Subject: The mailing list for listmasters using Sympa
List archive
Re: [en@sympa] No certificate conversion for forwarding
- From: Ralph Ballier <address@concealed>
- To: IKEDA Soji <address@concealed>
- Cc: En <address@concealed>
- Subject: Re: [en@sympa] No certificate conversion for forwarding
- Date: Sat, 22 Mar 2025 12:53:00 +0100
Hi ikedas,
thank you very much for your suggestion.
With the support of ChatGPT, I’ve now managed to get everything working.
It’s truly impressive — and something to be grateful for — that one can rely on such a well-established and mature piece of software.
That said, I did notice one aspect where there might be room for improvement: the documentation. Understandably, over the years the focus has evolved, and it’s clear that security-related topics weren’t a major concern in earlier stages. As a result, more recent issues such as SPF, DKIM, ARC, and DMARC are treated as add-ons in separate sections rather than being integrated into the core documentation. It often takes several unsuccessful attempts to even realize that these critically important topics are only covered peripherally.
I believe that, given today’s security landscape, it would be worthwhile to incorporate them more centrally into the main documentation.
Regards,
Ralph
Am 19.03.2025 01:01, schrieb IKEDA Soji:
Hi Ralph,
Since your question is entirely about opendkim, could you please ask it in the community for that software?
Regards,
-- ikedas
2025/03/18 20:44:29 Ralph Ballier <address@concealed>:
Hello,
I have the following problem, illustrated here with an example:
I send an email as r"address@concealed" to a list on the sympaserver sympa.schule.de. There, the previous certificate must be replaced by a new certificate before redistribution.
This does not work, as the last lines of “journalctl -u opendkim --no-pager” show below.
There are at least two errors: It searches for a signing table for address@concealed and finally there is still “web.de”, which should actually be replaced by “sympa.schule.de”.
What can I do?
Best Regards,
Ralph
Mär 18 12:31:06 sympa.schule.de opendkim[438350]: 8DA6A4052A: mout.web.de [212.227.17.12] not internal
Mär 18 12:31:06 sympa.schule.de opendkim[438350]: 8DA6A4052A: not authenticated
Mär 18 12:31:06 sympa.schule.de opendkim[438350]: 8DA6A4052A: signature=fLpUG667 domain=web.de selector=s29768273 result="no signature error"
Mär 18 12:31:06 sympa.schule.de opendkim[438350]: 8DA6A4052A: DKIM verification successful
Mär 18 12:31:06 sympa.schule.de opendkim[438350]: 8DA6A4052A: s=s29768273 d=web.de a=rsa-sha256 SSL
Mär 18 12:31:07 sympa.schule.de opendkim[438350]: CE88C4052A: no signing table match for 'address@concealed'
Mär 18 12:31:07 sympa.schule.de opendkim[438350]: CE88C4052A: signature=fLpUG667 domain=web.de selector=s29768273 result="signature verification failed"
Mär 18 12:31:07 sympa.schule.de opendkim[438350]: CE88C4052A: s=s29768273 d=web.de a=rsa-sha256 SSL error:02000068:rsa routines::bad signature
Mär 18 12:31:07 sympa.schule.de opendkim[438350]: CE88C4052A: bad signature data
-
[en@sympa] No certificate conversion for forwarding,
Ralph Ballier, 03/18/2025
-
Re: [en@sympa] No certificate conversion for forwarding,
IKEDA Soji, 03/19/2025
- Re: [en@sympa] No certificate conversion for forwarding, Ralph Ballier, 03/22/2025
-
Re: [en@sympa] No certificate conversion for forwarding,
IKEDA Soji, 03/19/2025
Archive powered by MHonArc 2.6.19+.