[jira] [Commented] (JAMES-3742) MIME-Version header is changed, breaking DKIM signatures

Wed, 06 Apr 2022 23:00:08 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518590#comment-17518590
 ] 

Benoit Tellier commented on JAMES-3742:
---------------------------------------

James uses its own super class of mime messages: MimeMessageWrapper

We could use it to override `updateHeaders` method NOT to alter the mime 
version if present?



> MIME-Version header is changed, breaking DKIM signatures
> --------------------------------------------------------
>
>                 Key: JAMES-3742
>                 URL: https://issues.apache.org/jira/browse/JAMES-3742
>             Project: James Server
>          Issue Type: Bug
>          Components: James Core
>    Affects Versions: 2.3.2
>            Reporter: Paul Chown
>            Priority: Major
>
> We are using James to forward mails from external email servers to customer 
> accounts.
> Some email clients create emails with the following headers:
> {noformat}
> Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>         d=xxxx.gappssmtp.com; s=20210112;
>         
> h=from:content-transfer-encoding:mime-version:subject:message-id:date:to;
>         bh=...;
>         b=...{noformat}
> So the message is signed by the originator including the {{Mime-Version}} 
> header. The problem is that if we set an additional header with 
> {{SetMimeHeaderHandler}} or invoke the SpamAssassin service then the method 
> {{MimeMessage.updateHeaders()}} is invoked which sets a new mime version 
> header:
> {noformat}
> MIME-Version: 1.0{noformat}
> thereby breaking the DKIM signature from the original sender. We can add our 
> own signature using the new header, but this isn't aligned with the sender 
> domain so it doesn't help. It's probably debatable whether the original Mac 
> mail client mime version header is valid, but it is what it is.
> This seems to be completely broken, but the behaviour is baked into the 
> {{MimeMessage}} class and we can't see any way around it. How can we preserve 
> the original mime-version header and the DKIM signature?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to