[Mailman-Users] mailman, attachment and digital sign

Brad Knowles brad at shub-internet.org
Thu Aug 2 23:47:20 CEST 2007

On 8/2/07, Marco De Rossi wrote:

>  We have modifed mailman so now it not add the message footer anymore.
>  Now we still have this problem only when we send digital signed e-mail
>  *with attachment*.

I can see two likely possibilities:

	1.  The digital signature is being done against the whole message,
	headers included.  When the message passes through Mailman, some
	headers end up getting changed or added, and the signature is no
	longer valid.

	2.  Mailman is still stripping or changing some of the attachment
	MIME types or filenames, which causes the signature to be invalidated.

Problem is, cryptographic signatures on messages are extremely 
fragile.  If even the slightest thing is changed, the signature is 
likely to be broken.  If you make the signature process more robust, 
then you increase the possibility that an attacker could slip 
something through that would still appear to be correct, but where 
they've actually secretly modified something.

Try turning off all filtering, HTML conversion, etc... within 
Mailman.  See if that "fixes" the signature problem.  If so, then you 
have to decide which is more important -- the signature on some 
messages or the probability that some malware could get through the 
system and sent out to all recipients of the list, because you'd 
turned off the filtering.

Unfortunately, this is a binary decision.  There is no option to 
leave signed messages unfiltered and to apply the filtering rules 
only to unsigned messages.  Even if there were such a method, the 
attackers could get through by simply forging fake signatures that 
look valid.

Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

More information about the Mailman-Users mailing list