On 01/-10/-28163 08:59 PM, Martijn Brinkers wrote: > On 01/-10/-28163 08:59 PM, lst_ho...@kwsoft.de wrote: >> Zitat von Martijn Brinkers <mart...@djigzo.com>: >> >>>> today i got a mail fro a well known German Trustcenter with a invalid >>>> signature warning (content altered). A former mail to an other account >>>> from the same Trustcenter was valid. On inspection it looks like someone >>>> altered the encoding because the valid mail has >>>> "Content-Transfer-Encoding: 8bit" and the broken one >>>> "Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP >>>> server should only pass 8bit if the remote site announces 8BITMIME, so i >>>> suspect this is the trouble maker because neither Djigzo nor our Virus >>>> scan announces 8BITMIME :-( >>>> >>>> Any comments on this? >>> >>> The application that added the signature is not RFC 3851 compliant. >>> before signing a message the mail agent should convert 8bit mime bodies >>> to 7bit. This is important because if SMTP sees that a server does not >>> support 8bit, it should convert the message to 7bit. Because of this >>> conversion the message has been changed and therefore the signature is >>> no longer valid. So the trouble maker is the application that signed the >>> message :). The problem is that there is not much you can do. In >>> principle you can disable the conversion from 8bit to 7bit in your own >>> gateway (not that I recommend that ;) but you cannot control other >>> intermediate gateways. >>> >> >> Lead me straight to another question: What does Djigzo do if it is feed >> with 8bit content to sign? Oh, wait... It does not announce 8BITMIME so >> this should not happen at all, no? > > Yes you are right. The caller should convert it to 7bit so the > signing/encryption engine only sees 7bit messages :). However lets > suppose that the caller does not convert the message to 7bit. Postfix > will receive the message and the message will then be send to the > internal SMTP (the after queue filter). Because the internal SMTP server > does not announce 8bit, Postfix will convert it to 7bit and therefore > all email will be converted to 7bit before signing. >
If you really really do not want the conversion from 8bit to 7bit (because the sender won't fix their app) you might try disabling the conversion to 7bit by adding "disable_mime_output_conversion" to your postfix configuration. Kind regards, Martijn -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.djigzo.com http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
