BUG #18822: mailing lists reject mails due to DKIM-signature

The following bug has been logged on the website:

Bug reference: 18822
Logged by: Matthias Apitz
Email address: gurucubano(at)googlemail(dot)com
PostgreSQL version: 16.5
Operating system: SuSE Linux SLES 15 SP6
Description:

This is not strictly a PostgreSQL software problem, but one of the
configuration and administration of the community mailing list. Please
change the place for this issue accordingly.

I'm an active member of the community for many years (check the archives for
my name). Since some days, all my mails to the PostgreSQL lists get rejected
with a message:

Your message to pgsql-bugs with subject



Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in

Logs



has been rejected by a moderator and will not be posted.

The reason given for rejection was:



This email has a DKIM signature on the List- headers of

the email, indicating that it is not allowed to pass this

email on through a mailinglist
...

I investigated this on my side and the reason is that my ISP 1blu.de adds
since January 20 2025 a DKIM-Signature to all my outgoing mails of:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=unixarea.de
; s=blu3434000;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:
Reply-To:Message-ID:Subject:To:From:Date:Sender:Cc:Content-ID:


Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc


:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=mUXCo4CB5VS0jsNsC2LeR8NOxLomD73G556GgsVmluA=;
b=nlMvRnatrYiMjStI6F/rnF2zbZ

DqqjgqpA4fezouBgwHPPz+VAN+msCPqY+I6oQa1B6eP5bNZhr9bi8UCvVvRmTWX+LC74GdzsYsfR9


5zDhdwYSgxaU6fW4CbtGfhZT+v/lH+x2sPi3OEdBPIEdeuHstof32yzBm00xnRX0MttjZx8E9ReyG


GHBKSuWo9f80m9Y4VamhplV99V5aMxJZOU+MNVU/Jfdj9h4Q5aMfEtwT+SOCPBBoze7wFOpXRvQOd


MdYA7FtH3uUlpMn0FwqpopXHqTl7Xs+cKxT/AZwRnogqdwsFmQg3fMf0/Tr8gMAPGluXkdpC8kKog

qw+9X8Sg==;

i.e. the header lines of List-* are part of the DKIM signed lines.

I can't change this, as the signing is done by the MTA of 1blu.de. I raised
a ticket there, but without any luck until now.

On the other hand, the RFC 6576 explicitly allows this, see the chapter

5.4.1. Recommended Signature Content

and explains in B.2.3. Mailing Lists and Re-Posters
what mailing-list should do:

A Forwarder that does not modify the body or signed header fields of
a message is likely to maintain the validity of the existing
signature. It also could choose to add its own signature to the
message. ...

Rejecting the mails should not be done and is IMHO a bug!
Please fix this.