Shane W schrieb: > Hey all, Hey Shane, > I just finished setting up DKIM on some of our domains > which signs an email when it goes out. However, one thing > I'm not sure about is when scanning in the exim ACLs using > SA Exim, it's adding various x-spam headers but it's > dropping them at the bottom of the message after the DKIM > signature header which unless I am off base would render > the signature invalid. DKIM does not sign all headers of a message, therefore you are off base (and safe). The headers signed by DKIM are specified in the DKIM-signature, only "From" is mandatory, other headers are optional. Now, if a message contains SA-headers and and they are signed by DKIM and someone on the road adds additional SA-headers or modifies the existing ones, the sender would probably run into problems. So, limit your signatures reasonably.
For reference: http://wiki.exim.org/DKIM, dkim_sign_headers http://www.ietf.org/rfc/rfc4871.txt, Section 5.4 -- CU, Patrick.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
