On 3/21/21 2:25 PM, Wietse Venema wrote: > John Levine: >> It appears that Wietse Venema <postfix-users@postfix.org> said: >>> Demi Marie Obenour: >>>> How useful would BINARYMIME support be? It does mean that DKIM signing >>>> would need to be done in the sending path, but I cannot think of any >>>> reasons that would be a blocker. Having DKIM and DMARC built-in to >>>> Postfix would be a nice feature, tbh. The only open-source MTA I >>>> know of with built-in DKIM is Exim but I would never dare use it in >>>> production. >>>> >>>> Ideally, the signing keys should be in a separate process for privilege >>>> separation, but Postfix is already multi-process so that should be >>>> doable. Of course, the final decision is up to Wietse. >>> >>> See also https://github.com/OpenSMTPD/OpenSMTPD/issues/1090 >>> >>> I haven't had the time to properly analyze what this would take. >>> Here's a first inventory. >> >> Since most other MTAs don't suport BINARYMIME, you'd need some way >> to sniff the recipient server and then rewrite the binary parts >> as base64 before sending the message, recomputing any DKIM and ARC >> signatures on the way. Have fun with that. > > That might work for one-to-one messages, but not for one-to-many. > A more general solution would convert and sign during delivery. Not > fun, but technically possible. > >> BINARYMIME avoids the 33% size increase of base64. If people cared >> about that, since every MTA now supports 8BITMIME it would be easy >> to invent a quoted-unprintable content-transfer-encoding which >> escaped only the few characters that are special in 8BITMIME (CR >> LF NUL and to be on the safe side, 0xff.) That would get you about >> 98% of the way to binary with 2% of the work. > > This would turn binary content into a long line. That works perfectly > with qmail and Postfix (except that the Postfix SMTP client will > need a hint to avoid folding such lines at the 998 octet limit of > RFC 5321).
Another approach would be to create a “wrapped” MIME type that just wraps another message in base64. That has the advantage of working with multipart/signed et al. quoted-printable also has line continuations. > Wietse Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature