Re: [exim] DomainKeys signing makes headers too long -> tagg…

Top Page
Delete this message
Reply to this message
Author: Tomasz Chmielewski
Date:  
To: exim-users
Subject: Re: [exim] DomainKeys signing makes headers too long -> tagged as spam
Ted Cooper schrieb:

>> I quickly greped over some 300.000 emails and I found only a few using DomainKeys,
>> but all of them were long lines, not wrapped. Didn't have any problems with SPAM
>> Filtering so far ...
>
> Did all of those DomainKeys emails source from Exim servers or from
> other types as well?
>
> If it includes other servers then the question becomes, will other
> DomainKeys implementations be able to handle wrapped signature lines or
> is it always expected to not be wrapped. Wrapping/Unwrapping should
> probably done after/before any component gets access to a header anyway,
> but if all the implementations out there do their thing with direct
> access to the header then we will be breaking all their implementations.


I.e. google/gmail (I've no idea what it uses for signing) creates a
"wrapped" DomainKey signature.
So is dkim-proxy I use for signing mail with Postfix.


> The line length limit for a header line is 998. Is there a particular
> reason DomainKeys is creating a header longer than this or are they
> significantly shorter than that?
>
> This raises a question too - should SA be assigning points to something
> that is a normal occurance in legitimate emails? There are a few
> legitimate email servers out there that insist on writing hideously
> long, single line Received: headers that include every detail of the
> connection. Plus DomainKeys.


I think this test is disabled by default in SpamAssassin (at least the
newest versions).
But still, I've seen some installations which have it enabled.

Other things SA is giving points to which are also legitimate in email:
- really lots of recipients
- ALL CAPS HEADERS
- mail sent from Windows machines, if you use p0f (passive OS detection
- most spam senders are Windows zombies)
- etc.

Single test is usually not enough to tag the message as spam. But it can
increase the probability that the message is spam.
If possible, MTA should avoid increasing that probability.




--
Tomasz Chmielewski
http://wpkg.org