Mailscanner disturbs my domainkey?

Wed Oct 5 13:00:02 IST 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

John Rudd wrote:
> On Oct 1, 2005, at 6:31 AM, Julian Field wrote:
>>> In any case, any good info, pointers, tips on getting domainkeys to
>>> work using sendmail+MailScanner would be appreciated. I've already
>>> set up SPF, but having domainkeys as well would be a plus.
>>
>>  From what I have seen over the past 20 years or so is that the usual
>> practice is to put "Received" headers at the top, and all X- headers
>> and
>> other header modifications at the bottom. If they produce one
>> exception saying that all new headers must be before the domainkeys
>> header, then how many others are there likely to be in future? They
>> have somewhat changed the rules.
>>
>
> There's no "somewhat" about it.  If you embrace DomainKeys, then you
> have to accept that the rules have changed.
>
> With DomainKeys, all new headers have to be added above the DomainKeys
> header (the easiest way is to add them to the beginning of all of the
> headers; this is what the new spamassassin does).  You also may not
> modify the subject, change the body content, because you may not
> modify anything after the DomainKeys header.
>
>
> So, when MailScanner wants to modify the body of a message, you would
> almost want-to/have-to get rid of the DomainKey header.  ...

The DomainKey header is:
DomainKey-Signature: a=rsa-sha1; s=arnold; d=neland.dk; c=nofws; q=dns;
    h=message-id:from:to:cc:references:subject:date:
    mime-version:content-type:content-transfer-encoding:x-priority:
    x-msmail-priority:x-mailer:xmimeole;
    b=kntlhXWmVzOKnkd73K3EKoPUvQz7zUokFzY97EYK5EoWvIBuaQ+sQrfS6VFLdp6LE
    lsy+qDYuED3/4uLnbygcQ==

AFAICR that means that domainkey verification only looks at the headers 
mentioned above, and the rest, and the body may be freely modified.
But isn't there a risk for the content-transfer-encoding to change, eg from 
qp to 8-bit?

Leif

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!