Messages with DKIM-signatures that have l= tag are not fully protected. We should reject such signatures.
See opendkim-lua man page, there a functions odkim.sig_bodylength and odkim.sig_canonlength that can help with this. If sig_canonlength is less than sig_bodylength, then signature should be rejected.
Messages with DKIM-signatures that have
l=tag are not fully protected. We should reject such signatures.See
opendkim-luaman page, there a functionsodkim.sig_bodylengthandodkim.sig_canonlengththat can help with this. Ifsig_canonlengthis less thansig_bodylength, then signature should be rejected.