Re: [exim] Signed header list in DKIM headers

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: exim-users
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Signed header list in DKIM headers
Hi Evgeniy,

On 26.01.20 18:13, Evgeniy Berdnikov via Exim-users wrote:
>> The original message did only contain:
>> Subject, To, References, From, Message-ID, Date, MIME-Version, In-Reply-To, Content-Type, Content-Transfer-Encoding
>>
>> Those headers where not altered, however List-XXX-Headers where added and thus broke the initial signature (as these headers where included as).


> DKIM-compliant mailing list manager should add those headers to the top,
> before DKIM signature.


That is right, however often not the case.

>> By checking more examples, I do not think that there is an generic approach to do this.
>
> Generic approach to verify original DKIM signature, drop if signature is
> invalid, then strip out all DKIM headers. Then message may be modified
> arbitrarily by mailing list manager. Finally, message can be signed again
> (using DKIM key of this list) and forwarded to subscribers.


I was looking for a way to do this already at sending time before the mailing list software is involved.

Thanks for the RFC hints.

Best regards,
Thomas

--
Thomas Freitag