search

trusteddomainproject / OpenDKIM

Other
97 stars 52 forks source link

Clarify how not to break signatures in sendmail when relaying emails #17

Closed dilyanpalauzov closed 6 years ago

dilyanpalauzov commented 6 years ago

This is an updated copy of https://sourceforge.net/p/opendkim/patches/40/.

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -4,6 +4,8 @@ This listing shows the versions of the OpenDKIM package, the date of
 release, and a summary of the changes in that release.

 2.11.0         2018/05/31
+       opendkim/README: Clarify for the send+verify mode how to tweak
+               sendmail not to break signatures.
        Add support for ED25519 keys.
        Add "header.s" and "header.a" in generated Authentication-Results
                header fields.
diff --git a/opendkim/README b/opendkim/README
--- a/opendkim/README
+++ b/opendkim/README
@@ -160,7 +160,38 @@ start at step (5).
         socket specification:
            INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')

-    (c) Rebuild your sendmail.cf in the usual way
+    (c) When the MTA will be used for relaying emails, e.g. delivering to other
+        hosts using the aliases mechanism, it is important not to break
+        signatures inserted by the original sender, in particular when the
+        sending domain published p=reject; DMARC policy.  By default, sendmail
+        adds quotes to address headers, when there are no quotes and the
+        display-part of the address contains fullstop or apostrophe,
+        invalidating any DKIM signatures contained in the message.  To tell
+        sendmail not to modify the headers insert in sendmail.mc:
+           conf(`confMUST_QUOTE_CHARS', `')
+
+    (d) As stated in sendmail's KNOWNBUGS file, sendmail truncates
+        header-values longer than 256 characters, which could mean truncating
+        the domain of a long From:-header-value and invaldating the signature.
+        Consider increasing MAXNAME in sendmail/conf.h to mitigate changing
+        the messages and invalidating their signatures.  This change requires
+        recompiling sendmail.
+
+    (e) Beware that when sendmail receives the header:
+
+To: Aaaaaaaaaaaaaaaaaa aaaaaaaaaaa aaaaaaaaaaaa <a@example.org>,Bbbbbbbbbbbbbbbbbb b <b@example.org>
+Message-ID: <fsdfsdlkdfsalkakldsafkadlsf@aegee.org>
+
+        it will send it unmodified to the milter and later rewrite it to:
+
+To: Aaaaaaaaaaaaaaaaaa aaaaaaaaaaa aaaaaaaaaaaa <a@example.org>,
+        Bbbbbbbbbbbbbbbbbb b <b@example.org>
+
+        After the comma a new line and eight spaces were inserted.  The
+       insertion of white space characters (during folding) breaks the DKIM
+       signature.
+
+    (f) Rebuild your sendmail.cf in the usual way

     For Postfix:

@@ -272,6 +303,17 @@ your sendmail.mc file:

        define(`confSEVEN_BIT_INPUT',true)dnl

+However, the aforementioned tweak changes the byte sequence C2 A0 (NO BREAK
+SPACE) into "B ", altering what is displayed to the final user. In practice,
+when the server running OpenDKIM is used just for relaying email in terms of
+aliases, having mailboxes hosted somewhere else, relayed messages are
+displayed correctly to the final user only when the tweak is not made.
+
+The further, when openDKIM is used both to sign and verify signatures, a set
+confSEVER_BIT_INPUT invalidates the signature added by the original sender.
+If the MTA connected to OpenDKIM is used to relay messages, e.g. as aliases,
+and the origianl sender set p=reject; DMARC policy, then the adjustment is
+counterproductive.

 TESTING
 =======
mskucherawy commented 6 years ago

This is good info, thanks! I'm going to edit it a bit and commit something shortly.