Re: Broken DomainKey Implementation

Qmail

Re: Broken DomainKey Implementation

To:	qmail@list.cr.yp.to
Subject:	Re: Broken DomainKey Implementation
From:	Matt Simpson <net-qmlist@jmatt.net>
Date:	Sat, 7 Apr 2007 08:57:35 -0400
Comment:	DomainKeys? See http://antispam.yahoo.com/domainkeys
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	gmail-qmail@securepoint.com
Delivered-to:	sp.com.list@gmail.com
Delivered-to:	mailing list qmail@list.cr.yp.to
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=default; d=jmatt.net; b=7JkH7WZknTNVKOjIqMg1sTJARwDg4SwqZvTySc/lsiNn5hJVs1RTYpT7IhHCFQKk95gA0G8FK0HT5lo/bLh/+cyLs+NpdSVQJzNOWipo7sHHlIgCj8nIgT4tkkeZY1w0NQXs19f8gJH02JMMAlvVsGQRPV6x5yKOnCu/vJnNJok=; h=Received:Mime-Version:Message-Id:In-Reply-To:References:Date:From:Subject:Mime-Version:Content-Type;
Domainkey-status:	bad
In-reply-to:	<17943.12079.63949.563309@desk.crynwr.com>
Mailing-list:	contact qmail-help@list.cr.yp.to; run by ezmlm
References:	<b86db13f0704011331m4135c427vc934ced0d8b64120@mail.gmail.com> <20070401205313.GA5988@discworld.dyndns.org> <b86db13f0704011429x17f3e0b1w903861f725380af5@mail.gmail.com> <17941.57540.536844.183887@desk.crynwr.com> <p06240602c23bec1311de@chowder.jmatt.net> <17943.12079.63949.563309@desk.crynwr.com>

At 1:42 AM 4/7/07, Russ Nelson wrote:

Matt Simpson writes:
 > My excuse for "munging" the message is that I'm running ezmlm lists,
 > with the qmail verh patch to add a customized "List-Unsubscribe"
 > header for each subscriber.

No problem.  Insert a Sender: header and re-sign.

I'm already inserting a Sender header and re-signing. The problemis, that since the List-Unsubscribe header is modified by the verhpatch in qmail-remote to include the individual subscriber's address,the signature added by qmail-dk becomes invalid. If a single copy ofthe message is signed, and then queued for distribution to hundredsof subscribers, and then qmail-remote changes a header on the copy itsends to each subscriber, the only way for that signature to remainvalid is if the header "munged" by qmail-remote+verh is to excludethat header from the signature. The other option is to sign themessage in qmail-remote after verh munges the header.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Broken DomainKey .. or dead project?, (continued) Re: Broken DomainKey .. or dead project?, Erik A. Espinoza Re: Broken DomainKey .. or dead project?, Kyle Wheeler Re: Broken DomainKey .. or dead project?, Erik A. Espinoza Re: Broken DomainKey .. or dead project?, Kyle Wheeler Re: Broken DomainKey .. or dead project?, Kyle Wheeler Message not available Re: Broken DomainKey .. or dead project?, Erik A. Espinoza Re: Broken DomainKey Implementation, Russ Nelson Re: Broken DomainKey Implementation, Russ Nelson Re: Broken DomainKey Implementation, Matt Simpson Re: Broken DomainKey Implementation, Russ Nelson Re: Broken DomainKey Implementation, Matt Simpson <= Re: Broken DomainKey Implementation, Erik A. Espinoza Re: Broken DomainKey Implementation, Russ Nelson Re: Broken DomainKey Implementation, Erik A. Espinoza

Previous by Date:	Re: Broken DomainKey Implementation, Russ Nelson
Next by Date:	DKIM + qmail-remote, Charles Sprickman
Previous by Thread:	Re: Broken DomainKey Implementation, Russ Nelson
Next by Thread:	Re: Broken DomainKey Implementation, Erik A. Espinoza
Indexes:	[Date] [Thread] [Top] [All Lists]