At the moment, we are not sure how they are doing this.
It is showing up in RUF data and thus presented in our DMARC portal as "a new
key was identified"
We are trying to vet out how that could happen so we can close whatever gap is
allowing it
> We are trying to mimic an issue we are having with bad actors
> inserting fraudulent DKIM keys into a header in an attempt to spoof
> one of our domains.
They send email with a forged DKIM header? That requires they have a signing
key for one of your domains.
-----Original Message-----
From: Wietse Venema via Postfix-users <postfix-users@postfix.org>
Sent: Friday, March 28, 2025 4:12 PM
To: Postfix users <postfix-users@postfix.org>
Subject: [pfx] Re: insert multi-line values into header
CAUTION: This email was sent from an external sender. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
Gomes, Rich via Postfix-users:
> Asking the hive mind here...
>
> What is the best way to insert a multi-line value into a header via postfix?
Postfix does not support multiline text in parameter values, or in
header_checks/body_checks/access table actions. This prevents may opportunties
for misues (such as header CRLF injection attacks).
> We are trying to mimic an issue we are having with bad actors
> inserting fraudulent DKIM keys into a header in an attempt to spoof
> one of our domains.
They send email with a forged DKIM header? That requires they have a signing
key for one of your domains.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an
email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
