On Fri, 2011-03-04 at 21:44 -0600, Chris Pollock wrote:
> Two posts from the same person, one hits on the short circuit rule the
> other doesn't. The line in my dkimwhitelist.cf is:
>
> whitelist_from_dkim ellisf...@embarqmail.com
>
> Headers from one that did hit and one that didn't are posted here:
>
> http://pastebin.com/j0j4pFb1
>
> Anyone see a reason for this?
Not a DKIM expert, by far, so I might assume something stupid. But a
naive approach to the DKIM-Signature header with the h= option would
suggest the To header is a vital element of the signing.
Well, comparing the headers side-by-side, after adding a bunch of
newlines, flipping back and forth, there is one striking difference.
The one that was NOT whitelisted has a To header like this:
To: [...], @pop.embarq.synacor.com>, [...]
Note that all addresses pruned above, for both mails, appear to be in
the valid form "bar <f...@example.com>", comma separated, EXCEPT that one
shown. Which is utterly broken.
Some server in the chain broke the To header?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
