DKIM and MailScanner used in a mail forwarder
MailScanner at ecs.soton.ac.uk
Mon Mar 9 11:04:23 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
On 9/3/09 11:01, Alex Broens wrote:
> On 3/9/2009 11:46 AM, Julian Field wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> On 9/3/09 09:06, Julian Field wrote:
>>> * PGP Signed: 03/09/09 at 09:06:48
>>> On 9/3/09 01:30, Alex Neuman wrote:
>>>> I believe it's been tried before with sendmail but, as Brent
>>>> mentions, you have to have an instance of sendmail that does the
>>>> actual signing after MailScanner's done with the message.
>>> Yes, I have separate incoming and outgoing mail systems. And yes, I
>>> guess I mean "redirect" and not "forward". Many ISP's offer mail
>>> forwarding ("redirecting") for addresses at a customer's domain. So
>>> how does anyone else deal with this problem?
>>>> On Sun, Mar 8, 2009 at 5:45 PM, Brent Addis
>>>> <brent.addis at spit.gen.nz <mailto:brent.addis at spit.gen.nz>> wrote:
>>>> I use it, it's fine. Exim only signs when it actually sends the
>>>> message, so it includes the mailscanner headers.
>>>> No idea about postfix/sendmail/whatever else
>>>> Make sure you have separate sending and receiving systems (Sending
>>>> signs, receiving checks)
>>>> On Sun, 2009-03-08 at 11:37 +0000, Julian Field wrote:
>>>>> How badly does DKIM interact with MailScanner when MailScanner
>>>>> is used
>>>>> in a mail forwarding system?
>>>>> What could I do to improve the situation?
>> It appears that DKIM doesn't take the order of most of the headers
>> into account after all (I read the spec a bit more thoroughly). It
>> only worries about the headers which are named in the
>> "DKIM-Signature" header. So there's no need to move the new headers
>> to the top of the message after all. Though I will probably leave the
>> option in place, as people have asked for it in the past.
>> Unfortunately the list of headers that appear in the list is a bit
>> long, and includes some that MailScanner may inadvertently tweak,
>> such as Content-Type, Content-Transfer-Encoding and Message-ID.
> Pls make sure that the move is not set per default.
Don't worry, I wouldn't do that to you!
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Comment: Use Enigmail to decrypt or check this message is legitimate
-----END PGP SIGNATURE-----
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner