adding/enabling 'SignHeaders' in v1.2.2 config causes fail 2 sign, "DKIM: The From header field MUST be signed",
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy-milter |
Fix Released
|
Medium
|
Scott Kitterman |
Bug Description
i've installed
pip show dkimpy-milter
Name: dkimpy-milter
Version: 1.2.2
Summary: Domain Keys Identified Mail (DKIM) signing/verifying milter for Postfix/Sendmail.
Home-page: https:/
Author: Scott Kitterman
Author-email: <email address hidden>
License: UNKNOWN
Location: /usr/local/
Requires: pymilter, PyNaCl, Py3DNS, dkimpy, authres
Required-by:
on
python -V
Python 3.8.6
grep _NAME /etc/os-release
PRETTY_
CPE_NAME=
as an outbound, signing milter for
postconf mail_version
mail_version = 3.5.7
with config,
dkimpy-milter.conf
...
#SignHeaders
...
outbound mail's correctly signed
Oct 25 14:21:07 mx.example.com dkimpy-
Oct 25 14:21:07 mx.example.com dkimpy-
Oct 25 14:21:07 mx.example.com dkimpy-
and verifies/passes at all test sites.
adding _any_ SignHeaders values to config, changing _only_
dkimpy-milter.conf
...
- #SignHeaders
...
+ SignHeaders From
or
+ SignHeaders From,Sender,
or
+ SignHeaders From,Sender,
outbound mail -- (re)sending the same mail -- logs,
Oct 25 14:59:32 mx.example.com dkimpy-
Oct 25 14:59:32 mx.example.com dkimpy-
Oct 25 14:59:32 mx.example.com dkimpy-
and the mail's sent unsigned.
Changed in dkimpy-milter: | |
status: | Triaged → Fix Committed |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in dkimpy-milter: | |
status: | Fix Committed → Fix Released |
Workaround: Place to-be-signed header names - one per line, oversigned headers occurring twice - in a separate file.
SignHeaders file:/etc/ dkimpy- milter/ headers
The config parser does not read comma separated lists as expected for OpenDKIM compatibility, but the file option works.