Closed
Bug 657399
Opened 13 years ago
Closed 3 years ago
Mozilla list server should rewrite (or remove) DKIM headers, if it modifies the body (or headers) of the message
Categories
(Infrastructure & Operations :: Infrastructure: Mail, task)
Infrastructure & Operations
Infrastructure: Mail
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: ehsan.akhgari, Unassigned)
Details
Otherwise, messages with valid DKIM headers which are forwarded through our list server could be misclassified as spam because of having invalid DKIM headers. This happens when posting to the lists from gmail for example.
Comment 2•13 years ago
|
||
Note that DKIM signatures are calculated based on some headers and the body. So, changing headers might be the culprit, too. I performed a couple of tests, minimizing a failing message. Even after removing the "plaintext signature" (the trailing 4 lines with the listname and link to mailman), the DKIM signature verification still failed. As a next test, I asked Ehsan to send me a minimal test message from gmail. What I received was a multipart (html, plain) message. However, the messages frmo Ehsan distributed by the mailinglist are plain, only. I suspect that mailman stripped away the html part, and resent only the plain part, and obviously modified both the body and the content-type/-encoding headers. ... Related: jcranmer on IRC said: "there is apparently a config in mailman that can tell it to strip DKIM headers" Also, he gave me a link to this bug: https://bugs.launchpad.net/mailman/+bug/557493
Updated•13 years ago
|
Summary: Mozilla list server should rewrite DKIM headers because it modifies the body of the message → Mozilla list server should rewrite (or remove) DKIM headers, if it modifies the body (or headers) of the message
Comment 4•13 years ago
|
||
I think we should go for the hotfix to strip the header. A complete solution would require to "verify signature", remember status, check if rewrite message is necessary. if no rewrite necessary, keep the dkim. Else: strip dkim, if there was a valid signature, produce a new dkim signature. Until we have that, we should strip.
Comment 5•13 years ago
|
||
Please let me add, my hosted spam filter service sends bounces to mozilla.org, most likely because of this bug. The result is that lists.mozilla.org notifies me every couple of days, and requests me to confirm I want to remain as a subscriber.
Comment 6•13 years ago
|
||
It appears that Gmail has become more aggreessive with its warnings. see example: http://img815.imageshack.us/img815/2568/gmailwarning.png
Comment 7•13 years ago
|
||
Interesting. I just started seeing "via lists.mozilla.org" in Gmail, but I haven't seen the stronger "may not have been sent by" warning yet. http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=1311182
Updated•13 years ago
|
Assignee: justdave → rbryce
Comment 8•13 years ago
|
||
If you're using mailman, the following might be sufficient to fix this bug: in /etc/mailman/mm_cfg.py add this line: REMOVE_DKIM_HEADERS = Yes
Comment 9•12 years ago
|
||
>
> in /etc/mailman/mm_cfg.py
> add this line:
>
> REMOVE_DKIM_HEADERS = Yes
What do you think about this proposal?
Updated•12 years ago
|
Component: Server Operations → Server Operations: Infrastructure
Updated•12 years ago
|
Assignee: rbryce → server-ops-infra
OS: Mac OS X → All
QA Contact: mrz → jdow
Hardware: x86 → All
Updated•12 years ago
|
Assignee: server-ops-infra → limed
Updated•11 years ago
|
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
Updated•11 years ago
|
Component: Infrastructure: Other → Infrastructure: Mail
QA Contact: jdow → limed
Updated•3 years ago
|
Assignee: limed → infra
QA Contact: limed → cshields
Comment 10•3 years ago
|
||
Since mailman has been decom'ed, this bug has no more relevance.
Other DKIM bugs cover other parts of the mail infra, so I think this is a standalone closeout.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•