I have a problem with signing-milter (http://www.signing-milter.org) that seem to be that postfix “sabotage” the signed mail in its post-processing by doing something with the newlines.
the “nob.eml” is signed with the following command:
signing-milter -g postfix -m /var/secure_files/cert/signers.cdb -s inet:9991 -t
60 -u postfix &>/dev/null </dev/null &
the “withb.eml” is signed with the following command:
signing-milter -g postfix -m /var/secure_files/cert/signers.cdb -s inet:9991 -t
60 -u postfix –b &>/dev/null </dev/null &
the B flag is described as:
-b
Causes signing-milter to not break headerlines after a ; Header
lines moved inside a mime-container while signing must not be
longer then 76 characters. This switch disables the autobreak
before signing.
The strange thing is that “nob.eml” does not validate (error message: Tampered
content)
And “withb.eml” does validate successfully, however Outlook seem to first mark
withb.eml as “invalid certificate” but like 10 seconds later, its marked as
valid. (guess this comes from downloading the CRL’s)
I guess nob.eml does not validate due to postfix post-processing the message in
some way?
The only milter after is OpenDKIM, but I have also tested with the OpenDKIM
milter removed (so the signing-milter comes last in chain), but still same
validation error (Message is tampered) comes up in both outlook and windows
live mail when no “-b” flag is used.
Best regards, Sebastian Nielsen--- Begin Message ---test
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
--- Begin Message ---test
Description: S/MIME cryptographic signature
--- End Message ---
smime.p7s
Description: S/MIME cryptographic signature
