On Sat, 2011-03-05 at 05:28 +0100, Karsten Bräckelmann wrote: > On Fri, 2011-03-04 at 21:44 -0600, Chris Pollock wrote: > > Two posts from the same person, one hits on the short circuit rule the > > other doesn't. The line in my dkimwhitelist.cf is: > > > > whitelist_from_dkim ellisf...@embarqmail.com > > > > Headers from one that did hit and one that didn't are posted here: > > > > http://pastebin.com/j0j4pFb1 > > > > Anyone see a reason for this? > > Not a DKIM expert, by far, so I might assume something stupid. But a > naive approach to the DKIM-Signature header with the h= option would > suggest the To header is a vital element of the signing. > > Well, comparing the headers side-by-side, after adding a bunch of > newlines, flipping back and forth, there is one striking difference. > > The one that was NOT whitelisted has a To header like this: > > To: [...], @pop.embarq.synacor.com>, [...] > > Note that all addresses pruned above, for both mails, appear to be in > the valid form "bar <f...@example.com>", comma separated, EXCEPT that one > shown. Which is utterly broken. > > Some server in the chain broke the To header? > > Thanks Karsten, doing some more checking I've found the following:
In the example I posted I also see this in the To: headers when saved as a .txt file - "@pop.embarq.synacor.com>, \"ballard\", \"aajhp" <bunnysi...@aol.com>, looking at another of his posts which I'd saved because it was tagged spam I see the same thing - "@pop.embarq.synacor.com>, \"cantrell, james\", \"billybeckner\" <billybeck...@yahoo.com>, \"ballard\" <bunnysi...@aol.com>, \"aajhp" <jl...@embarqmail.com>, I have no idea where the '\' are coming from. A message hitting the short circuit rule does not have the incorrectly formatted list of addressees. I took a few minutes to look at RFC 4871 for DKIM sigs however I need to read it further to digest all that it says. For now though I think the '\' in the To: addresses and the @pop.... is somehow breaking the DKIM signature, though I may be wrong. Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11°N 97.89°W (Elev. 1092 ft)
signature.asc
Description: This is a digitally signed message part
