You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
diff --git a/RELEASE_NOTES b/RELEASE_NOTES--- a/RELEASE_NOTES+++ b/RELEASE_NOTES@@ -4,6 +4,8 @@ This listing shows the versions of the OpenDKIM package, the date of
release, and a summary of the changes in that release.
2.11.0 2018/05/31
+ opendkim/README: Clarify for the send+verify mode how to tweak+ sendmail not to break signatures.
Add support for ED25519 keys.
Add "header.s" and "header.a" in generated Authentication-Results
header fields.
diff --git a/opendkim/README b/opendkim/README--- a/opendkim/README+++ b/opendkim/README@@ -160,7 +160,38 @@ start at step (5).
socket specification:
INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')
- (c) Rebuild your sendmail.cf in the usual way+ (c) When the MTA will be used for relaying emails, e.g. delivering to other+ hosts using the aliases mechanism, it is important not to break+ signatures inserted by the original sender, in particular when the+ sending domain published p=reject; DMARC policy. By default, sendmail+ adds quotes to address headers, when there are no quotes and the+ display-part of the address contains fullstop or apostrophe,+ invalidating any DKIM signatures contained in the message. To tell+ sendmail not to modify the headers insert in sendmail.mc:+ conf(`confMUST_QUOTE_CHARS', `')++ (d) As stated in sendmail's KNOWNBUGS file, sendmail truncates+ header-values longer than 256 characters, which could mean truncating+ the domain of a long From:-header-value and invaldating the signature.+ Consider increasing MAXNAME in sendmail/conf.h to mitigate changing+ the messages and invalidating their signatures. This change requires+ recompiling sendmail.++ (e) Beware that when sendmail receives the header:++To: Aaaaaaaaaaaaaaaaaa aaaaaaaaaaa aaaaaaaaaaaa <a@example.org>,Bbbbbbbbbbbbbbbbbb b <b@example.org>+Message-ID: <fsdfsdlkdfsalkakldsafkadlsf@aegee.org>++ it will send it unmodified to the milter and later rewrite it to:++To: Aaaaaaaaaaaaaaaaaa aaaaaaaaaaa aaaaaaaaaaaa <a@example.org>,+ Bbbbbbbbbbbbbbbbbb b <b@example.org>++ After the comma a new line and eight spaces were inserted. The+ insertion of white space characters (during folding) breaks the DKIM+ signature.++ (f) Rebuild your sendmail.cf in the usual way
For Postfix:
@@ -272,6 +303,17 @@ your sendmail.mc file:
define(`confSEVEN_BIT_INPUT',true)dnl
+However, the aforementioned tweak changes the byte sequence C2 A0 (NO BREAK+SPACE) into "B ", altering what is displayed to the final user. In practice,+when the server running OpenDKIM is used just for relaying email in terms of+aliases, having mailboxes hosted somewhere else, relayed messages are+displayed correctly to the final user only when the tweak is not made.++The further, when openDKIM is used both to sign and verify signatures, a set+confSEVER_BIT_INPUT invalidates the signature added by the original sender.+If the MTA connected to OpenDKIM is used to relay messages, e.g. as aliases,+and the origianl sender set p=reject; DMARC policy, then the adjustment is+counterproductive.
TESTING
=======
The text was updated successfully, but these errors were encountered:
This is an updated copy of https://sourceforge.net/p/opendkim/patches/40/.
The text was updated successfully, but these errors were encountered: