Re: Disclaimer added post signing

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 10 Feb 2014 11:25:46 -0800 (PST)

On Mon, 10 Feb 2014, Lucius Rizzo wrote:
> We are currently using Barracuda and Mailborder in a complex environment
> as our mail filtering incoming and outgoing servers. The admin interface
> at Barracuda allows for a disclaimer to be added to all outgoing mail.
>
> This however breaks DKIM as the signed email is modified post
> delivery/signage and the verification fails. If it turn it off, it works
> well. My current plan is to add it via milter in sendmail so that the
> DKIM results pass.
>
> Is there anyone else who has come across this or know a way to avoid
> adding it in the milter and leaving it at the outgoing MX?

You can use the DKIM feature that limits the signature to cover only the
content it saw, meaning added text won't break the signature. There's an
obvious attack though in that someone could take a message signed as you
and append anything they want to it, and the signature (yours) will still
pass.

If you really want to do this with OpenDKIM, the BodyLengthDB setting is
what you're after. See opendkim.conf(5) for details.

-MSK
Received on Mon Feb 10 2014 - 19:26:05 PST

This archive was generated by hypermail 2.3.0 : Mon Feb 10 2014 - 19:36:01 PST