Auteur: Ian Eiloart Date: À: Luca Bertoncello, Exim Users ML Sujet: Re: [exim] Strange problem with domainkeys
--On 10 December 2007 11:42:27 +0100 Luca Bertoncello
<lucabert@???> wrote:
>
>> Not really an Exim question, but... DomainKeys can survive forwarding
>> if the forwarding process doesn't alter any of the headers used in the
>> signing process.
>
> Sure, but it signs always the "Received", too... And this IS altered, of
> course, by every MTA...
Received headers are added by every MTA, so it's conceivable that a
recipient implementation could look for a subset of headers which matches
the signature. A good algorithm would be to start with just the oldest
Received header, and add newer ones until you get a match. My guess it that
you'd often get a match on just the one header.
That might not be as easy to implement as simply ignoring DK signatures
that sign the Received header, or even rejecting them and letting the
sender sort out the mess!
--
Ian Eiloart
IT Services, University of Sussex
x3148