내 Mailman 서버에서 DKIM/ARC가 제대로 작동합니까?

내 Mailman 서버에서 DKIM/ARC가 제대로 작동합니까?

Postfix를 사용하여 Mailman 3 서버를 설정했습니다. OpenDKIM을 사용하여 DKIM 헤더를 추가하도록 Postfix를 구성했으며 해당 서버에서 Microsoft 호스팅 이메일 주소로 전송되는 테스트 이메일에 따르면 DKIM이 정상임을 나타냅니다.

Authentication-Results: spf=pass (sender IP is 1.2.3.4)
 smtp.mailfrom=mmserver.org; destination.org; dkim=test (signature was
 verified) header.d=mmserver.org;destination.org; dmarc=bestguesspass
 action=none header.from=mmserver.org;compauth=pass reason=109

(도메인 및 IP 주소 수정/변경됨)

Mailman을 사용하면 DKIM 외에도 ARC가 사용되는데 상황이 맞는지 잘 모르겠습니다.아직올바르게 작동합니다. Mailman 목록으로 전송된 후 동일한 Microsoft 호스팅 이메일 주소로 전달된 테스트 이메일의 결과는 다음과 같습니다.

Received: from AM6EUR05HT027.eop-eur05.prod.protection.outlook.com
 (2603:10a6:10:2b0::12) by DB7P191MB0378.EURP191.PROD.OUTLOOK.COM with HTTPS
 via DU2PR04CA0157.EURPRD04.PROD.OUTLOOK.COM; Tue, 14 Sep 2021 07:13:02 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=fail;
 b=eb5egkxeCkJnvUpwA/HTQ6aYeCJfbfL3yRdCaAhD9aVMwhljOA6V9RhgWVkVHYRpf77BZvw4IztiAU8Y/sUAUAt7s3f77M4qZ37RzOIWktDkKknW8xFxsOQaJIOaxdWjE7L53F51JMmPlOIQ/RgvkIZyiN77GTCCoxhkayzZaL5O8Gc3Rop9kY90sBNRCi/B1DU1keJ45U+KBfnulEWGE3r2DJ9BrfI8WiQCYFIvR1Ryr0wY8uqQiWlitgbfprEl7mkDzR4x/tNUvowVDqltiedfrM3ML7+AHUW4PI2Ih78Uvv6T0+fZHVrRKCOyczU0S9RilRLxMlh+lEtr+Q9GGg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=jmWFlJwqirfiVtLi98SrRrGA3zfBLMBC8UI7ReTsiOc=;
 b=n07Rdb5JFtRW5a+UmP0zCEJLks5YOE8ZLI6tzNU37BgF8rsqXy2K+Mj5N5742DMymdKnUnYF99nUp79v9BxwQX7EUt7mCXOlzjo//yR8QzV5mhqBroHoisznRxs70HzISZFDCwzMKgL1/BM6jIMVKWry9aTIt2Ii8ofS/Unw7coGBPccNtALvjJ585UUt2cVfIWPjVgt/ZPJ3d/RRsiao5Ot/Myhzyo3rHpl4nZHoxFDeWWK5kZ1Gy+hUxIqZWz9UswzX8K+i9OshilBicia/q/0RHpUCg1vNQsEIQYMRsNTDmvh+moPz2SVDhgLgJ7UOVjSMaO87T2DTacvEykjBg==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is
 1.2.3.4) smtp.rcpttodomain=destination.org
 smtp.mailfrom=mmserver.org; dmarc=bestguesspass action=none
 header.from=mmserver.org; dkim=test (signature was verified)
 header.d=mmserver.org; dkim=fail (signature did not verify)
 header.d=sender.org; arc=fail (47)
Received: from AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
 (2a01:111:e400:fc11::4b) by
 AM6EUR05HT027.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc11::306)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.18; Tue, 14 Sep
 2021 07:13:02 +0000
Authentication-Results: spf=pass (sender IP is 1.2.3.4)
 smtp.mailfrom=mmserver.org; destination.org; dkim=fail (signature did
 not verify) header.d=sender.org;destination.org; dmarc=bestguesspass action=none
 header.from=mmserver.org;compauth=pass reason=109
Received-SPF: Pass (protection.outlook.com: domain of mmserver.org
 designates 1.2.3.4 as permitted sender) receiver=protection.outlook.com;
 client-ip=1.2.3.4; helo=mmserver.org;
Received: from mmserver.org (1.2.3.4) by
 AM6EUR05FT022.mail.protection.outlook.com (10.233.240.168) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4500.18 via Frontend Transport; Tue, 14 Sep 2021 07:13:01 +0000
X-IncomingTopHeaderMarker:
 OriginalChecksum:C027C4C73C859E8BC4DD2D6EB0A2AFC55128E8E6AB569058BEFA2927BD59B759;UpperCasedChecksum:69084D51601C2F94765803933A8A1E513A3CE3B72501EEBE615F8404D9524BF9;SizeAsReceived:5583;Count:36
Received: from ip-172-31-73-169.ec2.internal (localhost [127.0.0.1])
    by mmserver.org (Postfix) with ESMTP id 1EB91BDF09
    for <[email protected]>; Tue, 14 Sep 2021 07:13:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mmserver.org;
    s=mailman; t=1631603581;
    bh=jmWFlJwqirfiVtLi98SrRrGA3zfBLMBC8UI7ReTsiOc=;
    h=Date:To:Subject:List-Id:List-Archive:List-Help:List-Owner:
     List-Post:List-Subscribe:List-Unsubscribe:From:Reply-To:From;
    b=c1hpMtUIu4xFaJHhKlp9wvMuMchhYHt8jZhx7iR79DwnuFFRd/YbDd7AvspoQ4tkb
     ob4ZZRRsX8P0Aw3w2iOOEGVOu7cuJgeOCs3tyjFDb1yfo3GAsbvKeaRQPblbo6Oaob
     bUuo+5OY825Jdk2FoVAKrxqrkrC4q2OsFoVGFIAc=
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=mmserver.org; s=mailman;
 t=1631603580;
 b=MriwQYAoGLx6qYcQ3jvD1X6WZP2bfE7/esgXKfCV7gSfQcLpbd3iwiJVFBD+4TX3jfTcG
 tGL6iZ69TrW2A4QS9zn7j0WbZh0YuDea6OGe0SLqJz3vVsVQJXmiduZET4LVkZKWVOMsghR
 2Bti7RMvNwok2WQzsKkOf+cXmUFDOcg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mmserver.org; s=mailman; t=1631603580; h=from : sender :
 reply-to : subject : date : message-id : to : cc : mime-version :
 content-type : content-transfer-encoding : content-id :
 content-description : resent-date : resent-from : resent-sender :
 resent-to : resent-cc : resent-message-id : in-reply-to : references :
 list-id : list-help : list-unsubscribe : list-subscribe : list-post :
 list-owner : list-archive;
 bh=3DIn1IpjU5aYg7foYX2PvB0NxFt3Yvxu7ufHWw90s3M=;
 b=fNNEcs1c31725Mfmd4md62MVMIRbGHfnDf3SHY+W5Yz+Cb5RTYJhCpoSA6VpFUSgeGEYT
 DsjJDpwSbXucdbc2ar1s2TcZpshXBtGb7XSxdJy3ZWpGJ+nZdX+OvBTz8OvtggE6W/W/+KH
 41/BqNmfc1MKlWsJH+q0cdwChifyo2I=
ARC-Authentication-Results: i=1; mmserver.org; dkim=pass header.d=sender.org [email protected] header.a=rsa-sha256
 header.s=google header.b=xCTkYbMD;
  dkim-atps=neutral;
  arc=none;
  dmarc=pass (Used From Domain Record) header.from=sender.org policy.dmarc=none
Authentication-Results-Original: mmserver.org; dkim=pass
 header.d=sender.org [email protected] header.a=rsa-sha256 header.s=google
 header.b=xCTkYbMD; dkim-atps=neutral; arc=none; dmarc=pass (Used From Domain
 Record) header.from=sender.org policy.dmarc=none
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173])
    by mmserver.org (Postfix) with ESMTPS id 99732BDF09
    for <[email protected]>; Tue, 14 Sep 2021 07:12:58 +0000 (UTC)
Received: by mail-pl1-f173.google.com with SMTP id n4so7551535plh.9
        for <[email protected]>; Tue, 14 Sep 2021 00:12:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sender.org; s=google;
        h=mime-version:from:date:message-id:subject:to;
        bh=3DIn1IpjU5aYg7foYX2PvB0NxFt3Yvxu7ufHWw90s3M=;
        b=xCTkYbMDUx+tagAdAlyZE+awc/wc1iCI/PWp0jeuJFDM23WMTGo24PJjUFfCV4DH5G
         fKko+n5wov5IKcBpjLvcmg2OGuOQPGAl1ATWtCbl+SgZD4LBWftNLVz3XxJq2IDxb3me
         WF+IHsh3nunXExR17sEQx12pbXPhGmmy3G8We7jrZOLVfX0oRZ8Y6QiY1ACetrQ/FlyZ
         /T4axvHlXsiceP6rr6HwvHdj8XN2NbjkXZF265tfc/l2EdVXyTJlnhxxuxXFGTcBIPN1
         OZadmYo5Q8VCsg78leQDp8eBAATL9JwUmFUDhL2U8KCWKXCCQJ4qVKReEqJB4PK5l5hZ
         4nmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=3DIn1IpjU5aYg7foYX2PvB0NxFt3Yvxu7ufHWw90s3M=;
        b=4mwQclptSSJQVxNaNlxhXDyNREM5qDVMMr8a2AvZFBoVQ6k8z1B8bMkEZB5I32NRnR
         BNTQUy7XQ2rVx171IgoTC24RPcQvWAd0Eg9+1On7vaMG5bIsY90ED1oavJA5NQ2KVXXn
         vVLr7JcKg0fsuk/xoy9bzRCZ5D5nYGYE6dCPb20iTTInM2QaXQgpoCElv0PQ7N3lvLeL
         KXqrhDc9bMVqbYNmu7rIkdAI+N6iY0IB+mMF16GTSM6RlMOuthl1jEQP4QK/7ShupDIM
         DFWC4U1vdK0+LA5Ep0ajUzgRLAK0k6GqBa+MlOsTxaYCHfruFzVGMYLu+BGhvlK+auc0
         J/SA==
X-Gm-Message-State: AOAM530xf2FH9mmbMhx3lhbVy3KOURBUXCxFSudsrgoQ/IHguihpAlkq
    fdjxxPp3FZqmjlPEPCHf6YHBtWkKPAk7jmICOiu0mHBYPA28SvgG
X-Google-Smtp-Source: ABdhPJx9DHXrQn1DY+0svX/d2C3cT/h78ckSVX6QV//8wP5/4oBzLKHy5TqrppqktHiH0uZ4L+MDNmPNm1KPNNzet1s=
X-Received: by 2002:a17:90a:f192:: with SMTP id bv18mr472417pjb.134.1631603577579;
 Tue, 14 Sep 2021 00:12:57 -0700 (PDT)
Date: Tue, 14 Sep 2021 08:12:48 +0100
Message-ID: <CAKTSSTiPRjknheqN7QbvEZAzscCyRePz4JvQB1fDa39xuShMSA@mail.gmail.com>
To: [email protected]
Message-ID-Hash: ORMUWLHDNPOVZ24JYJ3PMESIUSRL7XCC
X-Message-ID-Hash: ORMUWLHDNPOVZ24JYJ3PMESIUSRL7XCC
X-MailFrom: [email protected]
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.4
Precedence: list
Subject: [Test] How does your garden grow?
List-Id: <test.mmserver.org>
List-Help: <mailto:[email protected]?subject=help>
List-Owner: <mailto:[email protected]>
List-Post: <mailto:[email protected]>
List-Subscribe: <mailto:[email protected]>
List-Unsubscribe: <mailto:[email protected]>
From: Philip Colmer via Test <[email protected]>
Reply-To: Philip Colmer <[email protected]>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-IncomingHeaderCount: 36
Return-Path: [email protected]
X-MS-Exchange-Organization-ExpirationStartTime: 14 Sep 2021 07:13:01.9563
 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
 8da823d6-328d-433c-6822-08d9774f16e0
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource:
 AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 9/14/2021 7:12:57 AM
X-MS-Office365-Filtering-Correlation-Id: 8da823d6-328d-433c-6822-08d9774f16e0
X-MS-TrafficTypeDiagnostic: AM6EUR05HT027:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 1.2.3.4
X-SID-PRA: [email protected]
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-AtpMessageProperties: SA|SL
X-MS-Exchange-Organization-SCL: 0
X-Microsoft-Antispam: BCL:0;
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2021 07:13:01.8683
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8da823d6-328d-433c-6822-08d9774f16e0
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
 AM6EUR05FT022.eop-eur05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6EUR05HT027
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.9874238
X-MS-Exchange-Processed-By-BccFoldering: 15.20.4500.018
X-Microsoft-Antispam-Mailbox-Delivery:
    abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;ENG:(5062000283)(90000117)(91040095)(91044021)(91045095)(9050020)(9060116)(9100336)(5061607266)(5061608174)(4900116)(2008001114)(2008000189)(4920091)(6250099)(4950132)(4990091);
X-Message-Info:
    5vMbyqxGkdefRiIkrqg4ZwpGLfyUyJn4v5cLoN5lKwXdusI/i41s1qBGsktqj/swtQInJ01+vhFDsyZNXWXqrj0a99+1or22N3ukmdiSyb1k1ptz10WM/SSCU9mbDX6xYzh1iipr2J9mGgoqib5s1JOfhLrVHogoibBIRTGVaeukc7ecTQyRj4ux3Nwhmt43YYWKeqDG4XgX8obB2vWFqw==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0tMQ==
X-Microsoft-Antispam-Message-Info:
    =?us-ascii?Q?g0Qa183Yfq7SY4i7wKx716EEM1w+IyCwbRK9aOFS0Ep+WmpHoOy5Mq966RH7?=
 =?us-ascii?Q?9RGYWFY1IfZ2w0/ytYgAPbgXGg5okckkKLB3ZKlxNlnfDk/nySn8C6RlCu/t?=
 =?us-ascii?Q?V6A+kb6zzWQI+PvdwNu1jQew8agjL2Yg8SHSrZJisyu/i5B9cTNrHZTYvX3w?=
 =?us-ascii?Q?uz9Ozh1NW9HkJTxWtXYTCKtLieIWGobTQbm8fYLF56QCyRJ/sMYWuCwqS1F5?=
 =?us-ascii?Q?fnsXlwODnSocVPvp2o3SeQXP8xsZ4zT+BX2QRVQG8h7+1iXk9YMNvPkLmIZN?=
 =?us-ascii?Q?QFZbPndZUuQs9NLggIjHnNkIMBboM+J9C8LBw3V3hm6F1zpHHj8hCGRUSZ4l?=
 =?us-ascii?Q?XaKZRgKU2G/TSyG1leZYA500/bUGq+1WIcmDt0r7CUc6FLut3toh/roeRjtW?=
 =?us-ascii?Q?ZmtOwwUTonV4L5h0L7xU4Z+R9EWr9lltQVzXTicTgtrkK32cekaHBL75q+h+?=
 =?us-ascii?Q?siwo3kUnFJbpeF73jSYExCXeez/DBILLqfGstDQ0bujnK19S7U1RNai1MzOn?=
 =?us-ascii?Q?BRevh9pn+DzRqiJl3fvMCl9IuARFm9ikxvZXVROuX2hHAliC9rv8OeBH2UWF?=
 =?us-ascii?Q?Agdb/l+3/X4/GoDLMSDfZevqRjk+T+lke7rNTQoq430CpI85izZCSu3OU+es?=
 =?us-ascii?Q?DNlxMI3x4G7eHZAHTaC6h8AN/1KDymKmLF2Cim/wyVdoZJW6i9GRBJ4eMAB4?=
 =?us-ascii?Q?iGGErK5+hPfBPYPpcbFHouJspu6q51ijmY3u/tSivCdveYGEboYopxTLn+qq?=
 =?us-ascii?Q?TKs7XM+U2ZcnV9Y4FzICuhkPzT4KNuIWhu4p+zbaFbtpBVhMHy02mv7pEEgZ?=
 =?us-ascii?Q?dvAKMghz0KxeloCEuV5Wg8Lf9ODixXm6v87r0zayges5sK+kHo8o9TkujXBw?=
 =?us-ascii?Q?slz5LBpRKEM+jpuy6jZLZT2AP0Y+wgmkmGZ+DFZ6+WNR35NWprI/qwAsKwRk?=
 =?us-ascii?Q?ZkPn8fAsYIYDCq4QJWtE9ni4HG2dNgONZ3/bRiQPKyp7eWoqA7bJa06r0fVc?=
 =?us-ascii?Q?treJR24f8ritZD/lmZbsb907n/qQrB1lGGtp/YFv82onwV1gd+398pVU9FM9?=
 =?us-ascii?Q?N19gzh6Z+abRCDRybKg9q00ooajOolfuZrBWGh6Elrqz9mlUE41MH7v/gRfS?=
 =?us-ascii?Q?9zh2D5b1ONLz?=
MIME-Version: 1.0

이는 하나의 DKIM 부분이 통과했지만(서명이 확인됨) 다른 DKIM 부분이 실패했음을 암시하는 것 같습니다(서명이 확인되지 않음). 이것이 전반적으로 아크가 실패한 것으로 표시되는 이유입니까?

DKIM이 지속적으로 작동하지 않는 방식으로 구성이 잘못되었을 수 있는 부분을 이해하려고 애쓰고 있습니다. 도움을 주시면 감사하겠습니다 :)

Mailman이 생성한 이메일의 전체 헤더를 포함하도록 편집되었습니다.

또한 Mailman 목록에서 누군가가 Mailman의 ARC 처리기에서 Postfix용 밀터로 전환할 것을 제안했습니다. OpenARC를 보기 시작했지만 문서가 부족합니다.

답변1

내 Mailman 서버에서 DKIM/ARC가 제대로 작동합니까?

아니요i=2, 귀하( ) 이후 첫 번째 ARC-Validator( )가 i=1다음과 같이 주장하는 경우체인이 끊어졌습니다( cv=fail) 그러면 뭔가 제대로 작동하지 않습니다.

헤더의 순서로 인해 거의 확실합니다.당신은밀봉~ 전에서명.

모든 메시지 수정(DKIM 서명 헤더 필드 추가 포함)은 봉인 전에 수행되어야 합니다. -- RFC8617: 인증된 수신 체인(ARC) 프로토콜

어떤 소프트웨어가 관련되어 있고 어떤 인터페이스를 통해 Postfix(SMTP, milter, 필터, 정책 등)에 통합되는지에 따라 ARC 프로토콜 설명의 요구 사항을 준수하는 것이 다소 쉬울 수 있습니다. 여기에는 와 같은 Postfix 구성의 항목 재정렬이 포함될 수 있습니다 smtpd_milters.

그래요~ 아니다그것만으로도 문제가 해결될지 알 수 있습니다.

Microsoft가 아닌 타사에서 귀하의 DKIM 및 ARC 인증을 확인하도록 하는 것이 좋습니다. 명확하게 정의되지 않은 인증 결과( dmarc=bestguesspass, dkim=test)가 언급되어 있으며, Microsoft가 일반적인 기대에서 벗어나 수신 시 완벽하게 미세한 DKIM 서명을 깨뜨린 다음 이를 확인하지 못하는 경우도 보았습니다.

관련 정보