If it could be helpful: it seems happen only sending e-mail from a Windows XP operating system (sending e-mail from a linux OS the digital signature is OK).
Thanks, Marco De Rossi On Thu, 30 Aug 2007, Marco De Rossi wrote: > I tried to turn off all "Content Filtering" but it didn't fixed the > signature problem. > Some other suggestion? > > Thanks, Marco De Rossi > > > On Thu, 2 Aug 2007, Brad Knowles wrote: > > > On 8/2/07, Marco De Rossi wrote: > > > > > We have modifed mailman so now it not add the message footer anymore. > > > Now we still have this problem only when we send digital signed e-mail > > > *with attachment*. > > > > I can see two likely possibilities: > > > > 1. The digital signature is being done against the whole message, > > headers included. When the message passes through Mailman, some > > headers end up getting changed or added, and the signature is no > > longer valid. > > > > 2. Mailman is still stripping or changing some of the attachment > > MIME types or filenames, which causes the signature to be invalidated. > > > > Problem is, cryptographic signatures on messages are extremely > > fragile. If even the slightest thing is changed, the signature is > > likely to be broken. If you make the signature process more robust, > > then you increase the possibility that an attacker could slip > > something through that would still appear to be correct, but where > > they've actually secretly modified something. > > > > Try turning off all filtering, HTML conversion, etc... within > > Mailman. See if that "fixes" the signature problem. If so, then you > > have to decide which is more important -- the signature on some > > messages or the probability that some malware could get through the > > system and sent out to all recipients of the list, because you'd > > turned off the filtering. > > > > Unfortunately, this is a binary decision. There is no option to > > leave signed messages unfiltered and to apply the filtering rules > > only to unsigned messages. Even if there were such a method, the > > attackers could get through by simply forging fake signatures that > > look valid. > > > > -- > > Brad Knowles <[EMAIL PROTECTED]>, Consultant & Author > > LinkedIn Profile: <http://tinyurl.com/y8kpxu> > > Slides from Invited Talks: <http://tinyurl.com/tj6q4> > > > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
