http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5140
Summary: Misc improvements to Plugin::DomainKeys
Product: Spamassassin
Version: 3.1.7
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: Plugins
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Three unrelated smaller improvements to Plugin::DomainKeys
(sorry to have stashed them all under the same umbrella,
but the attached patch is quite straightforward):
- more informative debugging output (dk:);
- avoid fetching DK policy when signature is valid (verifies),
as required by draft-delany-domainkeys-base-06;
- avoid sanitizing header (stripping away trailing header fields
likely to be inserted by LDA or MUA) when signature header contains
a "h" tag, which explicitly lists header fields which were included
in signature calculation.
The last item deserves explanation: when a signer provides a list of
header fields that were signed, a verifier only takes into account these
header fields, and other appended header fields are ignored. Sanitizing
header in this case is unnecessary and if we are lucky just wastes time
(duplicates the effort of Mail::DomainKeys module). If we are unlucky,
the sanitizing subroutine could remove a trailing header field that was
included in a signature, thus breaking it. So, sanitizing is only helpful
when there actually is a signature header field present, and that signature
header field tells the verifier (by omitting a "h" tag) that the whole
remaining header is to be included in calculation.
Mark
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
