Re: [exim] DomainKeys signing makes headers too long -> tagg…

Inizio della pagina
Delete this message
Reply to this message
Autore: Ted Cooper
Data:  
To: exim-users
Oggetto: Re: [exim] DomainKeys signing makes headers too long -> tagged as spam
Karl Fischer wrote:
> Ted Cooper wrote:
>> Tomasz Chmielewski wrote:
>>> Tomasz Chmielewski schrieb:
>>>> If DomainKeys signing is enabled in Exim, it adds a signature in email's headers.
>>>>
>>>> However, this signature in header is not wrapped, which makes the header very long, i.e.:
>>>>
>>>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=somedomain.tld;
>>>>     h=Received:To:Subject:Message-Id:From:Date;
>>>>     b=b...................................................................................................................xyz;

>>>>
>>>>
>>>> Such long headers trigger SpamAssassin's HEAD_LONG test, which adds 2.5 spam points to a mail.
>>>>
>>>>
>>>> How can I make DomainKeys signature properly wrapped when signing with Exim
>>>> (note: DKIM signature is wrapped properly, only DomainKeys makes these problems)?
>>> Nobody knows?
>>>
>>> At least, could anyone confirm (or not) that these very long DomainKeys
>>> headers are inserted by Exim in his/her installation as well, when
>>> DomainKeys signing is enabled?
>>>
>> I was going to look at this weekend, but I don't use DomainKeys to check
>> it now. Does anyone use this or did everyone head over to DKIM?
>
> well, if that helps:
> I quickly greped over some 300.000 emails and I found only a few using DomainKeys,
> but all of them were long lines, not wrapped. Didn't have any problems with SPAM
> Filtering so far ...


Did all of those DomainKeys emails source from Exim servers or from
other types as well?

If it includes other servers then the question becomes, will other
DomainKeys implementations be able to handle wrapped signature lines or
is it always expected to not be wrapped. Wrapping/Unwrapping should
probably done after/before any component gets access to a header anyway,
but if all the implementations out there do their thing with direct
access to the header then we will be breaking all their implementations.

The line length limit for a header line is 998. Is there a particular
reason DomainKeys is creating a header longer than this or are they
significantly shorter than that?

This raises a question too - should SA be assigning points to something
that is a normal occurance in legitimate emails? There are a few
legitimate email servers out there that insist on writing hideously
long, single line Received: headers that include every detail of the
connection. Plus DomainKeys.