2LQn 15JIemQ3b1FTQMOCkk69/Itc=
Authentication-Results: mail.aegee.org/w9OKr36A029413; dkim=none
Received: from Tylan (ipbcc2def0.dynamic.kabel-deutschland.de [188.194.222.240]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id w9OKr36A029413 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 24 Oct 2018 20:53:04 GMT
Message-ID: <f5e6298e395aa89a20e57d077e0232f0136ad7a1.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: Hector Santos <hsantos@isdg.net>, ietf-dkim@ietf.org
Date: Wed, 24 Oct 2018 20:53:03 +0000
In-Reply-To: <5BC4A48C.3080302@isdg.net>
References: <20180811033840.Horde.i6llD-AtvgzyNIjbhTs-nkS@webmail.aegee.org> <98aff90a-2198-854f-f1e6-85fd704cb7d1@tana.it> <20180817214834.Horde.DNYi60aPTo_sOKr7o3ilPra@webmail.aegee.org> <2c60b8bf-fec7-3a72-4bcc-3f2416e6f8b1@tana.it> <20180820193206.Horde.U24zQJh_TH-uC-4hxrcs2fw@webmail.aegee.org> <6e31890d3b63091a1d731fd70c2bfc217dc4f45b.camel@aegee.org> <5BC4A48C.3080302@isdg.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.31.2
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.100.2 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/sL_oYweervoFMiNt3lXaMF-Hx94>
Subject: Re: [Ietf-dkim] DKIM-Signature: r=y and MLM
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 20:53:09 -0000
PS: > For example, the ietf.org mailing list has begun to rewrite and it > replaces the 5322.From with a dmarc.ietf.org domain, adds a new > X-Original-From header and resigns the message using an ietf.org > signer domain: > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; > s=ietf1; > t=1537415189; bh=TJWGUVdPL8OTY+HJnUzpBRd52OaKfWjFqS68Cby0s/M=; > h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: > List-Archive:List-Post:List-Help:List-Subscribe:From; > b=..... > X-Original-From: Hector Santos <hsantos@isdg.net> > From: Hector Santos <hsantos=40isdg.net@dmarc.ietf.org> > > What it should do is: > > 1) It should use a 1st party signature using d=dmarc.ietf.org to > match the new author domain dmarc.ietf.org. > > 2) It should has hash bind the X-Original-From header to the > signature. Since DKIM recommends not to bind "X-" headers, > a non "X-" header should be used, i.e. "Original-From:". This > means adding the header to the 'h=" field to avoid potential > mail resend exploits using different unprotected Original-from: > fields. > > 3) and finally, the dmarc.ietf.org domain should have its own > DMARC p=reject policy to effectively replace the one it > circumvented with the submission. > Please describe the handling, of the above message by the MLM, if the original message contained in addition DKIM-Signature: v=1; d=isdg.net; r=y; … ... or something different than r=y, that permits finding faulty DKIM implementations. Apart from this, on the last email I sent “To: Hector Santos < hsantos@isdg.net>, ietf-dkim@ietf.org” , I got: Date: Wed, 24 Oct 2018 20:32:15 GMT From: Mail Delivery Subsystem <MAILER-DAEMON@aegee.org> Message-Id: <201810242032.w9OKWFSc027376@mail.aegee.org> Content-Type: multipart/report; report-type=delivery-status; boundary="w9OKWFSc027376.1540413135/mail.aegee.org" Content-Transfer-Encoding: 8bit Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message --w9OKWFSc027376.1540413135/mail.aegee.org The original message was received at Wed, 24 Oct 2018 20:32:10 GMT from ipbcc2def0.dynamic.kabel-deutschland.de [188.194.222.240] ----- The following addresses had permanent fatal errors ----- <hsantos@isdg.net> (reason: 554 REJECTED BY SYSTEM POLICY FILTER) ----- Transcript of session follows ----- ... while talking to mail.isdg.net.: <<< 554 REJECTED BY SYSTEM POLICY FILTER 554 5.0.0 Service unavailable --w9OKWFSc027376.1540413135/mail.aegee.org Content-Type: message/delivery-status Reporting-MTA: dns; mail.aegee.org Received-From-MTA: DNS; ipbcc2def0.dynamic.kabel-deutschland.de Arrival-Date: Wed, 24 Oct 2018 20:32:10 GMT Final-Recipient: RFC822; hsantos@isdg.net Action: failed Status: 5.5.0 Diagnostic-Code: SMTP; 554 REJECTED BY SYSTEM POLICY FILTER Last-Attempt-Date: Wed, 24 Oct 2018 20:32:15 GMT
- [Ietf-dkim] DKIM-Signature: r=y and MLM Dilyan Palauzov
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Alessandro Vesely
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Dilyan Palauzov
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Murray S. Kucherawy
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Murray S. Kucherawy
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Murray S. Kucherawy
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Dilyan Palauzov
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Murray S. Kucherawy
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Dilyan Palauzov
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Murray S. Kucherawy
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Brandon Long
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Alessandro Vesely
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Alessandro Vesely
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Dilyan Palauzov
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Дилян Палаузов
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Hector Santos
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Дилян Палаузов
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Дилян Палаузов
- Re: [Ietf-dkim] [dmarc-ietf] DKIM-Signature: r=y … Hector Santos
- Re: [Ietf-dkim] DKIM-Signature: r=y and MLM Hector Santos