Hi Stefan, At 02:23 12-04-2008, Stefan Schulze Frielinghaus wrote: >I tested dkim-milter for several months now and it works quite fine >except one problem. Consider someone who uses Google-Mail posts to a >mailinglist which automatically adds a signature to every mail (which is >really common). dkim-milter will detect this mail and throw it away (or >quarantine, depends on setup) because the signature doesn't fit anymore. >As long as the mailinglist-server does not support dkim too (which is >also really common) a lot of mails will be thrown away.
dkim-milter will not throw the mail or quarantine it unless you explicitly tell it to do so. >Is there a solution out? Maybe only signing the header and _not_ the >body? If you only sign the header and not the body, I can reuse your headers and include questionable content. Several mailing lists, including this one, modify the subject line and the message body. This invalidates the DKIM signature. You can get around the subject rewrite by not signing that header. As the the message body, you can specify the body length that is signed. Any content added after that, such as the mailing list footer, will be ignored on DKIM verification. These two workarounds can open the way to abuse. The better way to deal with the problem would be for the mailing list to resign the message. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
