amavisd-new 2.7.1 , dkim-adsp=pass

Mark Martinec Mark.Martinec+amavis at ijs.si
Wed May 23 20:44:20 CEST 2012


Steve,

> > If you have it configured to modify a Subject, it will do so regardless
> > of whether this header field was signed or not. And yes, this will break
> > subsequent DKIM tests, so it is prudent to tag a subject close to a final
> > delivery, where no further sw components will be re-examining the
> > signature.
> 
> this was not exactly my question.

I think it was.

> My question is more going in this direction:
> 
> * Domain A sings all their outbound mail with DKIM.
> * User form domain A sends mail to Domain B.
> * Mail server running at domain B uses amavisd-new to verify signatures and
> uses SA within amavisd-new. * The SA code thinks that the message from
> domain A is spam and the subject gets rewritten. * Domain A however sings
> their subject.
> 
> Result is that DKIM is broken after the subject has been tagged. Right?

Yes, but nobody should be re-checking the signature once the message
is in the mailbox (there are other manglings done by MUA, for example
kmail is notorious for such). The amavisd, and SpamAssassin, and some
potential pre-queue milter like OpenDKIM will see the orginal message
*before* it is being re-written. Also the Authentication-Results header
field is being added at that point, and will properly reflect the
validity of a signature. A MUA (if it wants to bother with DKIM)
should only be checking the Authentication-Results from its MUA.

  Mark



More information about the amavis-users mailing list