I tried to turn off all "Content Filtering" but it didn't fixed the signature problem. Some other suggestion?
Thanks, Marco De Rossi On Thu, 2 Aug 2007, Brad Knowles wrote: > On 8/2/07, Marco De Rossi wrote: > > > We have modifed mailman so now it not add the message footer anymore. > > Now we still have this problem only when we send digital signed e-mail > > *with attachment*. > > I can see two likely possibilities: > > 1. The digital signature is being done against the whole message, > headers included. When the message passes through Mailman, some > headers end up getting changed or added, and the signature is no > longer valid. > > 2. Mailman is still stripping or changing some of the attachment > MIME types or filenames, which causes the signature to be invalidated. > > Problem is, cryptographic signatures on messages are extremely > fragile. If even the slightest thing is changed, the signature is > likely to be broken. If you make the signature process more robust, > then you increase the possibility that an attacker could slip > something through that would still appear to be correct, but where > they've actually secretly modified something. > > Try turning off all filtering, HTML conversion, etc... within > Mailman. See if that "fixes" the signature problem. If so, then you > have to decide which is more important -- the signature on some > messages or the probability that some malware could get through the > system and sent out to all recipients of the list, because you'd > turned off the filtering. > > Unfortunately, this is a binary decision. There is no option to > leave signed messages unfiltered and to apply the filtering rules > only to unsigned messages. Even if there were such a method, the > attackers could get through by simply forging fake signatures that > look valid. > > -- > Brad Knowles <[EMAIL PROTECTED]>, Consultant & Author > LinkedIn Profile: <http://tinyurl.com/y8kpxu> > Slides from Invited Talks: <http://tinyurl.com/tj6q4> > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
