Re: Proof of concept: Mailing list "software" without MTA

To: debian-user@lists.debian.org
Subject: Re: Proof of concept: Mailing list "software" without MTA
From: rhkramer@gmail.com
Date: Fri, 26 Oct 2018 17:56:15 -0400
Message-id: <[🔎] 201810261756.16052.rhkramer@gmail.com>
In-reply-to: <[🔎] E1gFv0p-0006US-5p@enotuniq.net>
References: <[🔎] 201810251557.32193.rhkramer@gmail.com> <[🔎] 201810251757.04345.rhkramer@gmail.com> <[🔎] E1gFv0p-0006US-5p@enotuniq.net>

On Friday, October 26, 2018 01:50:22 AM Reco wrote:
> On Thu, Oct 25, 2018 at 05:57:04PM -0400, rhkramer@gmail.com wrote:
< darn, I lost one of the "citations" -- can't think of the right word -- I 
think it was Reco who wrote:>

> > > It says here what you've used Google's MTA.
> > > It even has correct DKIM signature, and that's something that means you
> > > haven't forged the headers.
> > 
> > That's interesting, because I have at least somewhat modified the
> > headers.
> 
> Whatever you did with e-mail locally - i.e. before giving it to Google
> to deliver - does not break DKIM. DKIM is computed by MTA.
> 

Ahh, ok, thanks.


> > > 
> > > SpamAssassin, anyone?
> > 
> > I don't know if I could invoke SpamAssassin on yahoo's mail lists (but,
> > of course, I could invoke it on any thing I run or build locally).
> 
> The trick here is to have full e-mail (RFC822 headers and body) locally.
> It's my understanding that you have that.

Yes, of course. ;-)

> > > formail from procmail or reformail from maildrop.
> > > And changing existing Message-ID header is a really bad idea.
> > 
> > Well, I wasn't sure how mail lists normally handle that -- clearly the
> > message has a MessageId when sent from the subscriber -- I would have
> > guessed the mail list would use a different MessageID when forwarding it
> > (sending it) to other subscribers, especially recognizing that the text
> > and such do get some changes.
> 
> Your e-mail contains this, along the other things:
> 
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>         d=gmail.com; s=20161025;
>        
> h=from:to:subject:date:user-agent:references:in-reply-to:mime-version
> 
>         :content-transfer-encoding:message-id;
> 
>         ...
> 
> That means that Google vouched that all e-mail headers listed in "h=",
> including Message-ID are legit.
> Any e-mail receiver including debian-user's MTA (bendel.debian.org) can
> verify that header (bendel does).
> Changing any DKIM-protected header will break DKIM signature, and that
> means such e-mail can be rightfully rejected by receiver.
> 
> But wait, there's more. Message-ID has special meaning - replying
> e-mails can reference it. You change Message-ID - you break threading.

Ahh, yes, I don't want to break threading.

Thanks for all the clarifications!

Reply to:

References:
- Proof of concept: Mailing list "software" without MTA
  - From: rhkramer@gmail.com
- Re: Proof of concept: Mailing list "software" without MTA
  - From: rhkramer@gmail.com
- Re: Proof of concept: Mailing list "software" without MTA
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: versioning file system
Next by Date: Re: Online copies of textinfo content available?
Previous by thread: Re: Proof of concept: Mailing list "software" without MTA
Next by thread: IREDMAIL
Index(es):
- Date
- Thread