Corrupt pgp-signed messages
James A. Pattie
james at PCXPERIENCE.COM
Fri Mar 14 23:52:09 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rick Emery wrote:
> I searched the documentation and list archives (at least, I think I did it
> right; I've never used listserv before) but couldn't find anything on
this.
>
> I configured MailScanner (a *great* product, by the way) to sign all clean
> messages. My mail client is configured to verify pgp signatures, and I
noticed
> that I started getting a lot of "BAD pgp signature" messages. A little
research
> showed that the MailScanner signature was being added to the bottom of
(inside)
> the signed part of the message, apparently corrupting it.
>
> I am a member of several MailMan mailing lists, and noticed that
several of them
> were configured to sign all messages as well. However, it appears that the
> mailing list signature is added after the pgp signature, outside of
the signed
> portion of the message. I don't know enough to explain this with technical
> accuracy, so I hope this makes sense.
>
> My questions are:
>
> 1. is there a way to configure MailScanner to sign the message _after_
the pgp
> signed portion?
>
> 2. Am I the only one seeing this behaviour?
>
> Thanks in advance for any guidance,
> Rick
>
> P.S. I turned off the MailScanner signature, and everything is working
fine (I
> can tell by the headers that mail is being scanned). I just like the
idea of a
> signature telling everyone that the message was scanned (and I like
advertising
> MailScanner too :-)
I gpg sign my e-mails and have never had this issue.
I have had the issue where a certificate signed e-mail (S/MIME) has an
issue since the signing of the e-mail by MailScanner changes the
content. This was talked about several months ago. :)
- --
James A. Pattie
james at pcxperience.com
Linux -- SysAdmin / Programmer
Xperience, Inc.
http://www.pcxperience.com/
http://www.xperienceinc.com/
GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+cmsotUXjwPIRLVERAmrAAJ0RPOCKWQ6itragPNuVDsdErTaw/wCgjBMQ
NdH7oCMMXEYdlIbR5yCW2XM=
=bSqU
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list