Re: [exim] Recovering DKIM signature from read email

Top Page

Reply to this message
Author: Patrick von der Hagen
Date:  
To: exim-users
Subject: Re: [exim] Recovering DKIM signature from read email
That's a very abstract definition of sender and recipient. Issues
regarding mailinglists have been mentioned already, but there are more
components which might damage DKIM signatures.

For example, my exchange 2013 usually handles DKIM well, e.g. a signed
message received by my exchange and forwarded to an external address
arrives with a correct DKIM signature. If the message is delivered to an
exchange mailbox and accessed by IMAP, DKIM-verification in Thunderbird
(DKIM Verifier addon) frequently fails, because somewhere in the IMAP
stack some recoding seems to happen, that just isn't triggered during
SMTP-handling.

See
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail#Content_modification
for example.

So, depending on how the sender sends, how parties in between process
and how the recipient accesses the message, DKIM might work for you.
However, I consider it to be very brittle and "best effort", while you
talk about proof of integrity, verification and receipts (sounds like
accountability?). All said and done, I'd be surprised if DKIM was a good
solution for your requirements.



Am 23.08.2017 um 17:20 schrieb Leonardo Boselli:
> Does the dkim implementation on exim sign the whole message ?
> The reason I ask is because all the places that I have read say that
> DKIM may sign the whole or part of messge, and i have found no option
> to specify how much of messge is signed.
> I would like to sign all messages that have been submitted so the
> recipient not only can authenthicate the sender machine, but be also
> sure of the integrity of the content.
> It is required also that the recipient could handle the message
> (possibly as an attachment) to a third party that could verify again
> the authenticity of the message (same for the sender that would
> receive back a copy to have a receipt that he really gave the messge
> to that server.
> Is it possible ? (actually the verification is more impoortant for the
> body and attachments than for the headers)
>
>
> --
> Leonardo Boselli
> Dipartimento Ingegneria Civile e Ambientale UNIFI
> tel +39 0552758808 +39 3488605348
>
>
>


--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Patrick von der Hagen

Zirkel 2, Gebäude 20.21, Raum 004.2
76131 Karlsruhe
Telefon: +49 721 608-46433
E-Mail: hagen@???
Web: http://www.scc.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft