Re: [Exim] Yahoo DomainKeys...

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Nico Erfurth
Fecha:  
A: exim-users
Asunto: Re: [Exim] Yahoo DomainKeys...
Claus Assmann wrote:

>>>You seem to have missed the fact that SPF breaks existing working
>>>legitimate setups.
>
>>DomainKeys also does. If I read the proposal right, a server isn't
>>allowed to add any header after the DomainKeys-Signature: header.
>
>
> Read the draft again :-)
>
> There's some ordering in the headers, so if your MTA adds the new
> stuff before the signature, you're ok. If DK would break forwarding
> it would be useless.


Read the next paragraph of my mail.

<quote>
Well, exim does. Imagine a forwarding service, with spam-scanning, which
adds headers. Boom, DomainKeys will fail to verify the mail.
</quote>

Exim DOES add extra headers (not Received: and some others) on the end
of previous headers. So all exim-forwarders will currently break the
signature, when they add headers.

IMHO the signature should only be added to some headers, things that are
of interest for an enduser. At least X-* should be ignored. I know, the
draft already talks about this, so maybe they'll fix it.

Nico