[ mailman-Bugs-1085651 ] Broken PGP/MIME signature of messages with attachments

SourceForge.net noreply at sourceforge.net
Sat Mar 17 05:52:26 CET 2007

Bugs item #1085651, was opened at 2004-12-15 18:54
Message generated for change (Comment added) made by sjlongland
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: mail delivery
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Etienne M. Gagnon (egagnon)
Assigned to: Nobody/Anonymous (nobody)
Summary: Broken PGP/MIME signature of messages with attachments

Initial Comment:

When I send a PGP/MIME signed message *with*
attachments (in addition to the PGP signature) to a
Mailman-based mailing list, Firefox/Enigmail fails to
verify the signature of the message forwarded by mailman.

I have uploaded an example message with a broken
signature as attachment to this bug.

You can also see how Mailman's automatic archives don't
even handle such messages correctly by looking at how
it archived that message at:


I've looked in the bugs database and found that a
somewhat related problem was reported a while ago, but
note that the current bug is different.  The original
bug was about PGP/MIME signed messages without
attachments that were handled incorrectly by Enigmail.
 This one is about messages with attachments, and it is
likely that the bug is Mailman's, at least accroding to
the reply I got in:


Thanks for your help (and for the magnificient software)!



Comment By: Stuart Longland (sjlongland)
Date: 2007-03-17 14:52

Logged In: YES 
Originator: NO

I'm noticing this behaviour myself on a mailing list I set up for a group
at uni.

HTML emails signed using PGP/MIME and plaintext emails with attachments,
both fail signature tests when checked in Enigmail (20060110) on
Thunderbird (20070310).

I'm running Mailman 2.1.9_rc1 (Gentoo ebuild) on Linux, with the Qmail


Comment By: Magnus Holmgren (proffe)
Date: 2006-05-11 20:02

Logged In: YES 

This is a duplicate of bug #815297.


Comment By: Bas Wijnen (shevek)
Date: 2005-03-20 23:51

Logged In: YES 

That function does indeed not conserve whitespace.  E-mail
doesn't say whitespace in headers (or even the message) must
be preserved, so strictly speaking it's not a bug.  However,
it is a missing feature, and I think python is the place to
implement it, not mailman.

The point is that signed e-mails with attachments are sent
as two parts: One which is a complete e-mail by itself, and
one which holds the signature for that e-mail.  This is
because in attachments whitespace must be preserved (as
opposed to the situation in the message itself).

It would be very convenient if such e-mail can be handled by
python programs without rewriting the things which work fine
for non-signed e-mails.  If the attachment is really
changed, of course the signature will be broken.  However,
if it is not, it should not be hard to write out the same
message (with whitespace preserved) as was read in.  If this
is not possible, it is quite hard to do it in the program,
as python doesn't seem to support loading a part of an
e-mail which has headers of its own as a binary attachment
(without touching whitespace, in particular).


Comment By: Jonas Berlin (xkr47)
Date: 2005-03-19 22:21

Logged In: YES 

from python's Message.py:

    def _get_params_preserve(self, failobj, header):
        # Like get_params() but preserves the quoting of values.  BAW:
        # should this be part of the public interface?

According to my analysis of the comment, the function in question does
guarantee to preserve the header as-is, it only preserves _quoting_. Thus,
don't think we can call this a bug in python. If there's more official 
documentation elsewhere that states that it should preserve everything
then ignore this comment altogether :).

I didn't have time to grasp how mailman actually uses that Message class,

but I think mailman should be changed to use functions that don't alter
message, and/or re-implement that work according to the requirements of 
mailman (or, users of mailman :).

Anyway, an alternative could be to continue to use the Message.py
to parse the values while analyzing the contents of the message, and then

copypaste the original headers as-is after checking.

- xkr47


Comment By: Etienne M. Gagnon (egagnon)
Date: 2005-01-30 03:08

Logged In: YES 

Dear Bas,

Thanks a lot for identifying the source of this bug and
flagging an upstream bug on Python.



Comment By: Bas Wijnen (shevek)
Date: 2005-01-24 21:35

Logged In: YES 

I checked the source, and this appears to be a bug in
Python.  It can read and write e-mails, including headers,
and they are interpreted.  However, it doesn't preserve
their whitespace, which is of course fatal for pgp signatures.

The bug is filed for python here:


Comment By: Etienne M. Gagnon (egagnon)
Date: 2005-01-19 03:30

Logged In: YES 

I am attaching a screen shot of the content filtering
settings (see the options.png attachment I have added to
this bug report).  In short, content filtering is disabled,
so I don't think it is the cause of the problem. :-/



Comment By: Brad Knowles (shub)
Date: 2005-01-17 10:37

Logged In: YES 

Look at your content filter settings.  What MIME-types are you configured

to pass?  At the very least, you should be configured to pass the 



Comment By: Toni Willberg (toniw)
Date: 2005-01-08 11:23

Logged In: YES 

I can reproduce this bug also.

Here's a diff what happened to me:
diff -u mail.valid mail.invalid

 Content-Disposition: attachment;
-Content-Type: text/x-patch;
name=configure.in.pre-pkgconfig.patch; charset=UTF-8
+Content-Type: text/x-patch;
+       charset=UTF-8
 Content-Transfer-Encoding: base64

And this was _inside_ gpg-signed block.
Mailman should not alter that section at all, right?
X-Mailman-Version: 2.1.4

 Toni Willberg <toniw at iki.fi>


Comment By: Etienne M. Gagnon (egagnon)
Date: 2004-12-30 14:03

Logged In: YES 

Any update?


You can respond by visiting: 

More information about the Mailman-coders mailing list