Re: [exim] Strange problem with domainkeys

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
M++\Peter Bowyer, mensaje del <-
MMMMIan Eiloart, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Graeme Fowler
Fecha:  
A: exim-users
Asunto: Re: [exim] Strange problem with domainkeys
On Mon, 2007-12-10 at 11:42 +0100, Luca Bertoncello wrote:
> Sure, but it signs always the "Received", too... And this IS altered, of
> course, by every MTA...

So that's a daft header to use for signing, then!

> Has someone a solution for this problem? Otherwise it has the same problem of
> SPF, but without a solutions... :(

Don't use "Received:" headers for the signing process, perhaps?
Otherwise, the signature could be invalidated by any number of
completely non-interactive (ie. not involving a human, like forwarding
which has to be chosen) means, like (for example) traversing a backup
MX. Or a transparent SMTP proxy, which some ISPs still use for outbound
mail. Or... or... well, any number of things.

Interestingly, the DKIM specification RFC4871 states:

The following header fields SHOULD NOT be included in the signature:

o Return-Path

o Received

o Comments, Keywords

OK, I know that DKIM isn't DomainKeys, but it does obsolete it (4871
obsoletes 4870) but that statement alone is worth many thousands of
other words.

Graeme


Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [exim] Strange problem with domainkeysRe: [exim] Fearure that Exim should have->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)