Johan Almqvist wrote:
On 5. nov. 2009, at 20.38, Shad L. Lords wrote:
Johan Almqvist wrote:
Are you sure you're not confusing this with SpamAssassin expecting
'From_' lines in /var/spool/mail-format mailboxes (see RFC-976)?
That is what I'm referring to. And I think I was confused on the
plugin as well. Now that I think about it I think it was clamav
plugin. If it didn't receive the From_ header first then it didn't
process it as a mail message and pull the attachments apart
correctly. If it didn't pull it apart correctly then it would
detect the virus that was attached.
Uh. That's a bug, not a feature.
"From_" is mailbox format. Not RFC2822 et. al. DKIM checking may well
happen ahead of that being normally there. It's generally _not_ in the
SMTP stream at all, and may, quite properly, _never_ appear anywhere.
I think Clam is often intended to parse mailbox files directly, not
emails on the fly. Hence "From_" separators for Mailbox format, and
perhaps having to manually insert one for a Clam plugin.
I remember some weird whacking abou5 something like this when I got Clam
to work in our 0.42 Qpsmtpd.
For example, the message I am replying to (your message) had 16
other headers before the From: line in it. Two of them were between
the DKIM signature and the From: header....
Right and if you look at the h= part of my dkim sig then if any MTA
inserted/changed any of the listed headers below that DKIM line then
the sig would fail.
Hmm.
Your h= part looks like this: h=received:from:subject:date:message-id
There is an issue here when posting to a mailing list: ezmlm will
remove *your* Received: line (the one you signed) regardless of where
in the header it is.
In many cases there won't necessarily _be_ a Received line at the point
the DKIM signature is injected.
So the signature will be invalid. I'm not sure Received: headers are
good candidates for signing.
I really don't think they are. I wouldn't attempt to sign Received at all.
Mailing list managers shouldn't munge Subject: - but they might...
And often do.
You wouldn't want to see what my Exchange lashup is doing. Doesn't even
maintain case on DKIM headers, and pushes 'em all down after the ones it
likes (like From:). Ick.
[I'm in some sort of weird test environment, so don't take that as a
general issue with Exchange.]
