Re: On DKIM and Content-Transfer-Encoding

Sun, 29 Jun 2014 05:22:25 -0700 

Mauricio Tavares:
> [<-] 220 mail.domain.com Test Mail Server
> [->] HELO raub.internal.domain.com
> [<-] 250 mail.domain.com
> [->] MAIL FROM:<r...@desktop.internal.domain.com>

You send HELO. That means you can only send 7-bit ASCII email.
Please read RFC 5321 for the 7-bit requirement of SMTP.

In order to send 8BIT mail over SMTP, the client must announce that
it supports ESMTP, the server must announce that it supports 8BITMIME,
and the client must issue the 8BITMIME parameter in the MAIL FROM
command.

Please read RFC 1869 for how to negotiate ESMTP.
Please read RFC 1652 for how to negotiate 8BITMIME.

> > As required by the MIME RFCs, an MTA must either bounce mail or
> > convert it to quoted-printable when it needs to deliver 8BITMIME
> > mail to an SMTP server that does not announce 8BITMIME support.
> >
> > DKIM signatures of 8BITMIME mail may break unless all SMTP servers
> > in the path implement and announce 8BITMIME support. Otherwise, it
> > is better to down-convert to quoted-printable before DKIM signing.
> >
>       Can I down-convert the email in postfix before DKIM signing? I
> believe some email clients using this server are sending 8BITMIME
> emails without a properly created MAIL FROM command line. Since I
> cannot do the right thing and correct that at the MUA side, I would
> like to do the next best thing.

You can force downconversion with a null content filter and by
suppressing or ignoring the 8BITMIME server announcement.

Untested example:

/etc/postfix/master.cf:
    smtp .. .. .. .. .. .. .. smtpd
        -o content_filter=dummy:127.0.0.1:12345

    dummy .. .. .. .. .. .. .. smtp
        -o smtp_discard_ehlo_keywords=8bitmime,silent-discard

    127.0.0.1:12345 .. .. .. .. .. .. .. smtpd
        -o smtpd_authorized_xforward_hosts=127.0.0.1
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_relay_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject

Once mail is received with the 127.0.0.1:12345 SMTP server, it will
have been down-converted, provided that it was formatted properly,
and that the proper ESMTP commands were used.

        Wietse

Reply via email to