[openssl-dev] Mailman version used by OpenSSL is misconfigured and/or broken in relation to DKIM
mancha
mancha1 at zoho.com
Wed Aug 5 21:00:01 UTC 2015
On Wed, Aug 05, 2015 at 09:33:02PM +0200, Kurt Roeckx wrote:
> On Wed, Aug 05, 2015 at 04:54:57PM +0000, mancha wrote:
> >
> > I interpret the comment to mean that, because OpenSSL lists modify
> > messages (see below), they should strip DKIM headers (see above)
> > before distribution to prevent false negatives in recipient
> > implementations.
>
> Won't that always give DKIM failures instead, without also rewriting
> the From?
I'm no expert on this but I believe the answer is not always. I think it
depends on if a) the domain has an ADSP and, if it does, b) what its
signing-practice is. I just did a quick check and it seems zimbra.com
doesn't have an ADSP. Yahoo.com has an ADSP but doesn't specify all
messages will be signed (has an "unknown" tag value).
OpenSSL is certainly not alone in its practice of mangling headers and
adding body footers so I'd be curious to hear how other lists handle
domains such as yahoo.com.
--mancha (https://twitter.com/mancha140)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150805/0ccc984d/attachment.sig>
More information about the openssl-dev
mailing list