Configuré un servidor Mailman 3 con Postfix. Configuré Postfix para agregar encabezados DKIM usando OpenDKIM y un correo electrónico de prueba desde ese servidor a una dirección de correo electrónico alojada en Microsoft sugiere que DKIM está bien:
Authentication-Results: spf=pass (sender IP is 1.2.3.4)
smtp.mailfrom=mmserver.org; destination.org; dkim=test (signature was
verified) header.d=mmserver.org;destination.org; dmarc=bestguesspass
action=none header.from=mmserver.org;compauth=pass reason=109
(Dominios y dirección IP redactados/cambiados)
Con Mailman, se usa ARC además de DKIM y no estoy seguro de si las cosas están bien.aúnfuncionando correctamente. Un correo electrónico de prueba enviado a una lista de Mailman y luego entregado a la misma dirección de correo electrónico alojada en Microsoft genera estos encabezados:
Received: from AM6EUR05HT027.eop-eur05.prod.protection.outlook.com
(2603:10a6:10:2b0::12) by DB7P191MB0378.EURP191.PROD.OUTLOOK.COM with HTTPS
via DU2PR04CA0157.EURPRD04.PROD.OUTLOOK.COM; Tue, 14 Sep 2021 07:13:02 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=fail;
b=eb5egkxeCkJnvUpwA/HTQ6aYeCJfbfL3yRdCaAhD9aVMwhljOA6V9RhgWVkVHYRpf77BZvw4IztiAU8Y/sUAUAt7s3f77M4qZ37RzOIWktDkKknW8xFxsOQaJIOaxdWjE7L53F51JMmPlOIQ/RgvkIZyiN77GTCCoxhkayzZaL5O8Gc3Rop9kY90sBNRCi/B1DU1keJ45U+KBfnulEWGE3r2DJ9BrfI8WiQCYFIvR1Ryr0wY8uqQiWlitgbfprEl7mkDzR4x/tNUvowVDqltiedfrM3ML7+AHUW4PI2Ih78Uvv6T0+fZHVrRKCOyczU0S9RilRLxMlh+lEtr+Q9GGg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=jmWFlJwqirfiVtLi98SrRrGA3zfBLMBC8UI7ReTsiOc=;
b=n07Rdb5JFtRW5a+UmP0zCEJLks5YOE8ZLI6tzNU37BgF8rsqXy2K+Mj5N5742DMymdKnUnYF99nUp79v9BxwQX7EUt7mCXOlzjo//yR8QzV5mhqBroHoisznRxs70HzISZFDCwzMKgL1/BM6jIMVKWry9aTIt2Ii8ofS/Unw7coGBPccNtALvjJ585UUt2cVfIWPjVgt/ZPJ3d/RRsiao5Ot/Myhzyo3rHpl4nZHoxFDeWWK5kZ1Gy+hUxIqZWz9UswzX8K+i9OshilBicia/q/0RHpUCg1vNQsEIQYMRsNTDmvh+moPz2SVDhgLgJ7UOVjSMaO87T2DTacvEykjBg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
1.2.3.4) smtp.rcpttodomain=destination.org
smtp.mailfrom=mmserver.org; dmarc=bestguesspass action=none
header.from=mmserver.org; dkim=test (signature was verified)
header.d=mmserver.org; dkim=fail (signature did not verify)
header.d=sender.org; arc=fail (47)
Received: from AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
(2a01:111:e400:fc11::4b) by
AM6EUR05HT027.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc11::306)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.18; Tue, 14 Sep
2021 07:13:02 +0000
Authentication-Results: spf=pass (sender IP is 1.2.3.4)
smtp.mailfrom=mmserver.org; destination.org; dkim=fail (signature did
not verify) header.d=sender.org;destination.org; dmarc=bestguesspass action=none
header.from=mmserver.org;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of mmserver.org
designates 1.2.3.4 as permitted sender) receiver=protection.outlook.com;
client-ip=1.2.3.4; helo=mmserver.org;
Received: from mmserver.org (1.2.3.4) by
AM6EUR05FT022.mail.protection.outlook.com (10.233.240.168) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4500.18 via Frontend Transport; Tue, 14 Sep 2021 07:13:01 +0000
X-IncomingTopHeaderMarker:
OriginalChecksum:C027C4C73C859E8BC4DD2D6EB0A2AFC55128E8E6AB569058BEFA2927BD59B759;UpperCasedChecksum:69084D51601C2F94765803933A8A1E513A3CE3B72501EEBE615F8404D9524BF9;SizeAsReceived:5583;Count:36
Received: from ip-172-31-73-169.ec2.internal (localhost [127.0.0.1])
by mmserver.org (Postfix) with ESMTP id 1EB91BDF09
for <[email protected]>; Tue, 14 Sep 2021 07:13:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mmserver.org;
s=mailman; t=1631603581;
bh=jmWFlJwqirfiVtLi98SrRrGA3zfBLMBC8UI7ReTsiOc=;
h=Date:To:Subject:List-Id:List-Archive:List-Help:List-Owner:
List-Post:List-Subscribe:List-Unsubscribe:From:Reply-To:From;
b=c1hpMtUIu4xFaJHhKlp9wvMuMchhYHt8jZhx7iR79DwnuFFRd/YbDd7AvspoQ4tkb
ob4ZZRRsX8P0Aw3w2iOOEGVOu7cuJgeOCs3tyjFDb1yfo3GAsbvKeaRQPblbo6Oaob
bUuo+5OY825Jdk2FoVAKrxqrkrC4q2OsFoVGFIAc=
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=mmserver.org; s=mailman;
t=1631603580;
b=MriwQYAoGLx6qYcQ3jvD1X6WZP2bfE7/esgXKfCV7gSfQcLpbd3iwiJVFBD+4TX3jfTcG
tGL6iZ69TrW2A4QS9zn7j0WbZh0YuDea6OGe0SLqJz3vVsVQJXmiduZET4LVkZKWVOMsghR
2Bti7RMvNwok2WQzsKkOf+cXmUFDOcg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=mmserver.org; s=mailman; t=1631603580; h=from : sender :
reply-to : subject : date : message-id : to : cc : mime-version :
content-type : content-transfer-encoding : content-id :
content-description : resent-date : resent-from : resent-sender :
resent-to : resent-cc : resent-message-id : in-reply-to : references :
list-id : list-help : list-unsubscribe : list-subscribe : list-post :
list-owner : list-archive;
bh=3DIn1IpjU5aYg7foYX2PvB0NxFt3Yvxu7ufHWw90s3M=;
b=fNNEcs1c31725Mfmd4md62MVMIRbGHfnDf3SHY+W5Yz+Cb5RTYJhCpoSA6VpFUSgeGEYT
DsjJDpwSbXucdbc2ar1s2TcZpshXBtGb7XSxdJy3ZWpGJ+nZdX+OvBTz8OvtggE6W/W/+KH
41/BqNmfc1MKlWsJH+q0cdwChifyo2I=
ARC-Authentication-Results: i=1; mmserver.org; dkim=pass header.d=sender.org [email protected] header.a=rsa-sha256
header.s=google header.b=xCTkYbMD;
dkim-atps=neutral;
arc=none;
dmarc=pass (Used From Domain Record) header.from=sender.org policy.dmarc=none
Authentication-Results-Original: mmserver.org; dkim=pass
header.d=sender.org [email protected] header.a=rsa-sha256 header.s=google
header.b=xCTkYbMD; dkim-atps=neutral; arc=none; dmarc=pass (Used From Domain
Record) header.from=sender.org policy.dmarc=none
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173])
by mmserver.org (Postfix) with ESMTPS id 99732BDF09
for <[email protected]>; Tue, 14 Sep 2021 07:12:58 +0000 (UTC)
Received: by mail-pl1-f173.google.com with SMTP id n4so7551535plh.9
for <[email protected]>; Tue, 14 Sep 2021 00:12:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sender.org; s=google;
h=mime-version:from:date:message-id:subject:to;
bh=3DIn1IpjU5aYg7foYX2PvB0NxFt3Yvxu7ufHWw90s3M=;
b=xCTkYbMDUx+tagAdAlyZE+awc/wc1iCI/PWp0jeuJFDM23WMTGo24PJjUFfCV4DH5G
fKko+n5wov5IKcBpjLvcmg2OGuOQPGAl1ATWtCbl+SgZD4LBWftNLVz3XxJq2IDxb3me
WF+IHsh3nunXExR17sEQx12pbXPhGmmy3G8We7jrZOLVfX0oRZ8Y6QiY1ACetrQ/FlyZ
/T4axvHlXsiceP6rr6HwvHdj8XN2NbjkXZF265tfc/l2EdVXyTJlnhxxuxXFGTcBIPN1
OZadmYo5Q8VCsg78leQDp8eBAATL9JwUmFUDhL2U8KCWKXCCQJ4qVKReEqJB4PK5l5hZ
4nmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=3DIn1IpjU5aYg7foYX2PvB0NxFt3Yvxu7ufHWw90s3M=;
b=4mwQclptSSJQVxNaNlxhXDyNREM5qDVMMr8a2AvZFBoVQ6k8z1B8bMkEZB5I32NRnR
BNTQUy7XQ2rVx171IgoTC24RPcQvWAd0Eg9+1On7vaMG5bIsY90ED1oavJA5NQ2KVXXn
vVLr7JcKg0fsuk/xoy9bzRCZ5D5nYGYE6dCPb20iTTInM2QaXQgpoCElv0PQ7N3lvLeL
KXqrhDc9bMVqbYNmu7rIkdAI+N6iY0IB+mMF16GTSM6RlMOuthl1jEQP4QK/7ShupDIM
DFWC4U1vdK0+LA5Ep0ajUzgRLAK0k6GqBa+MlOsTxaYCHfruFzVGMYLu+BGhvlK+auc0
J/SA==
X-Gm-Message-State: AOAM530xf2FH9mmbMhx3lhbVy3KOURBUXCxFSudsrgoQ/IHguihpAlkq
fdjxxPp3FZqmjlPEPCHf6YHBtWkKPAk7jmICOiu0mHBYPA28SvgG
X-Google-Smtp-Source: ABdhPJx9DHXrQn1DY+0svX/d2C3cT/h78ckSVX6QV//8wP5/4oBzLKHy5TqrppqktHiH0uZ4L+MDNmPNm1KPNNzet1s=
X-Received: by 2002:a17:90a:f192:: with SMTP id bv18mr472417pjb.134.1631603577579;
Tue, 14 Sep 2021 00:12:57 -0700 (PDT)
Date: Tue, 14 Sep 2021 08:12:48 +0100
Message-ID: <CAKTSSTiPRjknheqN7QbvEZAzscCyRePz4JvQB1fDa39xuShMSA@mail.gmail.com>
To: [email protected]
Message-ID-Hash: ORMUWLHDNPOVZ24JYJ3PMESIUSRL7XCC
X-Message-ID-Hash: ORMUWLHDNPOVZ24JYJ3PMESIUSRL7XCC
X-MailFrom: [email protected]
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.4
Precedence: list
Subject: [Test] How does your garden grow?
List-Id: <test.mmserver.org>
List-Help: <mailto:[email protected]?subject=help>
List-Owner: <mailto:[email protected]>
List-Post: <mailto:[email protected]>
List-Subscribe: <mailto:[email protected]>
List-Unsubscribe: <mailto:[email protected]>
From: Philip Colmer via Test <[email protected]>
Reply-To: Philip Colmer <[email protected]>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-IncomingHeaderCount: 36
Return-Path: [email protected]
X-MS-Exchange-Organization-ExpirationStartTime: 14 Sep 2021 07:13:01.9563
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
8da823d6-328d-433c-6822-08d9774f16e0
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource:
AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 9/14/2021 7:12:57 AM
X-MS-Office365-Filtering-Correlation-Id: 8da823d6-328d-433c-6822-08d9774f16e0
X-MS-TrafficTypeDiagnostic: AM6EUR05HT027:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 1.2.3.4
X-SID-PRA: [email protected]
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-Organization-SCL: 0
X-Microsoft-Antispam: BCL:0;
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2021 07:13:01.8683
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8da823d6-328d-433c-6822-08d9774f16e0
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6EUR05HT027
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.9874238
X-MS-Exchange-Processed-By-BccFoldering: 15.20.4500.018
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;ENG:(5062000283)(90000117)(91040095)(91044021)(91045095)(9050020)(9060116)(9100336)(5061607266)(5061608174)(4900116)(2008001114)(2008000189)(4920091)(6250099)(4950132)(4990091);
X-Message-Info:
5vMbyqxGkdefRiIkrqg4ZwpGLfyUyJn4v5cLoN5lKwXdusI/i41s1qBGsktqj/swtQInJ01+vhFDsyZNXWXqrj0a99+1or22N3ukmdiSyb1k1ptz10WM/SSCU9mbDX6xYzh1iipr2J9mGgoqib5s1JOfhLrVHogoibBIRTGVaeukc7ecTQyRj4ux3Nwhmt43YYWKeqDG4XgX8obB2vWFqw==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0tMQ==
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?g0Qa183Yfq7SY4i7wKx716EEM1w+IyCwbRK9aOFS0Ep+WmpHoOy5Mq966RH7?=
=?us-ascii?Q?9RGYWFY1IfZ2w0/ytYgAPbgXGg5okckkKLB3ZKlxNlnfDk/nySn8C6RlCu/t?=
=?us-ascii?Q?V6A+kb6zzWQI+PvdwNu1jQew8agjL2Yg8SHSrZJisyu/i5B9cTNrHZTYvX3w?=
=?us-ascii?Q?uz9Ozh1NW9HkJTxWtXYTCKtLieIWGobTQbm8fYLF56QCyRJ/sMYWuCwqS1F5?=
=?us-ascii?Q?fnsXlwODnSocVPvp2o3SeQXP8xsZ4zT+BX2QRVQG8h7+1iXk9YMNvPkLmIZN?=
=?us-ascii?Q?QFZbPndZUuQs9NLggIjHnNkIMBboM+J9C8LBw3V3hm6F1zpHHj8hCGRUSZ4l?=
=?us-ascii?Q?XaKZRgKU2G/TSyG1leZYA500/bUGq+1WIcmDt0r7CUc6FLut3toh/roeRjtW?=
=?us-ascii?Q?ZmtOwwUTonV4L5h0L7xU4Z+R9EWr9lltQVzXTicTgtrkK32cekaHBL75q+h+?=
=?us-ascii?Q?siwo3kUnFJbpeF73jSYExCXeez/DBILLqfGstDQ0bujnK19S7U1RNai1MzOn?=
=?us-ascii?Q?BRevh9pn+DzRqiJl3fvMCl9IuARFm9ikxvZXVROuX2hHAliC9rv8OeBH2UWF?=
=?us-ascii?Q?Agdb/l+3/X4/GoDLMSDfZevqRjk+T+lke7rNTQoq430CpI85izZCSu3OU+es?=
=?us-ascii?Q?DNlxMI3x4G7eHZAHTaC6h8AN/1KDymKmLF2Cim/wyVdoZJW6i9GRBJ4eMAB4?=
=?us-ascii?Q?iGGErK5+hPfBPYPpcbFHouJspu6q51ijmY3u/tSivCdveYGEboYopxTLn+qq?=
=?us-ascii?Q?TKs7XM+U2ZcnV9Y4FzICuhkPzT4KNuIWhu4p+zbaFbtpBVhMHy02mv7pEEgZ?=
=?us-ascii?Q?dvAKMghz0KxeloCEuV5Wg8Lf9ODixXm6v87r0zayges5sK+kHo8o9TkujXBw?=
=?us-ascii?Q?slz5LBpRKEM+jpuy6jZLZT2AP0Y+wgmkmGZ+DFZ6+WNR35NWprI/qwAsKwRk?=
=?us-ascii?Q?ZkPn8fAsYIYDCq4QJWtE9ni4HG2dNgONZ3/bRiQPKyp7eWoqA7bJa06r0fVc?=
=?us-ascii?Q?treJR24f8ritZD/lmZbsb907n/qQrB1lGGtp/YFv82onwV1gd+398pVU9FM9?=
=?us-ascii?Q?N19gzh6Z+abRCDRybKg9q00ooajOolfuZrBWGh6Elrqz9mlUE41MH7v/gRfS?=
=?us-ascii?Q?9zh2D5b1ONLz?=
MIME-Version: 1.0
Esto parece sugerir que una pieza DKIM pasó (se verificó la firma) pero otra pieza DKIM falló (no se verificó la firma). ¿Es por eso que, en general, el arco está marcado como fallido?
Me cuesta entender dónde es posible que haya cosas mal configuradas de manera que DKIM no funcione de manera consistente. Cualquier ayuda se agradece :)
Editado para incluir encabezados completos del correo electrónico generado por Mailman.
Además, en una lista de Mailman, alguien sugirió cambiar del controlador ARC de Mailman a un milter para Postfix. Empecé a buscar en OpenARC pero la documentación es escasa.
Respuesta1
¿DKIM/ARC funciona correctamente en mi servidor Mailman?
No, si el primer validador ARC ( i=2) después de usted ( i=1) afirma quela cadena esta rota( cv=fail) entonces algo no funciona correctamente.
Debido al orden de sus encabezados, estoy casi seguroeressellandoantesfirma.
Todas las modificaciones del mensaje (incluida la adición de campos de encabezado de firma DKIM) DEBEN realizarse antes del sellado. -- RFC8617: Protocolo de cadena recibida autenticada (ARC)
Dependiendo del software involucrado y a través de qué interfaz se integran en Postfix (SMTP, milter, filter, Policyd,...) puede ser más o menos fácil cumplir con la demanda de la descripción del protocolo ARC. Esto puede implicar reordenar entradas en la configuración de Postfix, como smtpd_milters.
sínosaber si eso por sí solo resolvería su problema.
Aun así, recomendaría dejar que alguien que no sea de Microsoft verifique su sello DKIM y ARC. Se mencionan resultados de autenticación ( dmarc=bestguesspass, dkim=test) que no están claramente definidos, y he visto a Microsoft desviarse de las expectativas comunes, incluso rompiendo firmas DKIM perfectamente correctas al recibirlas y luego verificándolas sin éxito.