Steffen Nurpmeso:
> Hello.
>
> Wietse Venema wrote in
> <4m7by01gfjzj...@spike.porcupine.org>:
> |Matus UHLAR - fantomas:
> |>>Matus UHLAR - fantomas:
> |>>> On 17.08.22 13:45, Andy Beverley wrote:
> |>>>>This is an interesting point that I hadn't thought of. I have
> |>>>>smtputf8_enable set to yes, but I have just checked the remote server
> |>>>>and it only shows:
> |>>>>
> |>>>>250-AUTH PLAIN LOGIN
> |>>>>250-STARTTLS
> |>>>>250 HELP
> |>>>>
> |>>>>So are you suggesting that what might be happening is that the email
> |>>>>is being DKIM-signed as an 8-bit message (with the opendkim milter),
> |>>>>and then after the signature has been added that the content is then
> |>>>>altered in order to be delivered as a 7-bit message?
> |>
> |> On 17.08.22 10:49, Wietse Venema wrote:
> |>>This has nothing to do with SMTPUTF8.
> |>>
> |>>You might work around this by settting
> |>>
> |>> disable_mime_output_conversion = yes
> |>>
> |>>in main.cf.
> |>
> |> won't this stop mail from being deliverable to the other side?
> |
> |Then it would have a different name.
> |
> |This setting has been a workaround for SMTP-based content filters
> |that don't announce 8BITMIME support.
>
> This thread is interesting to me since i have on my (too long)
> to-do list the desire to write a DKIM thing (the only of those
> things that i think are good ones). I wonder all the time because
> RFC 6376 explicitly says
>
> Some messages, particularly those using 8-bit characters, are subject
> to modification during transit, notably conversion to 7-bit form.
> Such conversions will break DKIM signatures. In order to minimize
> the chances of such breakage, Signers SHOULD convert the message to a
> suitable MIME content-transfer encoding such as quoted-printable or
> base64 as described in [RFC2045] before signing. Such conversion is
> outside the scope of DKIM; the actual message SHOULD be converted to
> 7-bit MIME by an MUA or MSA prior to presentation to the DKIM
> algorithm.
>
> Which is why i thought (once i looked a couple of months ago)
> i _enforce_ postfix to do the conversion for me by not announcing
> 8BITMIME in the filter. (By then i thought something like milter
> for verification and filter for generation, iirc.)
How would that help an after-filter DKIM verifier, or a DKIM verifier
that isd called from inside the filter??
Wietse
