Re: [exim] Signed header list in DKIM headers

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Evgeniy Berdnikov
Data:  
Para: exim-users
Asunto: Re: [exim] Signed header list in DKIM headers
On Sun, Jan 26, 2020 at 04:26:27PM +0100, exim-users--- via Exim-users wrote:
> The original message did only contain:
> Subject, To, References, From, Message-ID, Date, MIME-Version, In-Reply-To, Content-Type, Content-Transfer-Encoding
>
> Those headers where not altered, however List-XXX-Headers where added and thus broke the initial signature (as these headers where included as).


DKIM-compliant mailing list manager should add those headers to the top,
before DKIM signature.

> By checking more examples, I do not think that there is an generic approach to do this.


Generic approach to verify original DKIM signature, drop if signature is
invalid, then strip out all DKIM headers. Then message may be modified
arbitrarily by mailing list manager. Finally, message can be signed again
(using DKIM key of this list) and forwarded to subscribers.

Some refs:
RFC6376: B.2.3. Mailing Lists and Re-Posters
RFC6377 "DKIM and Mailing Lists"
--
Eugene Berdnikov