Steffen Nurpmeso:
Wietse Venema wrote in
<4m7by01gfjzj...@spike.porcupine.org>:
|Matus UHLAR - fantomas:
|>>Matus UHLAR - fantomas:
|>>> On 17.08.22 13:45, Andy Beverley wrote:
|>>>>This is an interesting point that I hadn't thought of. I have
|>>>>smtputf8_enable set to yes, but I have just checked the remote server
|>>>>and it only shows:
|>>>>
|>>>>250-AUTH PLAIN LOGIN
|>>>>250-STARTTLS
|>>>>250 HELP
|>>>>
|>>>>So are you suggesting that what might be happening is that the email
|>>>>is being DKIM-signed as an 8-bit message (with the opendkim milter),
|>>>>and then after the signature has been added that the content is then
|>>>>altered in order to be delivered as a 7-bit message?
|>
|> On 17.08.22 10:49, Wietse Venema wrote:
|>>This has nothing to do with SMTPUTF8.
|>>
|>>You might work around this by settting
|>>
|>> disable_mime_output_conversion = yes
|>>
|>>in main.cf.
|>
|> won't this stop mail from being deliverable to the other side?
|
|Then it would have a different name.
|
|This setting has been a workaround for SMTP-based content filters
|that don't announce 8BITMIME support.
This thread is interesting to me since i have on my (too long)
to-do list the desire to write a DKIM thing (the only of those
things that i think are good ones). I wonder all the time because
RFC 6376 explicitly says
Some messages, particularly those using 8-bit characters, are subject
to modification during transit, notably conversion to 7-bit form.
Such conversions will break DKIM signatures. In order to minimize
the chances of such breakage, Signers SHOULD convert the message to a
suitable MIME content-transfer encoding such as quoted-printable or
base64 as described in [RFC2045] before signing. Such conversion is
outside the scope of DKIM; the actual message SHOULD be converted to
7-bit MIME by an MUA or MSA prior to presentation to the DKIM
algorithm.
Which is why i thought (once i looked a couple of months ago)
i _enforce_ postfix to do the conversion for me by not announcing
8BITMIME in the filter. (By then i thought something like milter
for verification and filter for generation, iirc.)
On 17.08.22 12:43, Wietse Venema wrote:
How would that help an after-filter DKIM verifier, or a DKIM verifier
that isd called from inside the filter??
I guess the point of this conversion should be to recode message before
DKIM-signing.
Yes, for outoing messages this requires one hop to a server that doesn't
announce 8bitmime and signs the message.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
