well, and here we are back at the bad or non existing maintainance state of dbmail: configure: error: Unable to locate gmime development files
[builduser@testserver:~]$ rpm -qa | grep gmime gmime-devel-3.0.5-1.fc27.20180421.rh.x86_64 gmime-3.0.5-1.fc27.20180421.rh.x86_64 Am 21.04.2018 um 12:35 schrieb Reindl Harald: > the header mangeling is gmime > https://bugzilla.gnome.org/show_bug.cgi?id=776825 > ftp://ftp.gnome.org/pub/GNOME/sources/gmime/3.0/ > > DKIM verifyication/scoring normally happens before dbmail-lmtpd and > forwardings should also not touch the spilt/reconstruct code > > as far as i can see the GPG breakage happens around the "signature.asc" > with different types of new-lines and headers are typicall not part of > the gpg-signature > > aynways, any difference between the inbound message and what you get > back from dbmail is harmful except the headers aded by lmtpd itself on > top (which was also wrong, Return-Path before the patch i requested > where on bottom while every hop touching a mail is supposed to add his > headers on top and don't touch any present headers) > > Am 21.04.2018 um 11:01 schrieb Casper Langemeijer: >> I fired up my facebook account, and added a few email addresses to send >> mails to my accounts. I found that mails sent to my gmail account >> directly differ from the mails I receive with my dbmail server in one >> important way: The 'Content-Type; header has a different format. >> >> Sent (and received with gmail): >> Content-Type: multipart/alternative; >> boundary="b1_67a90b8ff6c9e9d71d8464cdb1c370fc" >> >> As received with a mail client through dbmail: >> Content-Type: multipart/alternative; >> boundary=b1_a639100bff13cf3e25a329d562f419ee >> >> The difference: It's originally sent as single-line header, but dbmail >> touches it and reformats it. Removing the quotes and making it a >> multi-line header. >> >> For DKIM I know this is a problem. Facebook (and most other senders) >> sends DKIM signatures with the h parameter set to >> 'Date:To:Subject:From:MIME-Version:Content-Type'. This means that the >> signature is calculated on the body and these headers. Therefore any >> modifications to these headers are an alteration of the message and >> cause DKIM to fail. >> >> I can imagine this could possibly break PGP/MIME, if it checks the >> integrity in a similar way. >> >> >> On Fri, Apr 20, 2018 at 6:14 PM Casper Langemeijer >> <cas...@langemeijer.eu <mailto:cas...@langemeijer.eu>> wrote: >> >> I'm not sure this is related, and I probably should investigate >> further before posting this here, but in my setup, dbmail seems to >> break DKIM signatures. >> >> I've seen that mails from booking.com <http://booking.com> and >> facebook.com <http://facebook.com> have broken DKIM signatures >> according to google's gmail, when forwarded by my mailserver. This >> happens both for mail I forward to a gmail mail address, and email >> that POPped by gmail. (Where forwarded mail doesn't get delivered >> because of DMARC policies) >> >> As I stated, I haven't really investigated, but this could be caused >> by dbmail doing any kind of 'normalization' on mail message headers. >> >> Does anyone here know if there an easy way to log raw incoming email >> messages for a specific user or from a specific domain? I use a >> fairly standard postfix/dbmail setup. Ideally I get to 'record' a >> DKIM-correct message, that can be fed into dbmail-lmtp for testing _______________________________________________ DBmail mailing list DBmail@dbmail.org http://lists.nfg.nl/mailman/listinfo/dbmail
