Le 12/09/2010 13:22, Ralph Seichter a écrit :
On 12.09.10 10:46, mouss wrote:
Received headers should not be included in the DKIM signature. so
removing them won't invalidate DKIM.
If you have a look at my message which you quoted, you'll see
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=seichter.de; h=
content-transfer-encoding:content-type:content-type:in-reply-to
:references:subject:subject:mime-version:user-agent:from:from
:date:date:message-id:received:received; s=sep2010; t=
1284280386; x=1286872386; bh= [...]
hmm. my understanding of RCF 4871, section 5.5 is to avoid signing
Received. May be Mark or someone else could shed more light?
Anyway, in your case section 5.1 of the same RFC states:
INFORMATIVE IMPLEMENTER ADVICE: SUBMISSION servers should not sign
Received header fields if the outgoing gateway MTA obfuscates
Received header fields, for example, to hide the details of
internal topology.
My interpretation of this is that amavisd-new will DKIM-sign "Received:"
headers if they are present.
you can exclude Received headers:
$signed_header_fields{lc('Received')} = 0; # turn off signing of Received
see
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
for more.
Maybe there's something amiss anyway, because
"subject:subject" or "date:date" look kind of strange?
That's to prevent later insertion of new values for these.
