How to use openssl smine sign the email body only

anyegongjue kerry-fly at 163.com
Thu Jul 11 07:05:50 UTC 2019


Hi there,

I created a script to use "openssl smine" to sign emails in Postfix. 

The script is running the command below.

openssl smime -sign -signer /etc/letsencrypt/live/mail.xxx.xxx/cert.pem
-inkey /etc/letsencrypt/live/mail.xxx.xxx/privkey.pem -in $MESSAGEFILE -out
$OUTFILE || { echo Problem signing message; exit $EX_UNAVAILABLE; }

The $MESSAGEFILE is email content and $OUTFILE stores the output signed
email file. The script is running without any problem and email can be sent
to mail box. But the problem is smine signed the whole email included the
existing headers. 

So is there a way to let smine only sign the email body?

Here is the email signed by smine.

*Received: from mail.xxx.xxx (unknown [xxx.xxx.xxx.xxx])
	by mx21 (Coremail) with SMTP id R8CowACXTp+M2CZdostiCQ--.63511S3;
	Thu, 11 Jul 2019 14:34:56 +0800 (CST)
Received: from mail.xxx.xxx (localhost [127.0.0.1])
	by mail.xxx.xxx (Postfix) with ESMTP id A0C2AC149A0
	for <receiver at email.com>; Thu, 11 Jul 2019 16:34:48 +1000 (AEST)
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg="sha-256"; boundary="----B0D2B6501759DF22E6B9827580C1C8D1"
X-CM-TRANSID:R8CowACXTp+M2CZdostiCQ--.63511S3
Message-Id:<5D26D898.876B91.32184 at m12-71.email.com>
Authentication-Results: mx21; spf=pass smtp.mail=sender at email.com
	soft.com.au;
X-Coremail-Antispam: 1Uf129KBjvJXoWxWr47KFW7ArW5JF4UurW8Crg_yoW5Ar1kpF
	W2g3sFkr1kZF1Iyas7ArW8WrySvrn8Kr48Gw1DK3yUAws8uryjkF1rtw4UKa9rGFWxX3yY
	ga1jqasruFZ0qrJanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jmc_fUUUUU=
Date: Thu, 11 Jul 2019 14:35:04 +0800 (CST)
From: email_marketing at xxx.xxx

This is an S/MIME signed message

------B0D2B6501759DF22E6B9827580C1C8D1*
Received: from localhost (localhost [127.0.0.1])
	by mail.xxx.xxx (Postfix) with ESMTP
	for <receiver at email.com>; Thu, 11 Jul 2019 16:34:48 +1000 (AEST)
X-Virus-Scanned: amavisd-new at xxx.xxx
Received: from mail.xxx.xxx ([127.0.0.1])
	by localhost (mail.xxx.xxx [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id HpBOnD__tFYe for <receiver at email.com>;
	Thu, 11 Jul 2019 16:34:47 +1000 (AEST)
Received: from XXXMail (unknown [52.65.226.31])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: email_marketing at xxx.xxx)
	by mail.xxx.xxx (Postfix) with ESMTPSA id 2A4DBC149A2
	for <receiver at email.com>; Thu, 11 Jul 2019 16:34:47 +1000 (AEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.xxx.xxx 2A4DBC149A2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxx.xxx;
	s=default; t=1562826887;
	bh=zEHSRite2Oj6+gkb5XLOEibTqoyx4wfkxFvtHbrgboU=;
	h=Date:To:From:Reply-To:Subject:List-Unsubscribe:List-Owner:From;
	b=Zo7Rkn89Oe8ekeFfgvtJa/KHdIyI1NeZzyL7XQ8g7c4VIWTVOJC813l44rwAUje08
	 XSnf9HLzrJy4I4suANkrmXNIF6w/UEZ/S1+qoydQE2kmlDql3p9hWDN4t4roGcCrrB
	 wDgdcY4vgvld1kjh6a/sggmr4BiKG4LY0g5OfeqjxX22g1anWCY5fBB6LHrJrmR48V
	 N2eQE+CRJED2ZHjC+rhf83aD4h81jt6OhVNwuIMR2nlMBBdcegibfqCw6lMd3eZrLE
	 iGgHZ6dX/TrU/TZP7rC0B9IvXKcGbfIrw1KZ71McSiVw5U+JtZqa77YT9PErWj5KnS
	 t+J4FVB37jpMA==
Received: from localhost [127.0.0.1] by  with HTTP; Thu, 11 Jul 2019
16:34:47 +1000
Date: Thu, 11 Jul 2019 16:34:47 +1000
To: Kerry Fly <receiver at email.com>
From: email_marketing at xxx.xxx
Reply-To: email_marketing at xxx.xxx
Subject: New T-shirt arrived
Message-ID: <ORDt9z28HeX7Kjig9mfHqz3QrAshMFkHNSeHdTELDY at XXXMail>
X-Mailer: XXXMailer
X-MessageID: ABsLBhQBCAA
X-ListMember: receiver at email.com
Precedence: bulk
List-Unsubscribe:
<http://xxx.xxx/email_marketing/email_marketing_subscribers/unsubsc
 ribe/ABsLBhQBCAA>
List-Owner: <mailto:email_marketing at xxx.xxx>
Error-To: email_marketing_bounce at xxx.xxx
Bounces-To: email_marketing_bounce at xxx.xxx
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_ORDt9z28HeX7Kjig9mfHqz3QrAshMFkHNSeHdTELDY"

This is a multi-part message in MIME format.
--b1_ORDt9z28HeX7Kjig9mfHqz3QrAshMFkHNSeHdTELDY
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

View in browser
ConfigurationSession configuration is stored in=C2=A0Configur=
e=C2=A0under the top level=C2=A0Session=C2=A0key, and a number of options a=
re available:Session.cookie=C2=A0- Change the name of the session cookie.Se=
ssion.timeout=C2=A0- The number of=C2=A0minutes=C2=A0before CakePHP=
=E2=80=99s session handler expires the session. ...
For more information about and how to integrate it inside your applications=
MADE BY ARTUR ARSENIEVClick here to unsubscribe.
--b1_ORDt9z28HeX7Kjig9mfHqz3QrAshMFkHNSeHdTELDY
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

=09=09=09=09=09=09<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01
Transitional=
//EN" "http://www.w3.org/TR/html4/loose.dtd">
=09=09=09=09=09=09<html xmlns=3D"http://www.w3.org/1999/xhtml" xmlns:v=3D"u=
rn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:o=
ffice">
=09=09=09=09=09=09=09<head>
=09=09=09=09=09=09=09=09
=09=09=09=09=09=09=09=09<meta http-equiv=3D"Content-Type" content=3D"text/h=
tml; charset=3DUTF-8" />
=09=09=09=09=09=09=09=09<meta name=3D"viewport" content=3D"width=3Ddevice-w=
idth, initial-scale=3D1" />
=09=09=09=09=09=09=09=09<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=
=3Dedge" />
=09=09=09=09=09=09=09=09<meta name=3D"format-detection" content=3D"telephon=
e=3Dno" />
=09=09=09=09=09=09=09=09<meta name=3D"format-detection" content=3D"date=3Dn=
o" />
=09=09=09=09=09=09=09=09<meta name=3D"format-detection" content=3D"address=
=3Dno" />
=09=09=09=09=09=09=09=09<meta name=3D"format-detection" content=3D"email=3D=
no" />

=09=09=09=09=09=09=09=09
=09=09=09=09=09=09=09</head>
=09=09=09=09=09=09=09<body marginwidth=3D"0"
marginheight=3D"0" style=3D"ma=
rgin-top: 0; margin-bottom: 0; padding-top: 0; padding-bottom: 0; width: 10=
0%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%;"
offset=3D"=
0" topmargin=3D"0" leftmargin=3D"0">

...</body></html>

--b1_ORDt9z28HeX7Kjig9mfHqz3QrAshMFkHNSeHdTELDY--


------B0D2B6501759DF22E6B9827580C1C8D1
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIIFAYJKoZIhvcNAQcCoIIIBTCCCAECAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggVmMIIFYjCCBEqgAwIBAgISA2D+gfTao7ImMR5FeJceYRQOMA0G
CSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy
...
DXxa77+7AlgOHRJnW0wnk4kUCKTkH74vD8s0TpPsrc7qKZlHLjQO/tkoa/Ea1ogD
kzryl95Vwls=

*------B0D2B6501759DF22E6B9827580C1C8D1--*



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html


More information about the openssl-users mailing list