https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5890
--- Comment #4 from Mark Martinec <[EMAIL PROTECTED]> 2008-04-21 10:44:20 PST --- > if we need to bend our standards-compliance to deal with Paypal's signed > messages, that's fine by me ;) I'll try upgrading Mail::DKIM first, anyway. I don't see any need for bending. Third-party signatures are adequately covered with the current whitelist_from_dkim syntax. One only has to remember that whitelist_from_dkim follows DKIM rules regardless of types of signatures found in a message (DomainKeys vs. DKIM), so one needs to provide the second argument for whitelisting some signatures by paypal (like in the case shown above where From domain differs from a signing domain). > we may need to document this, IMO. looks like the fix was added in 0.27: > [...] how's about we make that the new required baseline version? The question is which version to choose as a minimal: The 0.31 fixes a verifier aborting when the last header field is a signature. Fixes parsing of an email address where a local part contains an '@' character (which is legitimate). It also fixes a version number string - - the 0.30.1 could not be 'required' by its version number. The 0.30.1 fixes failing verifications from signers (such as cisco.com) whose Microsoft mailers shuffle header field order, pushing a signature below some of the signed header fields. This was broken by 0.29_4. 0.30 fixes case sensitivity issue, but breaks verifying signatures from cisco.com; fix verifying DomainKeys with a default (absent) g tag in a public key; 0.29 SIGNIFICANT SPEEDUP for verification (factor of 8.5 for large mail!); fixed case-sensitivity issues (some signatures failed inappropriately); fixes DomainKeys verification where public key has an empty g tag; fixed broken granularity matching check; 0.28 fix DomainKey signatures with h tag - verification should obey the order of header fields specified in h tag, not in a message header section! fix exit status for PRINT and CLOSE; The 0.30.1 is the first to do right all of the: validating signatures from Microsoft mailers (shuffled header), granularity issues in public keys, public interface to multiple signatures (needed for SA whitelisting), dealing with h tag in DomainKeys according to specs. Considering also a factor of 8 speedup in 0.29, I wouldn't consider anything below 0.30.1 or 0.31 as worthwhile for any serious usage. Stability-addicted mailadmins might prefer an old and knowingly broken version for some reason known only to them. And then complain on a mailing list that it does not work... -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
