Corrupt pgp-signed messages

Julian Field mailscanner at ecs.soton.ac.uk
Sat Mar 15 15:12:37 GMT 2003 

At 23:52 14/03/2003, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Rick Emery wrote:
> > I searched the documentation and list archives (at least, I think I did it
> > right; I've never used listserv before) but couldn't find anything on
>this.
> >
> > I configured MailScanner (a *great* product, by the way) to sign all clean
> > messages. My mail client is configured to verify pgp signatures, and I
>noticed
> > that I started getting a lot of "BAD pgp signature" messages. A little
>research
> > showed that the MailScanner signature was being added to the bottom of
>(inside)
> > the signed part of the message, apparently corrupting it.
> >
> > I am a member of several MailMan mailing lists, and noticed that
>several of them
> > were configured to sign all messages as well. However, it appears that the
> > mailing list signature is added after the pgp signature, outside of
>the signed
> > portion of the message. I don't know enough to explain this with technical
> > accuracy, so I hope this makes sense.

I would like to see the difference in the MIME structure between what
MailMan does and what MailScanner does. I just add the signature on to the
end of the first in-line text+html segments of the message, which will be
what you see. So the signature should be put in place after the signature,
and therefore hopefully outside the signed portion of the message.

> > My questions are:
> >
> > 1. is there a way to configure MailScanner to sign the message _after_
>the pgp
> > signed portion?
> >
> > 2. Am I the only one seeing this behaviour?
> >
> > Thanks in advance for any guidance,
> > Rick
> >
> > P.S. I turned off the MailScanner signature, and everything is working
>fine (I
> > can tell by the headers that mail is being scanned). I just like the
>idea of a
> > signature telling everyone that the message was scanned (and I like
>advertising
> > MailScanner too :-)

The other alternative is by using the Subject: line modification feature
(e.g. add "{Scanned}" on the end of the subject line).


>I gpg sign my e-mails and have never had this issue.
>
>I have had the issue where a certificate signed e-mail (S/MIME) has an
>issue since the signing of the e-mail by MailScanner changes the
>content.  This was talked about several months ago.  :)
>
>- --
>James A. Pattie
>james at pcxperience.com
>
>Linux  --  SysAdmin / Programmer
>Xperience, Inc.
>http://www.pcxperience.com/
>http://www.xperienceinc.com/
>
>GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQE+cmsotUXjwPIRLVERAmrAAJ0RPOCKWQ6itragPNuVDsdErTaw/wCgjBMQ
>NdH7oCMMXEYdlIbR5yCW2XM=
>=bSqU
>-----END PGP SIGNATURE-----
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list