Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Dec 2008 14:59:59 +0100
From:      Nikola =?UTF-8?B?TGXEjWnEhw==?= <nikola.lecic@anthesphoria.net>
To:        Michael Scheidell <scheidell@secnap.net>
Cc:        FreeBSD-questions@FreeBSD.org
Subject:   Re: listserver problems?
Message-ID:  <20081218145959.2d428ec8@anthesphoria.net>
In-Reply-To: <494A3835.30302@secnap.net>
References:  <494A3835.30302@secnap.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On Thu, 18 Dec 2008 06:47:01 -0500
Michael Scheidell <scheidell@secnap.net> wrote:
=20
> might be generic listserver issues, but I noticed that at least on=20
> freebsd-jail list, it does NOT strip out dkim/domainkeys signatures.
>=20
> that might not be to bad, but it does 'mung' the headers, so dkim
> signed email passed through freebsd mailing list server comes back as
> a forged signature.

Three objections to your DKIM signature:

(1)

Your canonicalization is "relaxed/simple", i.e. the mail is signed with
"simple" bodycanon:

  DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/simple; d=3Dsecnap.net=
; h=3D

That's why you have

  Authentication-Results: [...] dkim=3Dneutral (body hash did not verify)
    header.i=3D@secnap.net

- -- the list software appends some lines at the end of mail. You should
use=20

  Canonicalization relaxed/relaxed

in dkim-filter.conf or

  milterdkim_flags=3D"-c relaxed/relaxed"

in rc.conf if you use Sendmail. (See headers of my mail.)


(2)

You have "Received" header field included in the signature, while
RFC4871 states that it SHOULD NOT be the case:

  http://tools.ietf.org/html/rfc4871#section-5.5


(3)

You do not specify body length (l=3D in DKIM header). According to

  http://tools.ietf.org/html/rfc4871#section-3.4.5

it could be a good idea to use it, especially when mailing lists are in
question.


In total, mailing list owners don't have an obligation to strip DKIM
signatures. Instead, other methods can be used on both sides, see
section 4.1.

HTH
- --=20
Nikola Le=C4=8Di=C4=87 =3D =D0=9D=D0=B8=D0=BA=D0=BE=D0=BB=D0=B0 =D0=9B=D0=
=B5=D1=87=D0=B8=D1=9B
fingerprint : FEF3 66AF C90E EDC3 D878  7CDC 956D F4AB A377 1C9B
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iJwEAQEDAAYFAklKV2MACgkQ/MM/0rYIoZhsnwQAowQy2nwd3IVYMtv9p7PVaoGZ
FQPpZZse/6PFi3KeegZcbOBFhOcNV3DzATt3z+VXdVYybajRXArj7WJtyEI2shGn
ssBmBdkD1bpoRzgf7jNYj6a9w8cVS/BC7gl07GBIhILEGLnpG8bjj7MtWhynj9SB
vn8jT/XF4QEKmDJSUwk=3D
=3D1fpm
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081218145959.2d428ec8>