Murray S. Kucherawy wrote:
> On Mon, 10 Feb 2014, Lucius Rizzo wrote:
> >We are currently using Barracuda and Mailborder in a complex environment
> >as our mail filtering incoming and outgoing servers. The admin interface
> >at Barracuda allows for a disclaimer to be added to all outgoing mail.
> >
> >This however breaks DKIM as the signed email is modified post
> >delivery/signage and the verification fails. If it turn it off, it works
> >well. My current plan is to add it via milter in sendmail so that the DKIM
> >results pass.
> >
> >Is there anyone else who has come across this or know a way to avoid
> >adding it in the milter and leaving it at the outgoing MX?
>
> You can use the DKIM feature that limits the signature to cover only the
> content it saw, meaning added text won't break the signature. There's an
> obvious attack though in that someone could take a message signed as you and
> append anything they want to it, and the signature (yours) will still pass.
>
> If you really want to do this with OpenDKIM, the BodyLengthDB setting is
> what you're after. See opendkim.conf(5) for details.
Oh awesome. ATM it is undefined but the options are:
BodyLengthDB dataset
What should I set this variable to in order for disclaimer to be added
post signage?
Thank you again -- this reduces another milter I would have needed to
add to sendmail..
--
| _o _ |_)o_ _ _
|_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel
--------------------------------------
++ Perhaps no person can be a poet, or even enjoy poetry without a certain ++
++ unsoundness of mind. ++
++ -- Thomas Macaulay ++
Received on Mon Feb 10 2014 - 19:37:12 PST