Corrupt pgp-signed messages
Rick Emery
rick at EMERY.HOMELINUX.NET
Sat Mar 15 16:45:41 GMT 2003
Quoting "James A. Pattie" <james at PCXPERIENCE.COM>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rick Emery wrote:
> > I searched the documentation and list archives (at least, I think I did it
> > right; I've never used listserv before) but couldn't find anything on
> this.
> >
> > I configured MailScanner (a *great* product, by the way) to sign all clean
> > messages. My mail client is configured to verify pgp signatures, and I
> noticed
> > that I started getting a lot of "BAD pgp signature" messages. A little
> research
> > showed that the MailScanner signature was being added to the bottom of
> (inside)
> > the signed part of the message, apparently corrupting it.
> >
> > I am a member of several MailMan mailing lists, and noticed that
> several of them
> > were configured to sign all messages as well. However, it appears that the
> > mailing list signature is added after the pgp signature, outside of
> the signed
> > portion of the message. I don't know enough to explain this with technical
> > accuracy, so I hope this makes sense.
> >
> > My questions are:
> >
> > 1. is there a way to configure MailScanner to sign the message _after_
> the pgp
> > signed portion?
> >
> > 2. Am I the only one seeing this behaviour?
> >
> > Thanks in advance for any guidance,
> > Rick
> >
> > P.S. I turned off the MailScanner signature, and everything is working
> fine (I
> > can tell by the headers that mail is being scanned). I just like the
> idea of a
> > signature telling everyone that the message was scanned (and I like
> advertising
> > MailScanner too :-)
>
> I gpg sign my e-mails and have never had this issue.
>
> I have had the issue where a certificate signed e-mail (S/MIME) has an
> issue since the signing of the e-mail by MailScanner changes the
> content. This was talked about several months ago. :)
>
> - --
> James A. Pattie
> james at pcxperience.com
>
> Linux -- SysAdmin / Programmer
> Xperience, Inc.
> http://www.pcxperience.com/
> http://www.xperienceinc.com/
>
> GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+cmsotUXjwPIRLVERAmrAAJ0RPOCKWQ6itragPNuVDsdErTaw/wCgjBMQ
> NdH7oCMMXEYdlIbR5yCW2XM=
> =bSqU
> -----END PGP SIGNATURE-----
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
Forgive me for quoting the entire message, but it's a good indicator of what's
going on. As you can see above, your message contains:
# -----BEGIN PGP SIGNED MESSAGE-----
# the message
# -----BEGIN PGP SIGNATURE-----
# the signature
# -----END PGP SIGNATURE-----
# MailScanner's text signature
When I view the corrupt messages, MailScanner's text signature appears just
above the "BEGIN PGP SIGNATURE" line.
What I don't understand is why your setup attached the MailScanner signature
after the PGP SIGNATURE, but mine puts it before. I couldn't find a
configuration option for this.
Could it have anything to do with the message composer? Something I've noticed
is that the corrupt messages don't say "BEGIN PGP SIGNED MESSAGE", they have a
cryptic string of letters, numbers, and symbols at the beginning and end.
Again I apologize for all of the noise, but I don't understand enough about mime
and pgp to figure it out.
Thanks again,
Rick
------------------------------------------------
This email was sent using IMP v4.0-cvs, part of
the Horde suite of information management tools.
http://horde.org/
More information about the MailScanner
mailing list