On Mon, 14 Apr 2008, (Peter O'Kane) wrote:
> I am testing dkim-filter 2.5.0 with sendmail 8.14.2. Some users here
> have an apostrophe in their real names. If the real name is included as
> a comment in the from header then dkim verification fails unless the
> comment is delimited by parenthesis. Unfortunately most user agents use
> double quote marks to quote comments rather than parenthesis. It is not
> clear to me whether the failure is occurring during signing or
> verification.
Certain characters must be quoted per RFC2822. If your "real name"
contains one or more of these and you feed the MTA a header which doesn't
do proper quoting, the MTA will rewrite the header for you so it is
compliant.
Because of the way milter is implemented (i.e. where in the MTA the milter
processing takes place), this has the unfortunate side effect of causing
you to sign a header different than then one the receiver will actually
get. This invalidates your signature.
Another example is header spacing. If you send:
To: a,b,c
...the MTA will rewrite it to:
To: a, b, c
Most MUAs generate the headers with the spaces already in them, so the
problem is largely hidden. However the quoting case appears with a little
more frequency.
Your best bet, until we get output filters implemented, is either to
insure that you generate headers such that the MTA won't feel the need to
alter them, or have a second MTA outbound which receives mail from the
first, after all the rewriting is done, and then just transparently signs
the message outbound.
-MSK
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
