http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5179
------- Additional Comments From [EMAIL PROTECTED] 2006-11-12 15:36 ------- FWIW: This may or may not pertain, as the subject of "horizontal" whitespace versus "vertical" whitespace has been mentioned... I don't want to confuse the issue regarding the specific header/body separator issue presented here, but the DomainKey and DKIM standards have had issues in the past with MTA munge (sendmail), where trailing whitespace in the header portion of an email is modified, causing the signatures to fail. http://sourceforge.net/tracker/index.php?func=detail&aid=1485150&group_id=110311&atid=656974 It may be noteworthy that my testing has been specific to DKIM running in relaxed/simple mode (relaxed for header canonicalization due to sendmail munge, and simple for body canonicalization). I've chosen this method (relaxed/simple versus simple/simple) over using _FFR_ANTICIPATE_SENDMAIL_MUNGE since it's my understanding that relaxed canonicalization is "production-ready" code, instead of being for future release. If anyone feels it'd be valuable for me to put my signing systems in simple/simple with _FFR_ANTICIPATE_SENDMAIL_MUNGE to see what effect it has on the header/body separator issue illustrated here, I'd be happy to do so. It may be of limited value, though, as the reflector hosted at [EMAIL PROTECTED] does DKIM in simple/simple mode and it verifies fine with my hack to milter-spamc (and doesn't without it). The DomainKey from the same reflector doesn't verify for me, but only because it wasn't signed with h= style DomainKey headers and because I add a header to the email before it hits SpamAssassin - this is my fault. The DKIM standard uses h= style signatures by default, so header additions in the chain don't break the signatures. Also noteworthy is that DK_VERIFIED otherwise works great... I am using nofws mode to sign my messages with DomainKey and sendmail + milter-spamc + SA + Mail::DomainKeys has never had any trouble on the verification end. This could be due, however, to the idea that the header/body separator is not part of the DomainKey canonicalization. As far as MIME goes, it's never been an issue. I purposely test signatures with HTML emails to "stress-test" the system into parsing all that extra body data... and it's never been a problem. I'm guessing because the MIME data goes beyond the header/body separator it's a non-issue (at least for my purposes). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
