[Bug 5890] New: DKIM whitelist check ignores Sender header

Mon, 21 Apr 2008 03:07:52 -0700 

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5890

           Summary: DKIM whitelist check ignores Sender header
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Plugins
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


looking at bug 5378, I tried to test DKIM whitelisting using a "payment
received" mail:

Return-Path: <[EMAIL PROTECTED]>
Received: from phx01imail02.phx.paypal.com (mx0.phx.paypal.com
[66.211.168.230])
        by soman.fdntech.com (Postfix) with ESMTP id A9E85BA5161
        for <[EMAIL PROTECTED]>; Wkd, 26 Mar 2008 10:13:28 -0500 (CDT)
DomainKey-Signature: s=dkim; d=paypal.com; c=nofws; q=dns;
    h=Received:Date:Message-Id:Subject:X-MaxCode-Template:
      To:From:Sender:X-Email-Type-Id:X-XPT-XSL-Name:
      Content-Type:MIME-Version;
    b=e+bxgo249cnmDdh/PTY1QIuMXAe2U6qDmmkMsoYXj75qbe3Umvibi
      BExQnV27yKnzzsCc1Qw4VTs110JotmOENlW+PvtjFlREBmlSVPWPa
      OYBKl3IougEux4wmGeb9iQI7D3E3DXisT7PBjZAct+mSN2gQVwbRK
      SgxbcngUBVpE=;
Received: (qmail 14670 invoked by uid 99); 26 Mar 2008 15:13:11 -0000
Date: Wed, 26 Mar 2008 08:13:11 -0700
Message-Id: <[EMAIL PROTECTED]>
Subject: Invoice for Internet Hosting
X-MaxCode-Template: email-transaction-counterparty
To: Justin Mason <[EMAIL PROTECTED]>
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
X-Email-Type-Id: PP274
X-XPT-XSL-Name:
  email_pimp/default/en_US/transaction/seller/TransactionCounterparty.xsl


Note that the "From:" address is not a paypal domain, but there's a "Sender"
header.  presumably that's supposed to override the DKIM credentials looked up?
we don't seem to:

[9765] dbg: dkim: no wl entries match author
[EMAIL PROTECTED], no need to verify sigs
[9765] dbg: dkim: performing public key lookup and signature verification
[9765] dbg: dkim: signing identity: @paypal.com, d=paypal.com, a=rsa-sha1,
c=nofws
[9765] dbg: dkim: public key lookup or verification failed: Can't locate object
method "result" via package "Mail::DKIM::DkSignature" at
lib/Mail/SpamAssassin/Plugin/DKIM.pm line 372.
[9765] dbg: dkim: policy: performing lookup
[9765] dbg: dkim: policy result accept: o=~

that's with:

  whitelist_dkim      [EMAIL PROTECTED] [EMAIL PROTECTED]

although 'whitelist_dkim [EMAIL PROTECTED]' acts the same.

section "B.2.3 Mailing Lists and Re-Posters" of
http://www.dkim.org/specs/rfc4871-dkimbase.html seems to indicate that we
should be using Sender instead of From here.


-- 
Configure bugmail: 
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Reply via email to