Paul Chown created JAMES-3742:
---------------------------------

             Summary: MIME-Version header is changed, breaking DKIM signatures
                 Key: JAMES-3742
                 URL: https://issues.apache.org/jira/browse/JAMES-3742
             Project: James Server
          Issue Type: Bug
          Components: James Core
    Affects Versions: 2.3.2
            Reporter: Paul Chown


We are using James to forward mails from external email servers to customer 
accounts.

Some email clients create emails with the following headers:
{noformat}
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=xxxx.gappssmtp.com; s=20210112;
        
h=from:content-transfer-encoding:mime-version:subject:message-id:date:to;
        bh=...;
        b=...{noformat}
So the message is signed by the originator including the {{Mime-Version}} 
header. The problem is that if we set an additional header with 
{{SetMimeHeaderHandler}} or invoke the SpamAssassin service then the method 
{{MimeMessage.updateHeaders()}} is invoked which sets a new mime version header:
{noformat}
MIME-Version: 1.0{noformat}
thereby breaking the DKIM signature from the original sender. We can add our 
own signature using the new header, but this isn't aligned with the sender 
domain so it doesn't help. It's probably debatable whether the original Mac 
mail client mime version header is valid, but it is what it is.

This seems to be completely broken, but the behaviour is baked into the 
{{MimeMessage}} class and we can't see any way around it. How can we preserve 
the original mime-version header and the DKIM signature?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to