Re: switching from exim to postfix
On Wed, 2 May 2012, Scott Kitterman <debian@kitterman.com> wrote:
> > It would be possible for a DKIM verification program to re-encode 7bit
> > messages to 8bit for a second attempt at verification. But if a DKIM
> > milter author was going to do tricky things then a better first option
> > would be to try removing anything between [] in the subject line which
> > is the most common cause of DKIM failures that I see on valid mail.
>
> That and mailing list footers.
Footers can be solved with the l= flag. The threat of a hostile party
appending data to a message probably isn't something you really worry about
when posting to a mailing list.
It would be possible for a DKIM signing program to use l= for every message
which has a recipient address containing the string "list".
> Receivers are, of course, free to manage inbound mail filtering however
> they want, but if you take a message and try to recode it from 7 bit to 8
> bit and see if a DKIM signature passes verification, it's still not a
> valid DKIM signature in any sense that RFC 4871 or its successors would
> recognize.
If a milter replaced the message body such that it matched then it would be.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: