Re: [exim] sa exim headers: Do they break DKIM

Top Page
Delete this message
Reply to this message
Author: Patrick von der Hagen
Date:  
To: exim-users
Subject: Re: [exim] sa exim headers: Do they break DKIM
Shane W schrieb:
> Hey all,

Hey Shane,

> I just finished setting up DKIM on some of our domains
> which signs an email when it goes out. However, one thing
> I'm not sure about is when scanning in the exim ACLs using
> SA Exim, it's adding various x-spam headers but it's
> dropping them at the bottom of the message after the DKIM
> signature header which unless I am off base would render
> the signature invalid.

DKIM does not sign all headers of a message, therefore you are off base
(and safe). The headers signed by DKIM are specified in the
DKIM-signature, only "From" is mandatory, other headers are optional.
Now, if a message contains SA-headers and and they are signed by DKIM
and someone on the road adds additional SA-headers or modifies the
existing ones, the sender would probably run into problems.
So, limit your signatures reasonably.

For reference:
http://wiki.exim.org/DKIM, dkim_sign_headers
http://www.ietf.org/rfc/rfc4871.txt, Section 5.4


--
CU,
Patrick.