[ mailman-Patches-1287546 ] Remove DomainKeys (and similar) header lines

SourceForge.net noreply at sourceforge.net
Fri Dec 16 16:16:41 CET 2005


Patches item #1287546, was opened at 2005-09-11 10:08
Message generated for change (Comment added) made by markonen
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1287546&group_id=103

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: mail delivery
Group: Mailman 2.1
Status: Closed
Resolution: Accepted
Priority: 5
Submitted By: Joe Peterson (skyrush)
Assigned to: Nobody/Anonymous (nobody)
Summary: Remove DomainKeys (and similar) header lines

Initial Comment:
This simple patch removes the header lines containing
keys used in DomainKeys (Yahoo) and DKIM.  The keys, if
left in the header, will make the email seem forged or
altered to the recipient, since Mailman alters
header/body info.  If the keys are removed, the MTA
will generate new keys (if this is installed on the host).

-Joe


----------------------------------------------------------------------

Comment By: Marko Karppinen (markonen)
Date: 2005-12-16 17:16

Message:
Logged In: YES 
user_id=1406492

I think this is problematic. For intra-organizational lists, removing the 
DomainKeys header works as advertised. However, if a person from a 
DomainKeys-enabled domain posts onto an external list, there is a potential 
for error.

If the sender's domain's DomainKeys settings specify that the domain does 
not send unsigned mail, external MTAs can and will drop an email from that 
domain if the DomainKeys headers are removed.

To make DomainKeys work with mailman as expected, admins have two 
possibilities:
1) Deliver the message as-is, without modifying the Subject header or 
message body (or any header indicated to be signed). The original 
DomainKeys signature will then work.
2) If modifying the message is necessary, the mailing list will have to rewrite 
the From: header in order not to claim that the message originated in the 
DomainKeys -protected sender domain.

Removing the DomainKeys header will only be relevant in the case 2) above. 
For 1) -- the preferred solution for many lists -- it is actively harmful. 
Therefore, automatically removing the DomainKeys header is NOT the way to 
go.

----------------------------------------------------------------------

Comment By: Barry A. Warsaw (bwarsaw)
Date: 2005-09-13 00:59

Message:
Logged In: YES 
user_id=12800

Applied to both Mailman 2.1 branch and trunk (2.2)


----------------------------------------------------------------------

Comment By: Joe Peterson (skyrush)
Date: 2005-09-11 10:09

Message:
Logged In: YES 
user_id=738814

Attached is the patch.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1287546&group_id=103


More information about the Mailman-coders mailing list