Messages with DKIM-signatures that have l= tag are not fully protected. We should reject such signatures.
See opendkim-lua man page, there a functions odkim.sig_bodylength and odkim.sig_canonlength that can help with this. If sig_canonlength is less than sig_bodylength, then signature should be rejected.
Messages with DKIM-signatures that have
l=
tag are not fully protected. We should reject such signatures.See
opendkim-lua
man page, there a functionsodkim.sig_bodylength
andodkim.sig_canonlength
that can help with this. Ifsig_canonlength
is less thansig_bodylength
, then signature should be rejected.