[prev in list] [next in list] [prev in thread] [next in thread]
List: fail2ban-users
Subject: [Fail2ban-users] list works wrong - DKIM signatures are failing
From: Peter Heirich <maillist.fail2ban () mail ! heirich ! name>
Date: 2021-04-14 18:29:51
Message-ID: 0b61a6ad-0a1d-cbcf-c9d0-612d3490026f () mail ! heirich ! name
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
because of fighting spam i modified DMARC policy to report failing mails.
It isn't not only my system which claims wrong DKIM signatures, got
reports about same errors from 3 other systems because of DMARC report
policy.
Authentication-Results: austria136.server4you.de (amavisd-new);
dkim=fail (1024-bit key) reason="fail (message has been altered)"
header.d=sourceforge.net header.b=XZAQVe+w; dkim=fail (1024-bit key)
reason="fail (message has been altered)" header.d=sf.net
header.b=ZF/dO/0J; dkim=fail (1024-bit key)
reason="fail (body has been altered)" header.d=mail.heirich.name
header.b=Dgo6O7AQ
Of course, failing of my own DKIM signature is expected behavior.
However, the list added DKIM signatures of sf.net and sourceforge.net. And these signatures should fit !
They should be made after the mailing-list had done modifications.
Please note, that this probably isn't a incorrect setup of my systems, because i got DMARC reports like:
This is an authentication failure report for an email message received
from IP
216.105.38.7 on Wed, 14 Apr 2021 16:06:34 +0000 (UTC).
Feedback-Type: auth-failure
Version: 1
User-Agent: OpenDMARC-Filter/1.4.1
Auth-Failure: dmarc
Authentication-Results: prime.gushi.org; dmarc=fail
header.from=mail.heirich.name
Original-Envelope-Id: 13EG6W3R084103
Original-Mail-From: fail2ban-users-bounces@lists.sourceforge.net
Source-IP: 216.105.38.7 (lists.sourceforge.net)
Reported-Domain: mail.heirich.name
DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 13EG6W3R084103
Authentication-Results: prime.gushi.org;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=sourceforge.net header.i=@sourceforge.net
header.b=XZAQVe+w;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=sf.net header.i=@sf.net header.b=ZF/dO/0J;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=mail.heirich.name header.i=@mail.heirich.name
header.b=Dgo6O7AQ
regards Peter
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>because of fighting spam i modified DMARC policy to report
failing mails.</p>
<p>It isn't not only my system which claims wrong DKIM signatures,
got reports about same errors from 3 other systems because of
DMARC report policy.</p>
<p><br>
</p>
<pre>Authentication-Results: austria136.server4you.de (amavisd-new);
dkim=fail (1024-bit key) reason="fail (message has been altered)"
header.d=sourceforge.net header.b=XZAQVe+w; dkim=fail (1024-bit key)
reason="fail (message has been altered)" header.d=sf.net
header.b=ZF/dO/0J; dkim=fail (1024-bit key)
reason="fail (body has been altered)" header.d=mail.heirich.name
header.b=Dgo6O7AQ
Of course, failing of my own DKIM signature is expected behavior.
However, the list added DKIM signatures of sf.net and sourceforge.net. And these \
signatures should fit ! They should be made after the mailing-list had done \
modifications.
Please note, that this probably isn't a incorrect setup of my systems, because i got \
DMARC reports like:</pre> This is an authentication failure report for an email \
message received from IP<br>
216.105.38.7 on Wed, 14 Apr 2021 16:06:34 +0000 (UTC).<br>
<br>
<br>
Feedback-Type: auth-failure<br>
Version: 1<br>
User-Agent: OpenDMARC-Filter/1.4.1<br>
Auth-Failure: dmarc<br>
Authentication-Results: prime.gushi.org; dmarc=fail
header.from=mail.heirich.name<br>
Original-Envelope-Id: 13EG6W3R084103<br>
Original-Mail-From: <a class="moz-txt-link-abbreviated" \
href="mailto:fail2ban-users-bounces@lists.sourceforge.net">fail2ban-users-bounces@lists.sourceforge.net</a><br>
Source-IP: 216.105.38.7 (lists.sourceforge.net)<br>
Reported-Domain: mail.heirich.name<br>
<br>
<br>
DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 13EG6W3R084103<br>
Authentication-Results: prime.gushi.org;<br>
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=sourceforge.net <a class="moz-txt-link-abbreviated" \
href="mailto:header.i=@sourceforge.net">header.i=@sourceforge.net</a> \
header.b=XZAQVe+w;<br> dkim=fail reason="signature verification failed" (1024-bit \
key; unprotected) header.d=sf.net <a class="moz-txt-link-abbreviated" \
href="mailto:header.i=@sf.net">header.i=@sf.net</a> header.b=ZF/dO/0J;<br> <p> \
dkim=fail reason="signature verification failed" (1024-bit key; unprotected) \
header.d=mail.heirich.name
<a class="moz-txt-link-abbreviated" \
href="mailto:header.i=@mail.heirich.name">header.i=@mail.heirich.name</a> \
header.b=Dgo6O7AQ</p> <p><br>
</p>
<p>regards Peter</p>
<p><br>
</p>
</body>
</html>
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic