DKIM and MailScanner used in a mail forwarder

Alex Broens ms-list at alexb.ch
Mon Mar 9 11:01:42 GMT 2009 

On 3/9/2009 11:46 AM, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> On 9/3/09 09:06, Julian Field wrote:
>> * PGP Signed: 03/09/09 at 09:06:48
>>
>>
>>
>> On 9/3/09 01:30, Alex Neuman wrote:
>>> I believe it's been tried before with sendmail but, as Brent 
>>> mentions, you have to have an instance of sendmail that does the 
>>> actual signing after MailScanner's done with the message.
>> Yes, I have separate incoming and outgoing mail systems. And yes, I 
>> guess I mean "redirect" and not "forward". Many ISP's offer mail 
>> forwarding ("redirecting") for addresses at a customer's domain. So 
>> how does anyone else deal with this problem?
>>> On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis <brent.addis at spit.gen.nz 
>>> <mailto:brent.addis at spit.gen.nz>> wrote:
>>>
>>>     I use it, it's fine. Exim only signs when it actually sends the
>>>     message, so it includes the mailscanner headers.
>>>
>>>     No idea about postfix/sendmail/whatever else
>>>
>>>     Make sure you have separate sending and receiving systems (Sending
>>>     signs, receiving checks)
>>>
>>>
>>>
>>>
>>>     On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote:
>>>>     How badly does DKIM interact with MailScanner when MailScanner 
>>>> is used
>>>>     in a mail forwarding system?
>>>>     What could I do to improve the situation?
>>>>
>>>>     Jules
> It appears that DKIM doesn't take the order of most of the headers into 
> account after all (I read the spec a bit more thoroughly). It only 
> worries about the headers which are named in the "DKIM-Signature" 
> header. So there's no need to move the new headers to the top of the 
> message after all. Though I will probably leave the option in place, as 
> people have asked for it in the past.
> 
> Unfortunately the list of headers that appear in the list is a bit long, 
> and includes some that MailScanner may inadvertently tweak, such as 
> Content-Type, Content-Transfer-Encoding and Message-ID.

Pls make sure that the move is not set per default.

thx
Alex

More information about the MailScanner mailing list