[Mailman-Users] mailman, attachment and digital sign

Marco De Rossi Marco.DeRossi at roma1.infn.it
Thu Aug 30 12:43:02 CEST 2007

I tried to turn off all "Content Filtering" but it didn't fixed the 
signature problem.
Some other suggestion?

Thanks, Marco De Rossi

On Thu, 2 Aug 2007, Brad Knowles wrote:

> On 8/2/07, Marco De Rossi wrote:
> >  We have modifed mailman so now it not add the message footer anymore.
> >  Now we still have this problem only when we send digital signed e-mail
> >  *with attachment*.
> I can see two likely possibilities:
> 	1.  The digital signature is being done against the whole message,
> 	headers included.  When the message passes through Mailman, some
> 	headers end up getting changed or added, and the signature is no
> 	longer valid.
> 	2.  Mailman is still stripping or changing some of the attachment
> 	MIME types or filenames, which causes the signature to be invalidated.
> Problem is, cryptographic signatures on messages are extremely 
> fragile.  If even the slightest thing is changed, the signature is 
> likely to be broken.  If you make the signature process more robust, 
> then you increase the possibility that an attacker could slip 
> something through that would still appear to be correct, but where 
> they've actually secretly modified something.
> Try turning off all filtering, HTML conversion, etc... within 
> Mailman.  See if that "fixes" the signature problem.  If so, then you 
> have to decide which is more important -- the signature on some 
> messages or the probability that some malware could get through the 
> system and sent out to all recipients of the list, because you'd 
> turned off the filtering.
> Unfortunately, this is a binary decision.  There is no option to 
> leave signed messages unfiltered and to apply the filtering rules 
> only to unsigned messages.  Even if there were such a method, the 
> attackers could get through by simply forging fake signatures that 
> look valid.
> -- 
> Brad Knowles <brad at shub-internet.org>, Consultant & Author
> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
> Slides from Invited Talks: <http://tinyurl.com/tj6q4>
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

More information about the Mailman-Users mailing list