The mailing list for listmasters using Sympa

[Tom Fillmore <address@concealed>]

Hi -

We have the same issue with regard to rewriting of links / failing DKIM on messages sent to and from those who use Office online.  It's not uncommon for links posted in a mail to go from the usual 25-ish characters to 3 or 4 lines long and links in any part of a forwarded message are anyone's guess.  Example: an office 365 user reached out asking why links were taking up half their phone screen; it was fine on my screen (protonmail) so I asked them to forward it on to me.  They weren't kidding.

Joseph, I appreciate your diligence.  To me this is a classic case of the 'ol MS 'it works on my machine, you should use our product' mentality.  Security and safety are great, but is this the best they can do?

Thanks

Tom Fillmore

southern California

The earth is but one country and mankind its citizens...

- Baha'u'llah

On Wednesday, November 15th, 2023 at 8:33 AM, Joe Meslovich <address@concealed> wrote:

It may be some time until we have other examples.  We are still testing Sympa and haven't stumbled on anything else yet that is failing.  I will update you if we discover anything else.  The only thing failing so far is the message a moderator gets when someone posts to a moderated list.  It contains an attachment and links to accepting or rejecting the message.  We use Exchange Online and have the feature turned on that re-writes links to check them for phishing and malware.  However I believe the re-write of the links happens after the message is accepted by Exchange Online and the DKIM signature is verified.  So testing messages after the fact if we download the .eml will fail the body hash because the links have been re-written.  

Joseph Meslovich

Network Administrator & IT Security Officer
Information Technology Center
Bridgewater College
Phone: 540-828-5343 | bridgewater.edu

---

From: IKEDA Soji <address@concealed>
Sent: Tuesday, November 14, 2023 5:57 PM
To: Joe Meslovich <address@concealed>
Cc: address@concealed <address@concealed>
Subject: Re: [en@sympa] Moderation messages failing DKIM verification

 

[You don't often get email from address@concealed. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Hi,

> 2023/11/14 0:59、Joe Meslovich <address@concealed>のメル:
>
> I’m not seeing anything obviously wrong with the DKIM signature.  The moderation message listed a slightly different list of header values that it expects to be hashed in the verification than the other DKIM signed messages coming from Sympa.  Is there some specific setting I should be looking at for when DKIM is failing for moderation emails but not other DKIM signed messages?

And what is different in the moderation message from the other messages? Could you please show some examples?

Regards,

― Soji