--On Monday, December 03, 2012 11:09 AM -0800 "Murray S. Kucherawy"
<msk_at_blackops.org> wrote:
> On Mon, 3 Dec 2012, Quanah Gibson-Mount wrote:
>> [...]
>> where it looks like someone found an issue with mail using HTML that is
>> signed by OpenDKIM. Is this a bug on the OpenDKIM side or in the Amavis
>> verification side of things?
>
> Generally speaking, neither the filter nor the library know anything
> about the format of the content being signed or verified. HTML is the
> same as any other content, even binary.
>
> Further, the filter itself never changes the content passing through the
> MTA. In fact, it's not capable of doing so (even though milter is
> capable of it) because it neither makes the call nor does it negotiate
> for that permission from the MTA.
>
> The only things that leap to mind are canonicalization issues, which
> would be related to the way the content was provided to the filter and/or
> the library and not related to the format being used.
>
> The same canonicalization and hash generation code is used during signing
> and verifying, so processing is symmetric.
>
> I'm inclined to think some agent positioned between the signer and the
> verifier is doing something funky with HTML email.
Ok. I do see they have their own AV scanner we don't normally use with
Zimbra:
X-Cyberoam-smtpxy-version: 1.0.6.3
X-Cyberoam-AV-Policy: wlasne_nie_skanuj
Perhaps that is what is doing it.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Received on Mon Dec 03 2012 - 20:08:45 PST